Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/NHHiweZNj5X_oEscIWqjN4fHUE8.roa
File:                     NHHiweZNj5X_oEscIWqjN4fHUE8.roa (raw, json)
Hash identifier:          MGSiZ7A04kD6SVx5EJJ9SDisYbkFZtAr2OJkCAfFB+Y=
Subject key identifier:   34:71:E2:C1:E6:4D:8F:95:FF:A0:4B:1C:21:6A:A3:37:87:C7:50:4F
Certificate issuer:       /CN=9e1aca341635166f802f98a97e00280ccee64ce2
Certificate serial:       01971A64AD041AE720FF2F36BE9249773E7A
Authority key identifier: 9E:1A:CA:34:16:35:16:6F:80:2F:98:A9:7E:00:28:0C:CE:E6:4C:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/NHHiweZNj5X_oEscIWqjN4fHUE8.roa
Signing time:             Thu 29 May 2025 04:54:54 +0000
ROA not before:           Thu 29 May 2025 04:54:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200315
IP address blocks:        91.216.13.0/24 maxlen: 24
                          138.128.224.0/22 maxlen: 24
                          2a13:90c0::/29 maxlen: 29
                          2a13:90c0::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Jun 2025 07:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1a:64:ad:04:1a:e7:20:ff:2f:36:be:92:49:77:3e:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e1aca341635166f802f98a97e00280ccee64ce2
        Validity
            Not Before: May 29 04:54:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3471e2c1e64d8f95ffa04b1c216aa33787c7504f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:88:b5:53:63:e1:4f:6f:44:c2:73:13:06:90:
                    63:db:db:18:0f:be:43:9b:8c:26:8e:fd:dd:22:2f:
                    ed:b7:b7:a8:8f:27:36:3d:cc:09:00:f3:7c:41:e9:
                    82:45:49:e5:a1:ea:e2:bb:e5:d3:29:2b:c1:9b:02:
                    03:fc:80:69:6d:9d:3c:75:74:17:af:0b:7a:10:1d:
                    85:da:f1:c3:c3:9d:4c:0f:0d:92:cf:12:bb:0f:c6:
                    33:39:21:10:2d:fc:b2:4d:c9:b3:c9:7d:55:3c:5e:
                    dd:ac:2c:6a:e4:94:c4:99:35:7e:fe:96:fb:8c:47:
                    4d:c0:7b:7e:11:88:08:3e:cf:e2:ed:90:69:b2:da:
                    da:2d:85:0c:8f:24:10:54:d5:71:c5:a7:e6:f6:cd:
                    61:fc:25:43:29:62:e2:ff:ae:95:7f:20:47:bc:e4:
                    c7:65:cf:62:1b:b4:07:32:72:38:23:80:d2:0e:33:
                    75:62:10:73:29:71:55:57:36:92:ed:e0:3e:36:d1:
                    38:9b:b3:19:ef:67:1e:cf:fa:dd:6b:f4:2f:b9:e2:
                    c4:83:10:e1:6f:18:e4:a4:f8:5e:d0:cc:52:ac:d5:
                    27:18:b3:13:65:ce:f3:db:1f:73:c2:11:f2:3c:ba:
                    49:f2:7b:4e:3c:b8:a6:a1:c1:18:d2:ac:06:a4:5b:
                    d7:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:71:E2:C1:E6:4D:8F:95:FF:A0:4B:1C:21:6A:A3:37:87:C7:50:4F
            X509v3 Authority Key Identifier:
                keyid:9E:1A:CA:34:16:35:16:6F:80:2F:98:A9:7E:00:28:0C:CE:E6:4C:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/NHHiweZNj5X_oEscIWqjN4fHUE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.13.0/24
                  138.128.224.0/22
                IPv6:
                  2a13:90c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:97:2b:b3:63:d5:11:3a:64:31:9b:0d:eb:7e:16:b4:a5:e4:
         f9:8a:77:c0:5a:2d:4c:06:30:e0:73:97:00:67:bf:fa:cb:ab:
         14:32:b9:98:b3:08:07:0c:0a:aa:49:51:c0:fd:1a:19:41:d6:
         fd:19:e0:2c:39:98:90:2a:a8:cb:7f:fc:50:01:84:cb:ad:ba:
         2e:90:14:2c:be:57:50:1e:fd:d3:d9:4c:a9:36:1d:a4:ec:f4:
         6c:06:1f:23:c7:dc:64:5d:1c:da:69:03:b6:eb:61:12:1e:3b:
         b2:ab:b6:ae:d1:3b:a8:6f:2a:c5:49:e8:4a:cf:dc:b2:55:01:
         aa:1d:93:6d:d5:b1:f3:e9:c9:44:c3:96:2d:91:21:7d:56:ab:
         ed:2c:31:0b:14:20:32:e4:7e:f7:5c:22:72:64:f6:c1:de:37:
         27:3f:73:9b:c2:57:44:91:e4:9d:62:1b:7c:6d:66:f4:78:cd:
         c8:02:1b:b8:e8:04:aa:e3:86:90:82:71:4e:8f:ba:49:c8:bc:
         64:3a:5c:71:78:95:bc:4e:86:c5:e4:ca:8d:3d:89:6f:97:a4:
         cf:ae:fb:c3:99:72:77:86:c0:e5:d9:9b:65:7e:13:97:89:52:
         4c:82:7d:73:f5:5a:27:27:e9:66:5d:b2:39:5f:6b:84:ec:36:
         e0:cc:3b:32
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZcaZK0EGucg/y82vpJJdz56MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMWFjYTM0MTYzNTE2NmY4MDJmOThhOTdlMDAyODBjY2Vl
NjRjZTIwHhcNMjUwNTI5MDQ1NDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDcxZTJjMWU2NGQ4Zjk1ZmZhMDRiMWMyMTZhYTMzNzg3Yzc1MDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Ii1U2PhT29EwnMTBpBj29sYD75D
m4wmjv3dIi/tt7eojyc2PcwJAPN8QemCRUnloeriu+XTKSvBmwID/IBpbZ08dXQX
rwt6EB2F2vHDw51MDw2SzxK7D8YzOSEQLfyyTcmzyX1VPF7drCxq5JTEmTV+/pb7
jEdNwHt+EYgIPs/i7ZBpstraLYUMjyQQVNVxxafm9s1h/CVDKWLi/66VfyBHvOTH
Zc9iG7QHMnI4I4DSDjN1YhBzKXFVVzaS7eA+NtE4m7MZ72cez/rda/QvueLEgxDh
bxjkpPhe0MxSrNUnGLMTZc7z2x9zwhHyPLpJ8ntOPLimocEY0qwGpFvX6wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDRx4sHmTY+V/6BLHCFqozeHx1BPMB8GA1UdIwQY
MBaAFJ4ayjQWNRZvgC+YqX4AKAzO5kziMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmhyS05CWTFGbS1BTDVpcGZnQW9ETTdtVE9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS83OWZiYzAtMzM1MS00ZmZmLWI5ZDUt
NzU1NjFjYmYxMDRkLzEvTkhIaXdlWk5qNVhfb0VzY0lXcWpONGZIVUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS83OWZiYzAtMzM1MS00ZmZmLWI5ZDUtNzU1NjFjYmYxMDRk
LzEvbmhyS05CWTFGbS1BTDVpcGZnQW9ETTdtVE9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW9gNAwQC
ioDgMA0EAgACMAcDBQMqE5DAMA0GCSqGSIb3DQEBCwUAA4IBAQBElyuzY9UROmQx
mw3rfha0peT5infAWi1MBjDgc5cAZ7/6y6sUMrmYswgHDAqqSVHA/RoZQdb9GeAs
OZiQKqjLf/xQAYTLrboukBQsvldQHv3T2UypNh2k7PRsBh8jx9xkXRzaaQO262ES
Hjuyq7au0TuobyrFSehKz9yyVQGqHZNt1bHz6clEw5YtkSF9VqvtLDELFCAy5H73
XCJyZPbB3jcnP3ObwldEkeSdYht8bWb0eM3IAhu46ASq44aQgnFOj7pJyLxkOlxx
eJW8TobF5MqNPYlvl6TPrvvDmXJ3hsDl2ZtlfhOXiVJMgn1z9VonJ+lmXbI5X2uE
7DbgzDsy
-----END CERTIFICATE-----
Generated at Wed Jun 11 13:37:21 2025 by rpki-client