Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/Nz5RTdbiVqvTyf1uMtVJTNrUInA.roa
File:                     Nz5RTdbiVqvTyf1uMtVJTNrUInA.roa (raw, json)
Hash identifier:          6DxKi3ibNRNUsq7DVRyyl9egdF22G2yI1jKGFf7eGvI=
Subject key identifier:   37:3E:51:4D:D6:E2:56:AB:D3:C9:FD:6E:32:D5:49:4C:DA:D4:22:70
Certificate issuer:       /CN=adac830ccaa74783dd961fab241a228d7cc6f808
Certificate serial:       019428231C69C66C45640D248A5E8935BC7D
Authority key identifier: AD:AC:83:0C:CA:A7:47:83:DD:96:1F:AB:24:1A:22:8D:7C:C6:F8:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/Nz5RTdbiVqvTyf1uMtVJTNrUInA.roa
Signing time:             Thu 02 Jan 2025 17:49:37 +0000
ROA not before:           Thu 02 Jan 2025 17:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59476
IP address blocks:        176.99.56.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 12:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:1c:69:c6:6c:45:64:0d:24:8a:5e:89:35:bc:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adac830ccaa74783dd961fab241a228d7cc6f808
        Validity
            Not Before: Jan  2 17:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=373e514dd6e256abd3c9fd6e32d5494cdad42270
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:6a:f5:72:b0:90:cf:cc:da:22:7c:ae:b4:f9:
                    df:f5:ed:f1:6b:a9:2c:b2:1b:58:c2:95:81:b2:7b:
                    69:42:ee:ab:98:18:5f:a5:a8:57:f6:3b:48:21:d2:
                    28:a4:98:5f:63:76:a4:f8:54:54:5b:17:49:5c:58:
                    21:c2:24:bb:a0:53:65:1e:ee:8c:08:ae:60:64:c9:
                    d8:ff:22:2b:f6:53:f0:1b:7f:a6:fc:53:c9:5b:ee:
                    6b:09:e5:fa:3d:05:8a:0e:9d:f6:73:be:60:d3:fa:
                    ad:b0:fb:69:33:d0:cd:48:52:47:a9:88:f4:51:6c:
                    1a:48:b1:95:f2:e4:4f:8b:cc:d8:a1:12:18:6c:87:
                    26:00:be:8d:d0:5e:71:70:34:d5:f5:78:0d:08:1f:
                    88:e5:ec:c7:a2:31:e7:18:17:8a:df:02:e5:82:8e:
                    df:94:88:13:70:6e:1a:7d:54:6c:04:77:a7:d3:04:
                    3f:05:ea:30:3d:4b:27:28:b2:af:99:2c:1f:28:79:
                    e6:a4:4b:4a:59:6f:a9:de:8a:2d:90:01:48:79:a5:
                    8f:cc:3d:68:09:93:f3:09:25:5f:9f:9e:77:74:2d:
                    61:ae:e4:5c:0b:a1:72:a9:73:cb:f2:e2:29:13:93:
                    20:71:26:a9:83:18:d8:a1:49:25:1f:85:4a:7e:1c:
                    52:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:3E:51:4D:D6:E2:56:AB:D3:C9:FD:6E:32:D5:49:4C:DA:D4:22:70
            X509v3 Authority Key Identifier:
                keyid:AD:AC:83:0C:CA:A7:47:83:DD:96:1F:AB:24:1A:22:8D:7C:C6:F8:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/Nz5RTdbiVqvTyf1uMtVJTNrUInA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.99.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         94:95:17:db:4d:c4:e2:5f:e4:c6:92:cb:16:31:fc:7b:c1:37:
         03:44:ea:23:bc:ce:4a:8a:bc:97:5f:1f:a1:c4:87:e6:ba:be:
         9e:7f:36:ab:a9:44:f5:3d:9b:85:9d:ee:60:8b:bc:e9:64:ae:
         ef:f7:97:4a:c9:2f:9c:de:90:a0:b3:b7:2e:9c:54:e9:bb:aa:
         78:c6:40:70:69:2f:c9:ba:25:a9:bd:36:b1:11:6d:6a:d2:0a:
         37:d4:34:38:5a:b1:c4:0c:a4:9f:f2:48:f7:08:b3:cc:35:f7:
         97:33:43:3b:d2:67:c8:97:c1:fe:a5:c7:4a:df:39:7b:c5:b6:
         18:d9:bb:26:e1:63:a8:4a:d9:85:77:db:3b:74:a5:e4:9b:08:
         7d:3e:e8:1d:ea:29:2d:eb:7d:02:44:51:16:f3:bb:ad:00:b1:
         80:bf:67:b3:92:91:de:b4:d1:6d:ab:47:3e:23:a7:6d:07:bc:
         a1:d6:d5:d6:c9:57:b4:40:0e:63:eb:ef:80:f5:45:50:fd:34:
         14:a3:9e:ca:af:6f:19:9c:5a:12:76:07:10:48:46:8d:8b:bb:
         37:e9:44:43:29:c8:f6:8a:84:e2:be:62:b9:99:9e:55:94:fd:
         96:00:e3:ae:4b:68:f3:fd:5e:b4:89:d0:34:6c:85:09:42:e8:
         6f:00:9e:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoIxxpxmxFZA0kil6JNbx9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYWM4MzBjY2FhNzQ3ODNkZDk2MWZhYjI0MWEyMjhkN2Nj
NmY4MDgwHhcNMjUwMTAyMTc0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzNlNTE0ZGQ2ZTI1NmFiZDNjOWZkNmUzMmQ1NDk0Y2RhZDQyMjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Wr1crCQz8zaInyutPnf9e3xa6ks
shtYwpWBsntpQu6rmBhfpahX9jtIIdIopJhfY3ak+FRUWxdJXFghwiS7oFNlHu6M
CK5gZMnY/yIr9lPwG3+m/FPJW+5rCeX6PQWKDp32c75g0/qtsPtpM9DNSFJHqYj0
UWwaSLGV8uRPi8zYoRIYbIcmAL6N0F5xcDTV9XgNCB+I5ezHojHnGBeK3wLlgo7f
lIgTcG4afVRsBHen0wQ/BeowPUsnKLKvmSwfKHnmpEtKWW+p3ootkAFIeaWPzD1o
CZPzCSVfn553dC1hruRcC6FyqXPL8uIpE5MgcSapgxjYoUklH4VKfhxStQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDc+UU3W4lar08n9bjLVSUza1CJwMB8GA1UdIwQY
MBaAFK2sgwzKp0eD3ZYfqyQaIo18xvgIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmF5RERNcW5SNFBkbGgtckpCb2lqWHpHLUFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMjVjOGQtZDM2OC00ZWVlLTljYTgt
OTI5ZjdkNjM1ZjRiLzEvTno1UlRkYmlWcXZUeWYxdU10VkpUTnJVSW5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMjVjOGQtZDM2OC00ZWVlLTljYTgtOTI5ZjdkNjM1ZjRi
LzEvcmF5RERNcW5SNFBkbGgtckpCb2lqWHpHLUFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsGM4MA0G
CSqGSIb3DQEBCwUAA4IBAQCUlRfbTcTiX+TGkssWMfx7wTcDROojvM5KiryXXx+h
xIfmur6efzarqUT1PZuFne5gi7zpZK7v95dKyS+c3pCgs7cunFTpu6p4xkBwaS/J
uiWpvTaxEW1q0go31DQ4WrHEDKSf8kj3CLPMNfeXM0M70mfIl8H+pcdK3zl7xbYY
2bsm4WOoStmFd9s7dKXkmwh9Pugd6ikt630CRFEW87utALGAv2ezkpHetNFtq0c+
I6dtB7yh1tXWyVe0QA5j6++A9UVQ/TQUo57Kr28ZnFoSdgcQSEaNi7s36URDKcj2
ioTivmK5mZ5VlP2WAOOuS2jz/V60idA0bIUJQuhvAJ40
-----END CERTIFICATE-----