Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/Nw0MJW1-17GSjmW0I-SeXIKcXZc.roa
File:                     Nw0MJW1-17GSjmW0I-SeXIKcXZc.roa (raw, json)
Hash identifier:          bVKXfQW3a25ibMtG9JEwc2vSFy0FIYerrDATet1Yfbc=
Subject key identifier:   37:0D:0C:25:6D:7E:D7:B1:92:8E:65:B4:23:E4:9E:5C:82:9C:5D:97
Certificate issuer:       /CN=9e459aa4602bffa2d2650ba66818458c89fc4582
Certificate serial:       0198E69F1E9E92ED98FE712047B49020A5F6
Authority key identifier: 9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/Nw0MJW1-17GSjmW0I-SeXIKcXZc.roa
Signing time:             Tue 26 Aug 2025 13:44:04 +0000
ROA not before:           Tue 26 Aug 2025 13:44:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     146813
IP address blocks:        84.247.114.0/24 maxlen: 24
                          89.149.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 14:10:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e6:9f:1e:9e:92:ed:98:fe:71:20:47:b4:90:20:a5:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e459aa4602bffa2d2650ba66818458c89fc4582
        Validity
            Not Before: Aug 26 13:44:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=370d0c256d7ed7b1928e65b423e49e5c829c5d97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:10:3e:19:82:69:cc:3c:0c:25:71:28:cf:40:
                    af:20:37:8a:16:ab:c0:26:bf:59:9b:49:05:73:26:
                    d3:24:96:5e:e4:c3:40:60:a1:7f:bb:82:82:ee:4e:
                    2b:ea:44:d2:37:e5:0a:33:ae:07:eb:83:c0:42:b9:
                    36:54:78:fd:58:97:7e:f9:e2:39:cf:7a:20:8b:8e:
                    be:6b:b1:8a:7d:81:8f:12:af:40:c4:0e:15:91:40:
                    d9:92:32:c1:75:c5:38:ef:39:59:7a:58:23:a6:28:
                    79:3a:ca:59:6a:fe:06:3e:8b:03:e7:13:3c:b4:24:
                    95:b9:26:57:d9:ec:2e:bd:fd:fc:90:4f:04:ad:f7:
                    8e:b3:11:4b:f2:a1:e6:fc:c9:91:b5:82:a2:a4:be:
                    05:76:93:a7:db:5f:70:43:dd:c0:32:e1:83:3c:53:
                    19:83:16:79:60:68:68:d7:5c:40:d4:9f:59:80:a5:
                    16:e8:78:6b:b0:e1:ee:1f:97:b9:3a:00:87:48:6b:
                    7c:28:f2:e3:78:4e:ec:1b:80:2e:8d:f7:58:7b:b1:
                    b2:a8:93:1a:15:08:8e:30:69:fd:33:e3:c2:48:c8:
                    a6:97:27:df:ab:ae:4a:3a:80:20:f1:33:96:a7:f6:
                    09:87:1f:f4:60:60:61:4f:e6:df:44:89:73:2d:39:
                    a5:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:0D:0C:25:6D:7E:D7:B1:92:8E:65:B4:23:E4:9E:5C:82:9C:5D:97
            X509v3 Authority Key Identifier:
                keyid:9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/Nw0MJW1-17GSjmW0I-SeXIKcXZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.247.114.0/24
                  89.149.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:2f:c0:ae:87:7c:ad:f3:fc:19:a4:17:0e:4a:0e:d2:1c:23:
         64:b0:23:d3:07:2f:2f:11:5c:8d:18:19:3b:9b:1f:c5:e2:eb:
         b9:66:b0:c9:85:aa:03:42:ad:96:81:0e:c5:db:70:65:ee:dd:
         4a:c3:00:48:3f:30:6a:dc:a8:d5:61:8d:5c:e8:32:d2:cb:1f:
         0d:19:d7:1d:16:91:be:b7:67:81:c8:08:2f:90:e0:06:eb:64:
         a8:46:73:89:8d:cf:a7:d7:2f:9d:49:fd:52:5c:79:d5:f9:3f:
         8f:93:ff:9b:14:3e:27:79:38:b5:3e:5c:4b:48:59:e1:d2:5a:
         4f:a3:b2:b1:96:69:71:91:f5:03:eb:cd:6c:a3:fa:aa:bf:cb:
         8b:b6:fa:3a:0a:34:a9:7d:08:7b:3b:04:88:77:b1:7a:0f:c3:
         5a:2d:98:3c:6c:93:ea:2a:c5:1a:35:52:7e:a1:f8:15:92:e4:
         09:f3:3f:8f:f6:03:4a:a7:a0:8a:96:72:28:ee:ef:75:03:28:
         e6:9d:a2:4d:68:a8:65:f1:e5:23:24:91:ae:72:98:f6:41:48:
         5f:87:20:c1:de:af:fa:fd:d2:47:d0:81:6c:17:aa:5e:03:ea:
         9c:7b:e0:55:2b:47:76:26:ee:d6:1e:fb:ff:af:45:08:09:7c:
         fa:62:e3:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjmnx6eku2Y/nEgR7SQIKX2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDU5YWE0NjAyYmZmYTJkMjY1MGJhNjY4MTg0NThjODlm
YzQ1ODIwHhcNMjUwODI2MTM0NDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzBkMGMyNTZkN2VkN2IxOTI4ZTY1YjQyM2U0OWU1YzgyOWM1ZDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2BA+GYJpzDwMJXEoz0CvIDeKFqvA
Jr9Zm0kFcybTJJZe5MNAYKF/u4KC7k4r6kTSN+UKM64H64PAQrk2VHj9WJd++eI5
z3ogi46+a7GKfYGPEq9AxA4VkUDZkjLBdcU47zlZelgjpih5OspZav4GPosD5xM8
tCSVuSZX2ewuvf38kE8ErfeOsxFL8qHm/MmRtYKipL4FdpOn219wQ93AMuGDPFMZ
gxZ5YGho11xA1J9ZgKUW6HhrsOHuH5e5OgCHSGt8KPLjeE7sG4AujfdYe7GyqJMa
FQiOMGn9M+PCSMimlyffq65KOoAg8TOWp/YJhx/0YGBhT+bfRIlzLTml4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDcNDCVtftexko5ltCPknlyCnF2XMB8GA1UdIwQY
MBaAFJ5FmqRgK/+i0mULpmgYRYyJ/EWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWIt
MjhhODQxZGEwYmZkLzEvTncwTUpXMS0xN0dTam1XMEktU2VYSUtjWFpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWItMjhhODQxZGEwYmZk
LzEvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVPdyAwQA
WZURMA0GCSqGSIb3DQEBCwUAA4IBAQBbL8Cuh3yt8/wZpBcOSg7SHCNksCPTBy8v
EVyNGBk7mx/F4uu5ZrDJhaoDQq2WgQ7F23Bl7t1KwwBIPzBq3KjVYY1c6DLSyx8N
GdcdFpG+t2eByAgvkOAG62SoRnOJjc+n1y+dSf1SXHnV+T+Pk/+bFD4neTi1PlxL
SFnh0lpPo7KxlmlxkfUD681so/qqv8uLtvo6CjSpfQh7OwSId7F6D8NaLZg8bJPq
KsUaNVJ+ofgVkuQJ8z+P9gNKp6CKlnIo7u91AyjmnaJNaKhl8eUjJJGucpj2QUhf
hyDB3q/6/dJH0IFsF6peA+qce+BVK0d2Ju7WHvv/r0UICXz6YuNn
-----END CERTIFICATE-----