Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/999295-31dc-4f8c-84b7-37ead6ab4eec/1/NL1w9Xj9eNNvZHja4bYi8u1uP0g.roa
File:                     NL1w9Xj9eNNvZHja4bYi8u1uP0g.roa (raw, json)
Hash identifier:          bGa7KQ5aQ4eZWg9YSqL9Pvq1iyjpLbcYhC9x7Z0XWS8=
Subject key identifier:   34:BD:70:F5:78:FD:78:D3:6F:64:78:DA:E1:B6:22:F2:ED:6E:3F:48
Certificate issuer:       /CN=3ef45d706bacc58aeff6ae47f232d92b3c2fb018
Certificate serial:       019EEB540A79E555BAFA411A4A3EBCF5DBB6
Authority key identifier: 3E:F4:5D:70:6B:AC:C5:8A:EF:F6:AE:47:F2:32:D9:2B:3C:2F:B0:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PvRdcGusxYrv9q5H8jLZKzwvsBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/999295-31dc-4f8c-84b7-37ead6ab4eec/1/NL1w9Xj9eNNvZHja4bYi8u1uP0g.roa
Signing time:             Sun 21 Jun 2026 17:56:53 +0000
ROA not before:           Sun 21 Jun 2026 17:56:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51839
IP address blocks:        91.221.104.0/23 maxlen: 23
                          2001:67c:3a8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/999295-31dc-4f8c-84b7-37ead6ab4eec/1/PvRdcGusxYrv9q5H8jLZKzwvsBg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/999295-31dc-4f8c-84b7-37ead6ab4eec/1/PvRdcGusxYrv9q5H8jLZKzwvsBg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PvRdcGusxYrv9q5H8jLZKzwvsBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:eb:54:0a:79:e5:55:ba:fa:41:1a:4a:3e:bc:f5:db:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ef45d706bacc58aeff6ae47f232d92b3c2fb018
        Validity
            Not Before: Jun 21 17:56:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34bd70f578fd78d36f6478dae1b622f2ed6e3f48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:82:a2:d9:3c:93:fe:7a:02:b5:98:25:9f:68:
                    8d:46:00:76:ca:db:c8:c1:2c:3b:b1:0c:ec:8d:48:
                    79:4b:8b:82:f3:18:8f:07:2d:e4:3e:70:21:6c:fe:
                    39:ca:b6:ce:4e:79:67:ab:dd:e8:1d:12:2b:36:05:
                    1b:9a:8a:55:4d:89:e4:d9:d3:c1:68:a6:b6:62:85:
                    4b:47:38:c7:a3:49:eb:da:8f:46:ce:0c:1f:32:15:
                    7b:ab:3a:b0:86:2c:53:20:61:92:9e:8c:c0:b9:34:
                    37:9b:a7:10:4f:d4:2c:40:e9:a9:55:35:31:fb:2c:
                    b0:38:d4:55:50:c3:47:2f:17:6e:02:48:4b:13:bf:
                    dd:12:d6:8d:7f:54:c7:8a:b2:d5:74:d5:c7:91:5e:
                    a4:28:7e:5f:0d:f7:da:9b:ba:39:77:40:44:ea:cc:
                    e3:8f:ab:a7:2b:67:4c:a7:67:0c:15:a9:47:77:d9:
                    80:4c:98:9c:e1:cf:93:5d:c6:e8:2e:45:0f:f1:40:
                    07:31:d5:8e:70:cd:f4:6a:5d:96:e4:23:f7:c3:f2:
                    e7:ba:fc:02:3f:89:30:b3:43:33:05:0d:ae:d0:98:
                    06:1b:f1:a1:e9:9f:08:0a:79:9f:87:c7:7c:ca:7c:
                    cb:0d:88:24:df:bc:b0:64:d1:4a:6a:2c:c3:42:cf:
                    2a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:BD:70:F5:78:FD:78:D3:6F:64:78:DA:E1:B6:22:F2:ED:6E:3F:48
            X509v3 Authority Key Identifier:
                keyid:3E:F4:5D:70:6B:AC:C5:8A:EF:F6:AE:47:F2:32:D9:2B:3C:2F:B0:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PvRdcGusxYrv9q5H8jLZKzwvsBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/999295-31dc-4f8c-84b7-37ead6ab4eec/1/NL1w9Xj9eNNvZHja4bYi8u1uP0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/999295-31dc-4f8c-84b7-37ead6ab4eec/1/PvRdcGusxYrv9q5H8jLZKzwvsBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.104.0/23
                IPv6:
                  2001:67c:3a8::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:24:6b:1f:79:ed:33:e5:cc:7e:4b:59:6f:2a:68:5f:9c:b1:
         ce:a5:f0:00:da:3e:47:35:f7:f1:f3:ae:ce:10:be:2d:d6:d5:
         68:c0:fe:a2:ad:9b:f9:1d:e0:38:f2:21:aa:e1:64:2c:b3:98:
         22:be:97:33:9b:b5:94:20:65:5a:bc:c0:41:4c:60:09:4f:82:
         7f:67:90:d2:3c:db:30:eb:56:9f:5c:4b:d6:51:54:8c:fa:d9:
         c6:d7:9e:59:9e:b8:c7:2a:20:bd:94:ca:c8:65:66:84:60:5c:
         e2:46:3f:fb:95:b4:c5:59:80:af:97:6d:17:dd:32:15:e4:c3:
         6c:3c:31:fa:a2:e0:b9:4f:1e:ed:b2:8f:dd:f1:95:cb:c5:b3:
         1b:e7:07:2e:d7:98:72:42:0e:cc:30:6c:1b:de:ec:1b:bd:43:
         b6:e5:35:70:ce:07:ce:b1:41:53:63:80:b2:74:f2:ed:35:55:
         09:32:88:4c:da:30:c7:a2:84:09:5e:22:72:b6:f9:2f:2f:e2:
         b2:ed:c5:9e:80:25:3b:05:74:cb:98:64:f4:b4:22:86:5a:b8:
         ac:16:c1:70:41:1d:c6:67:ab:8f:43:92:6a:00:a2:0f:1a:84:
         3e:a9:6e:83:69:be:96:b3:f3:ca:c4:32:d9:68:35:a9:35:fd:
         25:76:db:2d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ7rVAp55VW6+kEaSj689du2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZjQ1ZDcwNmJhY2M1OGFlZmY2YWU0N2YyMzJkOTJiM2My
ZmIwMTgwHhcNMjYwNjIxMTc1NjUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGJkNzBmNTc4ZmQ3OGQzNmY2NDc4ZGFlMWI2MjJmMmVkNmUzZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3YKi2TyT/noCtZgln2iNRgB2ytvI
wSw7sQzsjUh5S4uC8xiPBy3kPnAhbP45yrbOTnlnq93oHRIrNgUbmopVTYnk2dPB
aKa2YoVLRzjHo0nr2o9GzgwfMhV7qzqwhixTIGGSnozAuTQ3m6cQT9QsQOmpVTUx
+yywONRVUMNHLxduAkhLE7/dEtaNf1THirLVdNXHkV6kKH5fDffam7o5d0BE6szj
j6unK2dMp2cMFalHd9mATJic4c+TXcboLkUP8UAHMdWOcM30al2W5CP3w/LnuvwC
P4kws0MzBQ2u0JgGG/Gh6Z8ICnmfh8d8ynzLDYgk37ywZNFKaizDQs8qKwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDS9cPV4/XjTb2R42uG2IvLtbj9IMB8GA1UdIwQY
MBaAFD70XXBrrMWK7/auR/Iy2Ss8L7AYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHZSZGNHdXN4WXJ2OXE1SDhqTFpLend2c0JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi85OTkyOTUtMzFkYy00ZjhjLTg0Yjct
MzdlYWQ2YWI0ZWVjLzEvTkwxdzlYajllTk52WkhqYTRiWWk4dTF1UDBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi85OTkyOTUtMzFkYy00ZjhjLTg0YjctMzdlYWQ2YWI0ZWVj
LzEvUHZSZGNHdXN4WXJ2OXE1SDhqTFpLend2c0JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW91oMA8E
AgACMAkDBwAgAQZ8A6gwDQYJKoZIhvcNAQELBQADggEBAJYkax957TPlzH5LWW8q
aF+csc6l8ADaPkc19/Hzrs4Qvi3W1WjA/qKtm/kd4DjyIarhZCyzmCK+lzObtZQg
ZVq8wEFMYAlPgn9nkNI82zDrVp9cS9ZRVIz62cbXnlmeuMcqIL2UyshlZoRgXOJG
P/uVtMVZgK+XbRfdMhXkw2w8Mfqi4LlPHu2yj93xlcvFsxvnBy7XmHJCDswwbBve
7Bu9Q7blNXDOB86xQVNjgLJ08u01VQkyiEzaMMeihAleInK2+S8v4rLtxZ6AJTsF
dMuYZPS0IoZauKwWwXBBHcZnq49DkmoAog8ahD6pboNpvpaz88rEMtloNak1/SV2
2y0=
-----END CERTIFICATE-----