Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/NkwYBQBRVrFsj-xUN7Cv_m6lwSA.roa
File:                     NkwYBQBRVrFsj-xUN7Cv_m6lwSA.roa (raw, json)
Hash identifier:          gjr66sRTq1kait53s7UP3QklI69yHhHqmsXxB/qlKCc=
Subject key identifier:   36:4C:18:05:00:51:56:B1:6C:8F:EC:54:37:B0:AF:FE:6E:A5:C1:20
Certificate issuer:       /CN=34dd4026d290f3201d28ef684d3c5ac13c96ec6d
Certificate serial:       0195F6753080CEFF05F0A36B7B8E2C986411
Authority key identifier: 34:DD:40:26:D2:90:F3:20:1D:28:EF:68:4D:3C:5A:C1:3C:96:EC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NN1AJtKQ8yAdKO9oTTxawTyW7G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/NkwYBQBRVrFsj-xUN7Cv_m6lwSA.roa
Signing time:             Wed 02 Apr 2025 12:23:50 +0000
ROA not before:           Wed 02 Apr 2025 12:23:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1836
IP address blocks:        5.102.32.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/NN1AJtKQ8yAdKO9oTTxawTyW7G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/NN1AJtKQ8yAdKO9oTTxawTyW7G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NN1AJtKQ8yAdKO9oTTxawTyW7G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 18:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f6:75:30:80:ce:ff:05:f0:a3:6b:7b:8e:2c:98:64:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34dd4026d290f3201d28ef684d3c5ac13c96ec6d
        Validity
            Not Before: Apr  2 12:23:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=364c1805005156b16c8fec5437b0affe6ea5c120
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:48:6f:1a:a2:3d:aa:5c:e2:1c:01:74:5b:22:
                    05:70:71:43:2c:19:8c:36:4f:d5:e7:a6:94:15:30:
                    cb:84:f7:b5:7b:15:41:b3:ba:85:df:4e:0c:5e:dd:
                    3e:8c:f4:d9:b4:a4:86:17:9d:54:16:bc:6d:27:0f:
                    b2:5d:b2:f8:6c:85:1b:19:73:8e:44:56:13:26:11:
                    fc:85:b1:f3:a7:4a:15:fa:5b:84:7a:e8:fa:78:db:
                    22:6b:9d:5d:00:67:b6:33:22:a3:e1:52:56:c9:de:
                    ba:d6:69:00:08:ab:7c:2e:80:e3:95:63:62:43:b0:
                    86:6f:43:2d:ba:8b:70:14:52:b9:37:06:5a:aa:96:
                    b4:ab:04:c9:22:fc:f0:27:6f:53:86:06:4a:12:08:
                    b5:1a:5c:02:9e:a7:e2:3e:3b:8d:c4:7d:f8:8a:5f:
                    5f:1d:87:20:a3:08:f4:7d:3c:1b:34:67:98:6e:0c:
                    69:76:cd:07:98:e6:57:65:35:09:d1:00:c5:5e:15:
                    c0:a0:2b:35:49:8b:20:ce:a0:9d:7e:63:20:fd:07:
                    d8:93:6f:fe:88:a1:ad:cf:52:14:70:1b:41:da:8a:
                    24:7a:5f:e7:19:3f:fb:c2:8c:2b:82:c1:cd:50:d9:
                    37:cc:e7:1d:80:cb:17:a8:47:f5:8d:42:c1:62:9d:
                    8d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:4C:18:05:00:51:56:B1:6C:8F:EC:54:37:B0:AF:FE:6E:A5:C1:20
            X509v3 Authority Key Identifier:
                keyid:34:DD:40:26:D2:90:F3:20:1D:28:EF:68:4D:3C:5A:C1:3C:96:EC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NN1AJtKQ8yAdKO9oTTxawTyW7G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/NkwYBQBRVrFsj-xUN7Cv_m6lwSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/NN1AJtKQ8yAdKO9oTTxawTyW7G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:29:cd:24:ab:78:47:06:17:d7:fb:c0:7a:49:28:e8:ca:0b:
         8d:6d:f5:39:87:4a:2b:dc:f0:24:d8:dc:47:e9:f8:7e:e2:00:
         f4:09:1b:8e:75:d5:af:9e:07:c8:c9:8a:38:91:fd:ef:17:f0:
         0c:d8:21:ed:15:00:19:c1:23:0e:5d:3f:51:4c:b1:56:02:a6:
         82:ba:6d:8f:79:6c:90:43:0a:b1:28:58:54:4c:22:a1:a7:32:
         9d:c4:84:7b:bd:9c:d0:0e:97:7a:ff:fd:c4:8d:5c:04:5a:7b:
         73:68:f3:7d:19:59:96:53:dd:07:f0:92:4c:17:1e:22:98:0a:
         d6:15:9e:17:da:fa:5e:70:fb:87:40:ba:88:7d:06:0c:b7:8b:
         de:11:e1:7d:ec:c7:8c:90:9b:a6:3a:5f:4f:04:f1:22:23:5d:
         0e:e8:c8:27:1e:8a:47:94:a9:43:f0:c3:28:0a:26:5f:f4:f1:
         f0:9d:00:fa:26:2b:c2:9a:03:24:04:14:6e:e5:ae:a5:f6:9f:
         6b:82:39:fc:72:c4:36:a8:ef:b4:3a:5b:59:f2:39:02:d6:97:
         fa:b3:d6:80:3a:f2:50:51:c8:e1:13:2c:46:7a:93:33:74:96:
         7d:2d:54:67:7a:cb:28:7b:82:7b:bb:8d:82:5d:6a:ee:8c:83:
         f8:ea:33:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX2dTCAzv8F8KNre44smGQRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZGQ0MDI2ZDI5MGYzMjAxZDI4ZWY2ODRkM2M1YWMxM2M5
NmVjNmQwHhcNMjUwNDAyMTIyMzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjRjMTgwNTAwNTE1NmIxNmM4ZmVjNTQzN2IwYWZmZTZlYTVjMTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskhvGqI9qlziHAF0WyIFcHFDLBmM
Nk/V56aUFTDLhPe1exVBs7qF304MXt0+jPTZtKSGF51UFrxtJw+yXbL4bIUbGXOO
RFYTJhH8hbHzp0oV+luEeuj6eNsia51dAGe2MyKj4VJWyd661mkACKt8LoDjlWNi
Q7CGb0MtuotwFFK5NwZaqpa0qwTJIvzwJ29ThgZKEgi1GlwCnqfiPjuNxH34il9f
HYcgowj0fTwbNGeYbgxpds0HmOZXZTUJ0QDFXhXAoCs1SYsgzqCdfmMg/QfYk2/+
iKGtz1IUcBtB2ookel/nGT/7wowrgsHNUNk3zOcdgMsXqEf1jULBYp2NBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZMGAUAUVaxbI/sVDewr/5upcEgMB8GA1UdIwQY
MBaAFDTdQCbSkPMgHSjvaE08WsE8luxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTk4xQUp0S1E4eUFkS085b1RUeGF3VHlXN0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy83MmE0MDUtMTU5OC00MDMzLThlMmIt
ODc4NTA3ZWQ0NmY3LzEvTmt3WUJRQlJWckZzai14VU43Q3ZfbTZsd1NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy83MmE0MDUtMTU5OC00MDMzLThlMmItODc4NTA3ZWQ0NmY3
LzEvTk4xQUp0S1E4eUFkS085b1RUeGF3VHlXN0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWYgMA0G
CSqGSIb3DQEBCwUAA4IBAQBnKc0kq3hHBhfX+8B6SSjoyguNbfU5h0or3PAk2NxH
6fh+4gD0CRuOddWvngfIyYo4kf3vF/AM2CHtFQAZwSMOXT9RTLFWAqaCum2PeWyQ
QwqxKFhUTCKhpzKdxIR7vZzQDpd6//3EjVwEWntzaPN9GVmWU90H8JJMFx4imArW
FZ4X2vpecPuHQLqIfQYMt4veEeF97MeMkJumOl9PBPEiI10O6MgnHopHlKlD8MMo
CiZf9PHwnQD6JivCmgMkBBRu5a6l9p9rgjn8csQ2qO+0OltZ8jkC1pf6s9aAOvJQ
UcjhEyxGepMzdJZ9LVRnessoe4J7u42CXWrujIP46jMH
-----END CERTIFICATE-----