Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/NNbGYKZN2MczsbLVZDvW2hdl718.roa
File:                     NNbGYKZN2MczsbLVZDvW2hdl718.roa (raw, json)
Hash identifier:          4E2t0fTnEc7nZVPHCni1To4F2fDuKI/+fcnfWn1WYJA=
Subject key identifier:   34:D6:C6:60:A6:4D:D8:C7:33:B1:B2:D5:64:3B:D6:DA:17:65:EF:5F
Certificate issuer:       /CN=b55d4e6317c62a1a69dac31f4f143e3bc280ba62
Certificate serial:       019567278BA5C2011659D0388015148D0387
Authority key identifier: B5:5D:4E:63:17:C6:2A:1A:69:DA:C3:1F:4F:14:3E:3B:C2:80:BA:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV1OYxfGKhpp2sMfTxQ-O8KAumI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/NNbGYKZN2MczsbLVZDvW2hdl718.roa
Signing time:             Wed 05 Mar 2025 16:33:19 +0000
ROA not before:           Wed 05 Mar 2025 16:33:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44050
IP address blocks:        91.196.252.0/22 maxlen: 22
                          91.196.255.0/24 maxlen: 24
                          176.116.240.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/tV1OYxfGKhpp2sMfTxQ-O8KAumI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/tV1OYxfGKhpp2sMfTxQ-O8KAumI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV1OYxfGKhpp2sMfTxQ-O8KAumI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:67:27:8b:a5:c2:01:16:59:d0:38:80:15:14:8d:03:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55d4e6317c62a1a69dac31f4f143e3bc280ba62
        Validity
            Not Before: Mar  5 16:33:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34d6c660a64dd8c733b1b2d5643bd6da1765ef5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:b0:3a:88:cb:00:0b:20:92:aa:00:df:62:df:
                    3f:88:90:75:b9:78:1d:a1:e3:a6:de:aa:d4:25:7b:
                    56:d2:dc:49:fc:ee:12:c6:62:c7:93:80:8a:a5:8b:
                    2c:77:88:08:6e:d9:c6:8f:8c:d2:43:94:a5:79:1f:
                    07:8a:12:61:72:ea:78:c4:94:f2:bc:40:e7:60:07:
                    fa:1e:16:1a:f1:c5:1f:8a:80:74:35:52:91:0f:f3:
                    07:dd:1d:d8:ed:ff:f1:21:18:b5:d1:8d:4b:c8:41:
                    38:7c:7d:0f:b5:14:67:45:5e:15:88:0c:60:0a:b5:
                    31:ee:29:a0:e9:86:a9:1d:95:78:40:44:32:fb:bb:
                    7c:97:17:6c:dd:ee:47:f3:94:d1:ca:d6:a8:d5:16:
                    66:da:da:15:9f:03:f7:bb:c1:b5:0a:58:6b:38:92:
                    b4:3e:62:e8:4a:bf:f2:ea:8e:bf:22:93:40:dd:57:
                    bd:05:56:76:f9:ef:d0:1b:c6:81:41:a4:82:43:22:
                    ae:50:70:49:08:18:c8:9c:72:17:f4:e3:ef:15:88:
                    b8:b4:a2:20:1c:a0:b2:c3:e7:9e:9d:f7:92:55:d5:
                    bc:2a:4c:b7:26:96:32:d1:a8:db:c2:28:a6:23:54:
                    74:55:ee:f5:90:a8:8b:24:78:08:0a:6a:3e:ff:15:
                    08:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:D6:C6:60:A6:4D:D8:C7:33:B1:B2:D5:64:3B:D6:DA:17:65:EF:5F
            X509v3 Authority Key Identifier:
                keyid:B5:5D:4E:63:17:C6:2A:1A:69:DA:C3:1F:4F:14:3E:3B:C2:80:BA:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV1OYxfGKhpp2sMfTxQ-O8KAumI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/NNbGYKZN2MczsbLVZDvW2hdl718.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/tV1OYxfGKhpp2sMfTxQ-O8KAumI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.252.0/22
                  176.116.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b7:ef:bb:da:c7:6b:99:9d:9b:6b:c6:1e:0e:76:f8:0a:e4:52:
         8a:33:95:73:7b:af:75:8f:3d:a7:32:76:c7:a6:e1:3b:f3:3c:
         91:26:68:37:87:63:d8:94:4c:ca:cf:04:42:2d:49:50:10:45:
         0c:e1:56:50:e4:5f:c9:7e:30:19:7d:e1:3b:41:54:46:fd:21:
         56:32:af:c2:56:96:7f:70:f2:7a:21:cb:1a:ad:38:63:13:da:
         d9:51:cb:46:60:51:15:c0:6f:3a:bb:91:d4:7d:81:1b:7a:45:
         16:6e:90:8b:65:4a:de:07:81:4e:3b:c2:fb:b0:70:27:10:f8:
         f5:2d:4d:ca:14:9b:e6:03:41:8f:4e:6c:e7:f3:1f:10:6a:88:
         17:be:06:34:11:a5:7f:11:29:a3:45:7f:7c:b2:e1:44:08:18:
         09:4b:ae:17:cc:37:46:d4:bb:5b:d4:f2:41:f2:e5:89:75:fa:
         f6:90:c1:34:c6:81:58:64:0d:3f:16:45:5c:ea:7d:3a:7e:98:
         5d:9d:a8:c3:55:a4:e3:cf:80:a1:6f:29:72:01:50:b6:ed:11:
         66:92:1c:8a:ad:d3:76:bd:ef:cb:5c:de:47:ca:3f:f0:da:dd:
         5d:2b:b2:c9:83:1b:2a:31:bb:f9:77:8a:72:93:8c:cc:f6:85:
         b2:36:ba:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZVnJ4ulwgEWWdA4gBUUjQOHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NWQ0ZTYzMTdjNjJhMWE2OWRhYzMxZjRmMTQzZTNiYzI4
MGJhNjIwHhcNMjUwMzA1MTYzMzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGQ2YzY2MGE2NGRkOGM3MzNiMWIyZDU2NDNiZDZkYTE3NjVlZjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LA6iMsACyCSqgDfYt8/iJB1uXgd
oeOm3qrUJXtW0txJ/O4SxmLHk4CKpYssd4gIbtnGj4zSQ5SleR8HihJhcup4xJTy
vEDnYAf6HhYa8cUfioB0NVKRD/MH3R3Y7f/xIRi10Y1LyEE4fH0PtRRnRV4ViAxg
CrUx7img6YapHZV4QEQy+7t8lxds3e5H85TRytao1RZm2toVnwP3u8G1ClhrOJK0
PmLoSr/y6o6/IpNA3Ve9BVZ2+e/QG8aBQaSCQyKuUHBJCBjInHIX9OPvFYi4tKIg
HKCyw+eenfeSVdW8Kky3JpYy0ajbwiimI1R0Ve71kKiLJHgICmo+/xUIywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDTWxmCmTdjHM7Gy1WQ71toXZe9fMB8GA1UdIwQY
MBaAFLVdTmMXxioaadrDH08UPjvCgLpiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFYxT1l4ZkdLaHBwMnNNZlR4US1POEtBdW1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82NTRmMzYtYWM1YS00MjkyLTgxNDAt
NTM0ZDc4ODk4ZDZiLzEvTk5iR1lLWk4yTWN6c2JMVlpEdlcyaGRsNzE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82NTRmMzYtYWM1YS00MjkyLTgxNDAtNTM0ZDc4ODk4ZDZi
LzEvdFYxT1l4ZkdLaHBwMnNNZlR4US1POEtBdW1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8T8AwQE
sHTwMA0GCSqGSIb3DQEBCwUAA4IBAQC377vax2uZnZtrxh4OdvgK5FKKM5Vze691
jz2nMnbHpuE78zyRJmg3h2PYlEzKzwRCLUlQEEUM4VZQ5F/JfjAZfeE7QVRG/SFW
Mq/CVpZ/cPJ6IcsarThjE9rZUctGYFEVwG86u5HUfYEbekUWbpCLZUreB4FOO8L7
sHAnEPj1LU3KFJvmA0GPTmzn8x8QaogXvgY0EaV/ESmjRX98suFECBgJS64XzDdG
1Ltb1PJB8uWJdfr2kME0xoFYZA0/FkVc6n06fphdnajDVaTjz4ChbylyAVC27RFm
khyKrdN2ve/LXN5Hyj/w2t1dK7LJgxsqMbv5d4pyk4zM9oWyNrrC
-----END CERTIFICATE-----