Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/NapDO-qA7UAI5E6E7u_3VLwwM-s.roa
File:                     NapDO-qA7UAI5E6E7u_3VLwwM-s.roa (raw, json)
Hash identifier:          iMhIICohdfOIKJztiTyPfcGxnS6EMr6CVn/3WJubO/g=
Subject key identifier:   35:AA:43:3B:EA:80:ED:40:08:E4:4E:84:EE:EF:F7:54:BC:30:33:EB
Certificate issuer:       /CN=bc56db796def0dbdb4c78f2445abecc1570a6fd9
Certificate serial:       0196C9CBAC74E305C07FBDCE47E51C40D545
Authority key identifier: BC:56:DB:79:6D:EF:0D:BD:B4:C7:8F:24:45:AB:EC:C1:57:0A:6F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/NapDO-qA7UAI5E6E7u_3VLwwM-s.roa
Signing time:             Tue 13 May 2025 13:18:10 +0000
ROA not before:           Tue 13 May 2025 13:18:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57304
IP address blocks:        91.199.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 16:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c9:cb:ac:74:e3:05:c0:7f:bd:ce:47:e5:1c:40:d5:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc56db796def0dbdb4c78f2445abecc1570a6fd9
        Validity
            Not Before: May 13 13:18:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35aa433bea80ed4008e44e84eeeff754bc3033eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:6e:f3:a7:a5:78:7d:3a:63:4b:62:6a:93:91:
                    f9:16:3b:38:9f:d5:b7:85:6b:ad:d4:07:21:1f:68:
                    87:a8:f9:b0:2e:ba:a8:a6:f4:8a:d5:04:f4:56:48:
                    9e:4d:b0:cc:c4:a8:f7:f5:c9:5e:1b:9f:f5:14:8f:
                    e6:4f:72:f5:aa:1d:50:ae:a9:6d:20:75:00:d3:11:
                    01:6e:c1:ff:52:26:0f:c5:4e:ba:58:2c:28:cc:f7:
                    29:d0:bd:7a:e8:59:2b:35:7c:f1:bd:23:8c:35:11:
                    c5:fe:90:ee:2d:ca:2a:e4:44:39:70:85:61:26:93:
                    fa:5a:b9:dd:d5:14:99:41:6b:8a:cf:6b:13:c4:c0:
                    90:9c:d6:6a:51:4b:a3:9e:ab:69:75:96:34:ea:24:
                    63:98:2a:8f:28:a7:92:0e:ed:e2:3b:3a:b9:b1:f6:
                    86:64:a9:bb:25:33:f7:ef:59:61:a5:27:87:08:be:
                    b6:2a:a8:18:b1:58:72:80:12:08:e3:8a:8e:7b:4d:
                    60:a0:be:d4:27:c3:bd:fa:3c:ea:02:f3:00:10:03:
                    40:db:53:5f:02:5a:e7:ac:e3:00:74:a8:93:be:b1:
                    2f:63:d1:41:ba:1c:d7:99:14:a2:9e:9f:ee:f8:dc:
                    be:fa:e4:92:56:3f:71:60:15:38:2b:19:8e:1b:e1:
                    bf:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:AA:43:3B:EA:80:ED:40:08:E4:4E:84:EE:EF:F7:54:BC:30:33:EB
            X509v3 Authority Key Identifier:
                keyid:BC:56:DB:79:6D:EF:0D:BD:B4:C7:8F:24:45:AB:EC:C1:57:0A:6F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/NapDO-qA7UAI5E6E7u_3VLwwM-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:07:b9:25:1f:ee:0a:0a:9f:66:91:c9:9c:1e:7e:0c:d1:74:
         d8:b9:34:cb:60:c3:63:d4:06:99:61:e7:74:ab:39:41:ea:a0:
         34:09:cb:6a:f1:3b:97:df:5f:37:be:5a:7b:a0:e2:66:3b:f0:
         7d:95:eb:49:28:f5:3c:52:f7:5b:b4:6e:f3:f8:c3:f9:ab:a3:
         0f:97:d4:ad:cd:b8:ea:95:d2:a3:f6:ef:19:2f:47:89:8f:26:
         7b:3f:9c:4e:0e:62:75:4f:3d:47:6a:da:e2:c7:be:1e:b4:cc:
         6f:b7:a3:ab:bf:18:57:3e:7e:a1:c1:10:6e:f7:de:b7:b1:3f:
         b1:dd:e7:01:3a:48:46:60:ad:40:ba:22:02:9b:31:a1:f8:9d:
         89:b9:be:26:20:9f:8f:a5:cb:4a:7f:55:2e:9f:e9:df:7f:84:
         54:4c:33:ec:32:bb:ee:a0:65:6e:78:89:4a:c1:97:2c:8c:ac:
         e8:2d:67:5c:02:31:a6:23:da:ec:5d:93:92:3b:6e:f0:76:e0:
         ad:82:97:44:ee:0d:83:78:ae:ed:52:03:1d:40:ae:ff:df:e6:
         8a:ad:ba:e3:b2:9a:35:6d:22:9a:01:68:dd:f1:6c:99:cf:15:
         65:23:0f:38:c6:82:b6:97:2d:9a:6d:1d:83:1b:02:29:2c:6d:
         e1:32:37:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbJy6x04wXAf73OR+UcQNVFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNTZkYjc5NmRlZjBkYmRiNGM3OGYyNDQ1YWJlY2MxNTcw
YTZmZDkwHhcNMjUwNTEzMTMxODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWFhNDMzYmVhODBlZDQwMDhlNDRlODRlZWVmZjc1NGJjMzAzM2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwW7zp6V4fTpjS2Jqk5H5Fjs4n9W3
hWut1AchH2iHqPmwLrqopvSK1QT0VkieTbDMxKj39cleG5/1FI/mT3L1qh1Qrqlt
IHUA0xEBbsH/UiYPxU66WCwozPcp0L166FkrNXzxvSOMNRHF/pDuLcoq5EQ5cIVh
JpP6Wrnd1RSZQWuKz2sTxMCQnNZqUUujnqtpdZY06iRjmCqPKKeSDu3iOzq5sfaG
ZKm7JTP371lhpSeHCL62KqgYsVhygBII44qOe01goL7UJ8O9+jzqAvMAEANA21Nf
AlrnrOMAdKiTvrEvY9FBuhzXmRSinp/u+Ny++uSSVj9xYBU4KxmOG+G/MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWqQzvqgO1ACOROhO7v91S8MDPrMB8GA1UdIwQY
MBaAFLxW23lt7w29tMePJEWr7MFXCm/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkZiYmVXM3ZEYjIweDQ4a1JhdnN3VmNLYjlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC84YjliZDktM2Y2Mi00ZTMwLTgwODUt
MWVjNzIxZmEyYTMwLzEvTmFwRE8tcUE3VUFJNUU2RTd1XzNWTHd3TS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC84YjliZDktM2Y2Mi00ZTMwLTgwODUtMWVjNzIxZmEyYTMw
LzEvdkZiYmVXM3ZEYjIweDQ4a1JhdnN3VmNLYjlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8cQMA0G
CSqGSIb3DQEBCwUAA4IBAQBsB7klH+4KCp9mkcmcHn4M0XTYuTTLYMNj1AaZYed0
qzlB6qA0Cctq8TuX3183vlp7oOJmO/B9letJKPU8UvdbtG7z+MP5q6MPl9Stzbjq
ldKj9u8ZL0eJjyZ7P5xODmJ1Tz1Hatrix74etMxvt6OrvxhXPn6hwRBu9963sT+x
3ecBOkhGYK1AuiICmzGh+J2Jub4mIJ+PpctKf1Uun+nff4RUTDPsMrvuoGVueIlK
wZcsjKzoLWdcAjGmI9rsXZOSO27wduCtgpdE7g2DeK7tUgMdQK7/3+aKrbrjspo1
bSKaAWjd8WyZzxVlIw84xoK2ly2abR2DGwIpLG3hMjdV
-----END CERTIFICATE-----