Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/NLn-NADuc0yAyX0f_4G1dKCqIP8.roa
File:                     NLn-NADuc0yAyX0f_4G1dKCqIP8.roa (raw, json)
Hash identifier:          dkLXs7qu9ok1KeNheDJk9SO+sT7GSZT5TJ1FucBWHfg=
Subject key identifier:   34:B9:FE:34:00:EE:73:4C:80:C9:7D:1F:FF:81:B5:74:A0:AA:20:FF
Certificate issuer:       /CN=21df245ead9980d2b39533782f65d7566d0462d1
Certificate serial:       019899BB967F499CBC2C21585D19333DBF3F
Authority key identifier: 21:DF:24:5E:AD:99:80:D2:B3:95:33:78:2F:65:D7:56:6D:04:62:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/NLn-NADuc0yAyX0f_4G1dKCqIP8.roa
Signing time:             Mon 11 Aug 2025 15:24:24 +0000
ROA not before:           Mon 11 Aug 2025 15:24:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213468
IP address blocks:        5.61.88.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 Aug 2025 12:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:99:bb:96:7f:49:9c:bc:2c:21:58:5d:19:33:3d:bf:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21df245ead9980d2b39533782f65d7566d0462d1
        Validity
            Not Before: Aug 11 15:24:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34b9fe3400ee734c80c97d1fff81b574a0aa20ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4e:dd:dd:c7:80:ef:91:66:3f:f6:8a:55:b0:
                    bd:f9:04:23:22:b4:b2:df:46:2c:82:b9:e5:13:54:
                    dc:c0:1b:87:72:1a:2f:f5:63:77:e5:a4:a8:82:17:
                    2b:ac:7f:93:13:10:eb:94:5a:76:91:71:23:48:12:
                    c9:75:b6:a4:66:66:b3:11:a6:bf:44:c1:cc:85:45:
                    e6:7b:f9:ad:1b:4d:01:91:f0:bc:27:74:8a:6b:29:
                    47:78:c0:68:ea:64:7c:6f:a9:88:fa:35:d9:b6:87:
                    f4:e2:53:c7:00:9a:70:4a:0e:7c:bd:44:7f:ed:c5:
                    2d:c7:a0:a8:f5:2c:fa:54:89:6a:6d:6d:f9:3e:f8:
                    81:e9:98:11:8d:8d:26:1f:4b:e4:6f:42:74:b0:63:
                    a9:d2:86:d3:e5:a0:cc:7d:22:e3:1f:81:43:d8:83:
                    7e:d5:03:eb:d0:97:dd:43:be:9a:21:98:df:cf:fa:
                    4a:83:f0:92:00:4f:6c:7e:4f:bf:6c:e7:b2:b9:ab:
                    23:88:01:fc:8e:72:5d:12:9a:b1:40:39:2f:db:f2:
                    91:ef:d7:5b:63:fb:8a:ea:c7:ba:fb:2d:f7:66:ee:
                    4b:6a:4c:cf:cf:3e:35:17:c1:f9:ae:c1:c1:15:26:
                    c0:47:71:02:0f:20:b2:22:b4:d9:c0:c2:a1:93:50:
                    b2:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:B9:FE:34:00:EE:73:4C:80:C9:7D:1F:FF:81:B5:74:A0:AA:20:FF
            X509v3 Authority Key Identifier:
                keyid:21:DF:24:5E:AD:99:80:D2:B3:95:33:78:2F:65:D7:56:6D:04:62:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/NLn-NADuc0yAyX0f_4G1dKCqIP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:de:55:10:ad:dc:20:d9:6f:87:fd:29:7d:b1:61:99:ab:10:
         b6:fe:a7:64:ba:d6:73:a9:7b:32:72:d2:6f:d1:4a:03:73:64:
         cd:93:2a:1a:ea:9a:bd:e9:85:f0:e0:f0:fb:85:6b:1a:06:d6:
         a9:25:65:d2:c6:37:11:6b:31:13:91:05:2a:c0:a2:10:e3:ea:
         7a:0b:23:91:7a:22:8a:c4:9d:56:80:51:02:06:6d:51:ee:48:
         80:f4:15:11:17:6e:ba:f1:2c:d8:ef:9a:66:32:3c:11:72:2e:
         fb:90:91:48:f1:74:5f:43:c0:e6:ec:af:16:66:41:b7:7f:71:
         65:64:dc:3a:08:ab:f0:d3:1e:72:5c:e4:e5:b2:8b:52:dc:ea:
         0f:be:a7:2d:eb:bd:f9:6f:05:9a:23:cd:ee:8d:b7:d1:ee:b2:
         3c:dd:c3:ca:97:89:8f:8a:34:fd:7b:f5:75:74:67:89:58:22:
         3f:29:fd:6e:ac:95:ac:c4:55:1b:5e:6b:8c:5f:54:4f:ca:42:
         3f:03:6f:95:80:c3:7e:fb:96:13:34:70:9f:0a:e1:ee:db:95:
         e5:ba:73:43:2a:38:05:de:ef:4e:89:f0:38:de:b7:d1:9c:08:
         02:e2:0c:bf:b3:dd:44:38:37:62:2e:64:98:5e:54:c7:c0:59:
         9e:d4:dd:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiZu5Z/SZy8LCFYXRkzPb8/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxZGYyNDVlYWQ5OTgwZDJiMzk1MzM3ODJmNjVkNzU2NmQw
NDYyZDEwHhcNMjUwODExMTUyNDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGI5ZmUzNDAwZWU3MzRjODBjOTdkMWZmZjgxYjU3NGEwYWEyMGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv07d3ceA75FmP/aKVbC9+QQjIrSy
30YsgrnlE1TcwBuHchov9WN35aSoghcrrH+TExDrlFp2kXEjSBLJdbakZmazEaa/
RMHMhUXme/mtG00BkfC8J3SKaylHeMBo6mR8b6mI+jXZtof04lPHAJpwSg58vUR/
7cUtx6Co9Sz6VIlqbW35PviB6ZgRjY0mH0vkb0J0sGOp0obT5aDMfSLjH4FD2IN+
1QPr0JfdQ76aIZjfz/pKg/CSAE9sfk+/bOeyuasjiAH8jnJdEpqxQDkv2/KR79db
Y/uK6se6+y33Zu5LakzPzz41F8H5rsHBFSbAR3ECDyCyIrTZwMKhk1CyeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDS5/jQA7nNMgMl9H/+BtXSgqiD/MB8GA1UdIwQY
MBaAFCHfJF6tmYDSs5UzeC9l11ZtBGLRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWQ4a1hxMlpnTkt6bFRONEwyWFhWbTBFWXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9kZjdkNmEtNDU5Mi00MDBiLWFkZTQt
MGVjNTIzNWQ0ZTlmLzEvTkxuLU5BRHVjMHlBeVgwZl80RzFkS0NxSVA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9kZjdkNmEtNDU5Mi00MDBiLWFkZTQtMGVjNTIzNWQ0ZTlm
LzEvSWQ4a1hxMlpnTkt6bFRONEwyWFhWbTBFWXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBT1YMA0G
CSqGSIb3DQEBCwUAA4IBAQAh3lUQrdwg2W+H/Sl9sWGZqxC2/qdkutZzqXsyctJv
0UoDc2TNkyoa6pq96YXw4PD7hWsaBtapJWXSxjcRazETkQUqwKIQ4+p6CyOReiKK
xJ1WgFECBm1R7kiA9BURF2668SzY75pmMjwRci77kJFI8XRfQ8Dm7K8WZkG3f3Fl
ZNw6CKvw0x5yXOTlsotS3OoPvqct6735bwWaI83ujbfR7rI83cPKl4mPijT9e/V1
dGeJWCI/Kf1urJWsxFUbXmuMX1RPykI/A2+VgMN++5YTNHCfCuHu25XlunNDKjgF
3u9OifA43rfRnAgC4gy/s91EODdiLmSYXlTHwFme1N2O
-----END CERTIFICATE-----