Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/NMmvspbSz_XwW2dzGwRqq7qvcmc.roa
File:                     NMmvspbSz_XwW2dzGwRqq7qvcmc.roa (raw, json)
Hash identifier:          s05EajvvXbwnQJsnmk5mSyf9Jmf5xLLa0C6Z0XLi8as=
Subject key identifier:   34:C9:AF:B2:96:D2:CF:F5:F0:5B:67:73:1B:04:6A:AB:BA:AF:72:67
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       019875F862B6C22059D1B1471F2F5E157F99
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/NMmvspbSz_XwW2dzGwRqq7qvcmc.roa
Signing time:             Mon 04 Aug 2025 16:44:29 +0000
ROA not before:           Mon 04 Aug 2025 16:44:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197450
IP address blocks:        91.92.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 20:46:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:75:f8:62:b6:c2:20:59:d1:b1:47:1f:2f:5e:15:7f:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: Aug  4 16:44:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34c9afb296d2cff5f05b67731b046aabbaaf7267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ce:f7:db:20:e6:20:e3:54:7c:6c:8b:7b:1f:
                    86:7a:be:01:81:ec:0a:ea:82:eb:be:6a:59:4f:43:
                    80:85:55:f6:91:14:e6:ca:af:01:67:75:4a:f4:a7:
                    b5:c4:17:82:cd:57:99:32:11:b1:68:9b:53:59:89:
                    3a:da:25:8f:c7:88:0a:aa:36:6f:ea:96:81:dd:4d:
                    cd:4c:b4:bc:8d:80:87:bb:c1:7d:cb:45:e1:41:2b:
                    8e:9e:6f:ed:e2:a4:b6:17:75:40:25:c7:b9:50:cc:
                    f9:65:3f:f0:da:62:d9:08:0f:42:6f:8b:bb:0a:a1:
                    ca:eb:78:57:fd:48:dd:1b:52:e7:cd:df:fa:4e:c7:
                    02:55:21:53:15:1c:c5:cb:44:e1:89:da:ac:52:87:
                    5d:50:46:23:e6:59:45:a3:70:5b:65:2e:4f:48:ec:
                    09:79:6f:36:69:3e:d2:fa:24:d3:7b:b5:7c:2e:1a:
                    94:9b:2a:da:de:68:72:46:24:a9:8e:3e:15:9a:b2:
                    8a:7f:fd:b3:81:0a:c3:d1:9b:d8:94:d4:18:53:29:
                    7b:a4:7d:d1:50:6d:e9:d1:1a:31:90:85:60:30:e5:
                    a2:cb:8f:60:0f:16:08:79:70:1b:91:df:cc:06:1a:
                    29:eb:71:a2:50:f6:7a:d1:78:c5:85:d3:38:c1:b4:
                    13:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:C9:AF:B2:96:D2:CF:F5:F0:5B:67:73:1B:04:6A:AB:BA:AF:72:67
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/NMmvspbSz_XwW2dzGwRqq7qvcmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:98:d8:05:a4:e2:1d:8e:7f:73:fb:30:78:a1:83:ce:a0:bc:
         f3:58:3f:27:32:3c:5f:84:c9:18:61:92:c5:72:cb:e6:f3:12:
         8b:da:de:04:a5:ba:0d:0f:23:45:db:9d:76:a6:6e:1f:db:19:
         51:bb:f6:6e:71:5a:96:08:ae:a7:2a:e2:97:59:e4:71:a8:0c:
         b2:ec:24:31:fd:e6:84:41:36:a9:77:95:49:f9:72:2e:54:c2:
         dc:2a:8f:fa:1a:33:73:7f:cc:25:88:f8:6d:10:9e:1b:ec:95:
         e2:a4:31:54:43:30:48:c7:87:c3:10:47:81:7e:1c:58:9f:5c:
         40:1a:6d:bd:72:a5:bc:b3:ae:96:e2:80:66:ce:73:4e:03:d5:
         e7:62:07:25:11:35:e9:92:a7:26:f2:24:3c:83:a3:16:d8:d7:
         b6:6f:3a:fc:1e:00:3d:54:32:a5:84:e0:46:95:ef:d4:03:b9:
         b8:8c:00:7a:f9:01:a8:81:f6:09:44:16:41:88:d6:d3:4b:47:
         eb:52:5b:f2:e9:43:31:04:d6:9f:35:cb:1c:fa:d6:c8:80:2c:
         bf:d5:af:3e:eb:e1:a3:39:f8:9c:10:73:4a:94:54:e3:a9:b0:
         8a:6f:25:14:1e:7b:ab:0d:72:f8:47:c3:c3:ae:8b:00:13:9d:
         2b:6d:34:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh1+GK2wiBZ0bFHHy9eFX+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjUwODA0MTY0NDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGM5YWZiMjk2ZDJjZmY1ZjA1YjY3NzMxYjA0NmFhYmJhYWY3MjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1M732yDmIONUfGyLex+Ger4BgewK
6oLrvmpZT0OAhVX2kRTmyq8BZ3VK9Ke1xBeCzVeZMhGxaJtTWYk62iWPx4gKqjZv
6paB3U3NTLS8jYCHu8F9y0XhQSuOnm/t4qS2F3VAJce5UMz5ZT/w2mLZCA9Cb4u7
CqHK63hX/UjdG1Lnzd/6TscCVSFTFRzFy0ThidqsUoddUEYj5llFo3BbZS5PSOwJ
eW82aT7S+iTTe7V8LhqUmyra3mhyRiSpjj4VmrKKf/2zgQrD0ZvYlNQYUyl7pH3R
UG3p0RoxkIVgMOWiy49gDxYIeXAbkd/MBhop63GiUPZ60XjFhdM4wbQTgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTJr7KW0s/18FtncxsEaqu6r3JnMB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvTk1tdnNwYlN6X1h3VzJkekd3UnFxN3F2Y21jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW1wpMA0G
CSqGSIb3DQEBCwUAA4IBAQBGmNgFpOIdjn9z+zB4oYPOoLzzWD8nMjxfhMkYYZLF
csvm8xKL2t4EpboNDyNF2512pm4f2xlRu/ZucVqWCK6nKuKXWeRxqAyy7CQx/eaE
QTapd5VJ+XIuVMLcKo/6GjNzf8wliPhtEJ4b7JXipDFUQzBIx4fDEEeBfhxYn1xA
Gm29cqW8s66W4oBmznNOA9XnYgclETXpkqcm8iQ8g6MW2Ne2bzr8HgA9VDKlhOBG
le/UA7m4jAB6+QGogfYJRBZBiNbTS0frUlvy6UMxBNafNcsc+tbIgCy/1a8+6+Gj
OficEHNKlFTjqbCKbyUUHnurDXL4R8PDrosAE50rbTRP
-----END CERTIFICATE-----