Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/nyGwWtmUUenCuiNvi2rme3JvAnM.roa
File:                     nyGwWtmUUenCuiNvi2rme3JvAnM.roa (raw, json)
Hash identifier:          mv2iRNCUpphbjEmFj2ZluXSrRNCmkDp7k1nJS6ve48g=
Subject key identifier:   9F:21:B0:5A:D9:94:51:E9:C2:BA:23:6F:8B:6A:E6:7B:72:6F:02:73
Certificate issuer:       /CN=34fe6b9d0cc1e7f6e16b2a46b42ca5e01c700346
Certificate serial:       0195CCB81108A852CC2140CAE16DB07ADC8C
Authority key identifier: 34:FE:6B:9D:0C:C1:E7:F6:E1:6B:2A:46:B4:2C:A5:E0:1C:70:03:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NP5rnQzB5_bhaypGtCyl4BxwA0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/nyGwWtmUUenCuiNvi2rme3JvAnM.roa
Signing time:             Tue 25 Mar 2025 09:52:49 +0000
ROA not before:           Tue 25 Mar 2025 09:52:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        185.156.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/NP5rnQzB5_bhaypGtCyl4BxwA0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/NP5rnQzB5_bhaypGtCyl4BxwA0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NP5rnQzB5_bhaypGtCyl4BxwA0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:cc:b8:11:08:a8:52:cc:21:40:ca:e1:6d:b0:7a:dc:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34fe6b9d0cc1e7f6e16b2a46b42ca5e01c700346
        Validity
            Not Before: Mar 25 09:52:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f21b05ad99451e9c2ba236f8b6ae67b726f0273
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:16:3e:9c:40:0b:c0:5a:4b:dc:c6:db:5e:23:
                    39:00:2c:88:98:bf:f4:a2:f9:e0:f4:41:02:e3:f7:
                    43:da:7f:14:cf:72:67:cf:b3:df:08:51:47:82:b2:
                    4b:87:56:97:9b:ef:2d:08:db:3d:6d:5f:61:5d:32:
                    46:c4:a3:a9:8b:9a:d1:a2:98:31:98:9c:2a:19:4d:
                    11:bd:de:a5:d7:23:2f:37:9f:50:06:94:cb:29:00:
                    6f:1b:cb:51:42:c5:42:ba:d1:1c:9e:3f:d5:2d:72:
                    ac:bc:66:71:b6:2c:fd:52:02:ba:cc:74:32:01:98:
                    88:86:a1:ee:1d:29:38:42:86:bd:66:76:31:68:73:
                    9f:d1:ce:84:38:8c:e2:01:b0:e8:ec:73:6e:fe:0b:
                    ae:f2:99:ba:a9:b8:2e:ad:0e:e0:32:18:df:46:da:
                    1f:8e:86:f8:c1:aa:d4:43:37:6a:84:5e:28:c4:f5:
                    00:72:3a:da:58:f7:3f:e0:de:1a:8a:9b:31:08:22:
                    0f:0a:6d:e1:a2:3d:f2:82:04:5a:17:4f:8e:f3:d1:
                    ce:8d:03:3a:ff:b7:4b:a4:32:27:06:65:80:29:cc:
                    99:bd:ca:fb:54:d2:8e:b4:3b:f9:77:81:01:f2:58:
                    3d:23:52:91:9a:38:37:3d:be:ee:37:09:9e:24:5b:
                    9e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:21:B0:5A:D9:94:51:E9:C2:BA:23:6F:8B:6A:E6:7B:72:6F:02:73
            X509v3 Authority Key Identifier:
                keyid:34:FE:6B:9D:0C:C1:E7:F6:E1:6B:2A:46:B4:2C:A5:E0:1C:70:03:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NP5rnQzB5_bhaypGtCyl4BxwA0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/nyGwWtmUUenCuiNvi2rme3JvAnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/NP5rnQzB5_bhaypGtCyl4BxwA0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:66:5a:2d:d0:c0:e0:25:3d:e7:98:a4:f7:93:e6:13:54:41:
         b8:5f:78:56:87:6d:95:49:eb:27:fc:80:b8:47:64:cb:c0:ad:
         c0:c3:95:b0:c5:6a:05:b9:cf:81:65:5d:80:8b:e6:ed:32:e2:
         39:2f:fd:e5:9e:30:43:1e:4f:1f:04:89:22:76:94:9e:12:40:
         1d:4c:26:be:eb:f7:a9:8a:9d:5e:5d:40:38:57:19:36:af:0e:
         b1:ba:2c:6f:1d:81:0b:59:a2:a1:e6:c3:6a:63:17:fb:18:36:
         27:da:4a:23:f1:4f:9a:5f:aa:cc:2e:4f:b4:fa:61:e6:31:01:
         18:a1:fc:68:3e:ea:c0:d9:2e:65:18:02:69:08:d7:82:66:7a:
         28:8a:18:03:75:46:aa:8e:73:a9:7c:a3:ad:bd:4f:1a:84:f4:
         f3:b7:c1:54:26:70:7e:a2:88:4d:2c:e5:cb:8f:6c:0d:70:49:
         e6:45:9c:d1:99:0f:94:86:4e:fa:73:11:54:71:9d:48:79:8c:
         58:03:d8:2a:09:34:a9:35:db:b6:ca:d5:39:1e:53:5d:b4:71:
         48:99:9b:a0:0a:15:83:bc:63:5e:37:64:97:8f:d8:72:22:a1:
         53:fa:20:d6:e7:46:87:2f:5c:ae:11:d0:ab:89:3b:47:7f:65:
         a9:98:ae:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXMuBEIqFLMIUDK4W2wetyMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZmU2YjlkMGNjMWU3ZjZlMTZiMmE0NmI0MmNhNWUwMWM3
MDAzNDYwHhcNMjUwMzI1MDk1MjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjIxYjA1YWQ5OTQ1MWU5YzJiYTIzNmY4YjZhZTY3YjcyNmYwMjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRY+nEALwFpL3MbbXiM5ACyImL/0
ovng9EEC4/dD2n8Uz3Jnz7PfCFFHgrJLh1aXm+8tCNs9bV9hXTJGxKOpi5rRopgx
mJwqGU0Rvd6l1yMvN59QBpTLKQBvG8tRQsVCutEcnj/VLXKsvGZxtiz9UgK6zHQy
AZiIhqHuHSk4Qoa9ZnYxaHOf0c6EOIziAbDo7HNu/guu8pm6qbgurQ7gMhjfRtof
job4warUQzdqhF4oxPUAcjraWPc/4N4aipsxCCIPCm3hoj3yggRaF0+O89HOjQM6
/7dLpDInBmWAKcyZvcr7VNKOtDv5d4EB8lg9I1KRmjg3Pb7uNwmeJFueFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8hsFrZlFHpwrojb4tq5ntybwJzMB8GA1UdIwQY
MBaAFDT+a50Mwef24WsqRrQspeAccANGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlA1cm5RekI1X2JoYXlwR3RDeWw0Qnh3QTBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC82MmRmMzYtZmQzNi00YmFmLTlkMmUt
MTE4YWZlZDdhNWFlLzEvbnlHd1d0bVVVZW5DdWlOdmkycm1lM0p2QW5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC82MmRmMzYtZmQzNi00YmFmLTlkMmUtMTE4YWZlZDdhNWFl
LzEvTlA1cm5RekI1X2JoYXlwR3RDeWw0Qnh3QTBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZwTMA0G
CSqGSIb3DQEBCwUAA4IBAQAHZlot0MDgJT3nmKT3k+YTVEG4X3hWh22VSesn/IC4
R2TLwK3Aw5WwxWoFuc+BZV2Ai+btMuI5L/3lnjBDHk8fBIkidpSeEkAdTCa+6/ep
ip1eXUA4Vxk2rw6xuixvHYELWaKh5sNqYxf7GDYn2koj8U+aX6rMLk+0+mHmMQEY
ofxoPurA2S5lGAJpCNeCZnooihgDdUaqjnOpfKOtvU8ahPTzt8FUJnB+oohNLOXL
j2wNcEnmRZzRmQ+Uhk76cxFUcZ1IeYxYA9gqCTSpNdu2ytU5HlNdtHFImZugChWD
vGNeN2SXj9hyIqFT+iDW50aHL1yuEdCriTtHf2WpmK6j
-----END CERTIFICATE-----