Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/NYFpdzDaXcX3V4z9F3MBsr4OXiM.roa
File:                     NYFpdzDaXcX3V4z9F3MBsr4OXiM.roa (raw, json)
Hash identifier:          KOP30jYXKpvAenVB/NmSqLSvQfOSbtUeKo+uckhdy4A=
Subject key identifier:   35:81:69:77:30:DA:5D:C5:F7:57:8C:FD:17:73:01:B2:BE:0E:5E:23
Certificate issuer:       /CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
Certificate serial:       019E787994DDD9071E7E1CC77166F3286D8E
Authority key identifier: B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/NYFpdzDaXcX3V4z9F3MBsr4OXiM.roa
Signing time:             Sat 30 May 2026 10:41:34 +0000
ROA not before:           Sat 30 May 2026 10:41:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24187
IP address blocks:        202.58.110.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:78:79:94:dd:d9:07:1e:7e:1c:c7:71:66:f3:28:6d:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
        Validity
            Not Before: May 30 10:41:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3581697730da5dc5f7578cfd177301b2be0e5e23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:aa:bb:df:31:5e:18:96:78:75:f4:ca:7d:58:
                    06:51:f8:af:9b:b8:da:f2:90:f0:ea:b2:10:60:57:
                    43:61:41:39:55:fe:3c:12:7b:2c:32:3a:42:31:7b:
                    4b:49:b8:b9:73:bd:fd:75:57:08:3d:f8:01:63:c3:
                    79:c3:6d:00:00:42:48:ad:c1:5c:fb:92:21:2e:b0:
                    f1:2a:34:9d:dd:e3:e2:9d:8d:56:1d:8e:5b:64:96:
                    3b:35:43:cc:b5:8b:a4:3d:d2:c8:fe:47:d9:ec:9c:
                    0b:c3:92:f0:05:ee:3b:6c:a5:05:3a:2c:70:e8:93:
                    4b:d7:c1:a6:de:df:98:6a:0f:7b:4a:b0:fd:db:a3:
                    2c:91:f0:48:ec:7d:7a:c1:e4:f6:54:80:8a:fe:7d:
                    85:88:99:81:13:57:fc:36:6d:79:f9:e5:5c:19:fb:
                    25:d0:50:1e:73:43:3e:e6:07:72:2f:24:58:c8:69:
                    d2:60:57:dd:c0:a1:96:10:60:49:d2:4f:91:78:a2:
                    15:44:1b:de:8f:83:d8:ec:50:ba:07:0b:ef:4b:82:
                    7c:90:6a:f8:47:79:9d:e7:16:d0:a9:86:3e:ac:22:
                    3a:4c:6f:c9:f7:f3:e6:5b:08:79:06:a5:1d:e0:dd:
                    0d:f7:4e:37:e8:17:d4:84:ea:9e:8f:cb:a3:ad:b3:
                    94:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:81:69:77:30:DA:5D:C5:F7:57:8C:FD:17:73:01:B2:BE:0E:5E:23
            X509v3 Authority Key Identifier:
                keyid:B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/NYFpdzDaXcX3V4z9F3MBsr4OXiM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.58.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:d3:e5:0a:9c:c4:bc:f5:d8:58:fb:b4:2c:ff:d3:7f:f5:7e:
         d1:33:e2:1d:e8:c1:10:54:e0:1f:19:6f:74:96:23:62:ea:e4:
         51:dd:71:30:6c:e0:b8:73:94:44:96:84:f4:3f:e8:40:e3:f3:
         45:f6:75:68:25:e3:75:59:79:29:73:ce:45:00:c8:4a:ec:77:
         f6:8b:41:6c:0a:d5:b0:b9:b4:ff:9b:c5:f9:0a:a1:3a:46:68:
         74:3a:63:59:a6:74:8e:4c:dc:5d:51:15:49:f7:5c:7c:f3:70:
         3c:3e:ed:4b:7a:2a:92:4e:a5:f8:44:28:22:46:f8:38:6d:1c:
         1e:f6:a8:8e:c2:66:14:33:2a:01:ad:32:3b:ce:3c:20:61:ac:
         6c:6a:8b:76:5a:70:bd:fb:c1:54:4b:e5:64:7a:14:2e:fd:1f:
         38:0d:0e:b5:df:91:b8:a5:7b:e7:d1:80:26:91:ef:c8:d9:6f:
         9e:86:6c:05:d5:3a:16:25:b3:ab:4f:e8:d5:3a:30:80:f3:61:
         bb:f4:66:b2:2d:4a:ed:d1:26:7f:4e:6b:0f:3c:25:9c:c2:36:
         a5:17:ea:13:18:aa:b7:a4:d1:da:89:22:7b:93:6e:16:d9:b9:
         de:09:9c:98:af:7b:b8:2a:38:35:b9:70:df:d4:49:8e:7f:91:
         ff:00:c1:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ54eZTd2QcefhzHcWbzKG2OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NTk5OTg5OWY3NmQyZTJlNGNjZGZjODE3Zjk4NzljZmFj
MDZiYmUwHhcNMjYwNTMwMTA0MTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTgxNjk3NzMwZGE1ZGM1Zjc1NzhjZmQxNzczMDFiMmJlMGU1ZTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqq73zFeGJZ4dfTKfVgGUfivm7ja
8pDw6rIQYFdDYUE5Vf48EnssMjpCMXtLSbi5c739dVcIPfgBY8N5w20AAEJIrcFc
+5IhLrDxKjSd3ePinY1WHY5bZJY7NUPMtYukPdLI/kfZ7JwLw5LwBe47bKUFOixw
6JNL18Gm3t+Yag97SrD926MskfBI7H16weT2VICK/n2FiJmBE1f8Nm15+eVcGfsl
0FAec0M+5gdyLyRYyGnSYFfdwKGWEGBJ0k+ReKIVRBvej4PY7FC6BwvvS4J8kGr4
R3md5xbQqYY+rCI6TG/J9/PmWwh5BqUd4N0N90436BfUhOqej8ujrbOUYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWBaXcw2l3F91eM/RdzAbK+Dl4jMB8GA1UdIwQY
MBaAFLRZmYmfdtLi5MzfyBf5h5z6wGu+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUt
NzM0MjhmOWM3YmZmLzEvTllGcGR6RGFYY1gzVjR6OUYzTUJzcjRPWGlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUtNzM0MjhmOWM3YmZm
LzEvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQByjpuMA0G
CSqGSIb3DQEBCwUAA4IBAQAc0+UKnMS89dhY+7Qs/9N/9X7RM+Id6MEQVOAfGW90
liNi6uRR3XEwbOC4c5REloT0P+hA4/NF9nVoJeN1WXkpc85FAMhK7Hf2i0FsCtWw
ubT/m8X5CqE6Rmh0OmNZpnSOTNxdURVJ91x883A8Pu1LeiqSTqX4RCgiRvg4bRwe
9qiOwmYUMyoBrTI7zjwgYaxsaot2WnC9+8FUS+VkehQu/R84DQ6135G4pXvn0YAm
ke/I2W+ehmwF1ToWJbOrT+jVOjCA82G79GayLUrt0SZ/TmsPPCWcwjalF+oTGKq3
pNHaiSJ7k24W2bneCZyYr3u4Kjg1uXDf1EmOf5H/AMFP
-----END CERTIFICATE-----