Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/ny1SJaDwXMip-7kEf8qOMDpabyM.roa
File:                     ny1SJaDwXMip-7kEf8qOMDpabyM.roa (raw, json)
Hash identifier:          i7j/CKvtx5/xZvhasj314x6mjQTJkkuGh2XNa/og1Fk=
Subject key identifier:   9F:2D:52:25:A0:F0:5C:C8:A9:FB:B9:04:7F:CA:8E:30:3A:5A:6F:23
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       0196D34E102F678D8E131901142D7B9D8ED9
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/ny1SJaDwXMip-7kEf8qOMDpabyM.roa
Signing time:             Thu 15 May 2025 09:37:10 +0000
ROA not before:           Thu 15 May 2025 09:37:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48990
IP address blocks:        185.235.100.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 05:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d3:4e:10:2f:67:8d:8e:13:19:01:14:2d:7b:9d:8e:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: May 15 09:37:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f2d5225a0f05cc8a9fbb9047fca8e303a5a6f23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:22:d7:6e:ed:10:84:3d:09:ce:ec:00:9d:c5:
                    dc:c0:48:24:c7:1c:6d:b3:04:f3:42:65:d7:be:e4:
                    73:a9:a3:92:8c:49:c1:84:63:94:cc:0c:68:1b:a9:
                    a6:72:cc:7d:2a:fd:dd:12:d3:87:0d:4b:f9:25:e2:
                    16:60:73:2d:8b:53:e0:23:8e:41:39:62:9d:42:ca:
                    e7:92:0f:53:a5:15:13:db:26:66:93:1f:07:1f:72:
                    7c:20:bb:5c:52:d8:5d:06:a8:9f:55:9c:0a:14:2e:
                    52:5b:75:f6:29:17:f9:fd:3f:9a:a8:b1:52:e2:c1:
                    28:39:31:3a:42:f3:1b:df:e8:0b:8b:d4:0f:90:8e:
                    bd:b0:da:22:70:77:62:3c:73:ba:4b:53:e0:08:f3:
                    96:48:ed:fa:f7:ef:47:4d:07:0e:a6:14:16:92:49:
                    9a:35:2b:3e:aa:ee:63:dd:22:82:5f:18:5a:ed:e1:
                    e5:31:c5:57:f9:6f:db:40:b6:3e:79:05:7c:eb:fc:
                    d0:c6:da:5d:d9:83:77:ed:ab:21:23:2c:24:90:ed:
                    5a:1d:a9:34:37:19:f0:0b:f5:41:28:16:21:b6:33:
                    1b:90:fe:c9:25:e9:54:d6:e3:05:b4:cd:59:ea:40:
                    9c:3e:54:16:7d:b5:b7:94:71:ff:c2:c9:0b:fd:90:
                    ff:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:2D:52:25:A0:F0:5C:C8:A9:FB:B9:04:7F:CA:8E:30:3A:5A:6F:23
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/ny1SJaDwXMip-7kEf8qOMDpabyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:a3:2b:87:0d:5c:60:8b:1b:f8:32:af:6a:30:f1:d9:6e:43:
         fb:df:32:56:82:59:70:95:45:54:89:93:72:97:c7:98:9d:39:
         73:96:9a:3e:52:b5:c1:18:91:22:6a:a1:16:e5:9a:98:25:0b:
         95:c6:04:c4:3f:48:56:d4:b7:82:a3:49:5b:ca:ce:51:01:f6:
         44:57:05:25:cb:19:65:90:3b:ea:b8:96:0f:67:0a:0f:7d:20:
         90:e6:62:fd:46:43:66:df:93:01:9e:cf:e2:ee:86:d1:b9:2a:
         4a:8c:9f:c2:2c:e2:18:ff:4d:da:be:fc:b1:91:86:d4:ff:14:
         33:1f:06:02:ad:ef:11:61:df:5a:34:cd:b9:43:ce:9f:3a:8c:
         bf:56:36:d0:53:35:28:b4:63:84:cc:0a:a4:4d:f4:2e:3e:21:
         95:da:76:d9:f9:d8:47:36:f0:6b:bb:8f:05:65:27:cb:d1:1d:
         04:67:cc:a7:af:54:c6:c0:c9:23:ed:4f:c4:bd:25:c9:b7:8e:
         28:7b:92:ca:34:c7:5b:f6:c4:bc:6a:d0:dd:a3:04:10:67:9d:
         b3:d4:3e:55:af:79:72:89:3d:be:1e:2b:3c:a9:5d:d7:40:15:
         6d:7f:44:96:0b:13:f3:76:56:c3:a1:a8:24:51:a1:e8:45:05:
         f5:86:2c:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbTThAvZ42OExkBFC17nY7ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwNTE1MDkzNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjJkNTIyNWEwZjA1Y2M4YTlmYmI5MDQ3ZmNhOGUzMDNhNWE2ZjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCLXbu0QhD0JzuwAncXcwEgkxxxt
swTzQmXXvuRzqaOSjEnBhGOUzAxoG6mmcsx9Kv3dEtOHDUv5JeIWYHMti1PgI45B
OWKdQsrnkg9TpRUT2yZmkx8HH3J8ILtcUthdBqifVZwKFC5SW3X2KRf5/T+aqLFS
4sEoOTE6QvMb3+gLi9QPkI69sNoicHdiPHO6S1PgCPOWSO369+9HTQcOphQWkkma
NSs+qu5j3SKCXxha7eHlMcVX+W/bQLY+eQV86/zQxtpd2YN37ashIywkkO1aHak0
NxnwC/VBKBYhtjMbkP7JJelU1uMFtM1Z6kCcPlQWfbW3lHH/wskL/ZD/iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8tUiWg8FzIqfu5BH/KjjA6Wm8jMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvbnkxU0phRHdYTWlwLTdrRWY4cU9NRHBhYnlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuetkMA0G
CSqGSIb3DQEBCwUAA4IBAQCWoyuHDVxgixv4Mq9qMPHZbkP73zJWgllwlUVUiZNy
l8eYnTlzlpo+UrXBGJEiaqEW5ZqYJQuVxgTEP0hW1LeCo0lbys5RAfZEVwUlyxll
kDvquJYPZwoPfSCQ5mL9RkNm35MBns/i7obRuSpKjJ/CLOIY/03avvyxkYbU/xQz
HwYCre8RYd9aNM25Q86fOoy/VjbQUzUotGOEzAqkTfQuPiGV2nbZ+dhHNvBru48F
ZSfL0R0EZ8ynr1TGwMkj7U/EvSXJt44oe5LKNMdb9sS8atDdowQQZ52z1D5Vr3ly
iT2+His8qV3XQBVtf0SWCxPzdlbDoagkUaHoRQX1hixi
-----END CERTIFICATE-----