Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/NYN9WiXGNsG_8fWXEG6QoadN1p0.roa
File:                     NYN9WiXGNsG_8fWXEG6QoadN1p0.roa (raw, json)
Hash identifier:          83Uc8qCBBqNcIws7dgz2pUX5jtWGpKdkbMsqvj+i/wk=
Subject key identifier:   35:83:7D:5A:25:C6:36:C1:BF:F1:F5:97:10:6E:90:A1:A7:4D:D6:9D
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       01998A23C092DFEAD17D54042EB6780E06B7
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/NYN9WiXGNsG_8fWXEG6QoadN1p0.roa
Signing time:             Sat 27 Sep 2025 07:47:02 +0000
ROA not before:           Sat 27 Sep 2025 07:47:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212227
IP address blocks:        5.56.128.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:8a:23:c0:92:df:ea:d1:7d:54:04:2e:b6:78:0e:06:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Sep 27 07:47:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35837d5a25c636c1bff1f597106e90a1a74dd69d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f4:de:84:07:2b:cb:b0:79:b3:b4:4c:2c:57:
                    5f:06:be:0b:43:fc:ec:81:8f:1e:3c:8d:4d:ff:ae:
                    1f:1e:3c:62:13:01:24:0f:bc:49:17:92:c5:63:d4:
                    b8:74:16:3f:af:df:93:fe:69:3d:fd:9e:34:ea:c9:
                    0b:4a:67:5a:6f:71:57:e6:1c:42:26:95:84:6e:1a:
                    07:88:1e:52:6e:5b:b2:0e:87:f4:f9:9a:92:f5:c7:
                    eb:1e:2a:25:6f:a0:6c:e0:00:6f:b5:17:55:c9:32:
                    20:03:5d:3f:fa:2e:e8:ad:61:a1:d9:85:e8:ea:c1:
                    66:87:2c:1a:a8:24:7b:ec:fc:31:f1:69:2c:59:e4:
                    7c:8c:74:76:23:6d:f9:64:91:51:71:16:a6:94:4c:
                    06:2f:36:cc:81:9a:65:29:75:94:69:bf:0c:56:2e:
                    80:8c:43:5c:2a:62:81:fe:4c:16:06:78:5f:0e:3d:
                    ec:98:6f:7e:6f:54:3e:7f:36:32:25:6c:43:43:0c:
                    b8:83:de:65:8e:59:1f:6f:e8:36:95:df:c8:35:cd:
                    40:92:dd:91:91:0f:61:9e:4f:7d:fe:d6:fc:a0:30:
                    23:4c:09:f8:e5:02:78:a5:d5:bc:d6:4f:1c:c6:33:
                    f8:fb:af:15:8c:29:7e:22:b8:75:ab:fd:ad:83:9a:
                    45:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:83:7D:5A:25:C6:36:C1:BF:F1:F5:97:10:6E:90:A1:A7:4D:D6:9D
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/NYN9WiXGNsG_8fWXEG6QoadN1p0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:42:8e:a7:aa:2b:e4:b6:3c:42:d3:f3:9c:f7:e5:6a:df:51:
         92:7c:8d:8b:d7:de:a5:02:fe:f6:2f:77:17:38:7e:31:d6:fe:
         77:ef:ef:a5:2e:38:16:77:db:13:bf:e2:bb:7d:61:66:2f:e1:
         74:c0:d8:14:01:12:99:1e:b1:92:19:be:b9:d8:f5:56:cc:d6:
         83:08:2f:23:cf:17:d2:a0:c8:08:8c:7a:8d:86:6c:33:41:cd:
         dd:40:56:fd:6d:b1:ca:e2:c5:08:a7:38:65:fa:ad:ab:58:31:
         20:55:d0:a2:97:d9:6a:59:5b:08:e7:c9:42:e8:4e:c1:77:59:
         b0:11:41:27:37:be:3e:17:55:b1:cd:32:a0:93:5f:b1:e5:0d:
         2e:9b:22:d6:c3:a0:6e:14:91:2f:f6:36:3d:62:71:42:bd:c0:
         4f:95:c6:49:2f:ef:4f:69:50:47:09:21:32:32:e8:07:14:2e:
         17:9d:ca:18:38:e9:26:3f:fd:1f:50:75:18:96:cf:ba:a1:4b:
         b4:a5:b0:7c:03:c2:fc:c8:65:94:3c:bd:dc:d7:e3:59:a7:74:
         17:34:2e:84:75:86:69:69:e6:d0:9a:b9:b9:f3:de:24:55:39:
         8b:19:28:18:b1:9f:50:da:5e:94:d7:3a:aa:93:9b:ef:ef:1c:
         68:b0:1d:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmKI8CS3+rRfVQELrZ4Dga3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwOTI3MDc0NzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTgzN2Q1YTI1YzYzNmMxYmZmMWY1OTcxMDZlOTBhMWE3NGRkNjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/TehAcry7B5s7RMLFdfBr4LQ/zs
gY8ePI1N/64fHjxiEwEkD7xJF5LFY9S4dBY/r9+T/mk9/Z406skLSmdab3FX5hxC
JpWEbhoHiB5SbluyDof0+ZqS9cfrHiolb6Bs4ABvtRdVyTIgA10/+i7orWGh2YXo
6sFmhywaqCR77Pwx8WksWeR8jHR2I235ZJFRcRamlEwGLzbMgZplKXWUab8MVi6A
jENcKmKB/kwWBnhfDj3smG9+b1Q+fzYyJWxDQwy4g95ljlkfb+g2ld/INc1Akt2R
kQ9hnk99/tb8oDAjTAn45QJ4pdW81k8cxjP4+68VjCl+Irh1q/2tg5pFOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWDfVolxjbBv/H1lxBukKGnTdadMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvTllOOVdpWEdOc0dfOGZXWEVHNlFvYWROMXAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBTiAMA0G
CSqGSIb3DQEBCwUAA4IBAQCmQo6nqivktjxC0/Oc9+Vq31GSfI2L196lAv72L3cX
OH4x1v537++lLjgWd9sTv+K7fWFmL+F0wNgUARKZHrGSGb652PVWzNaDCC8jzxfS
oMgIjHqNhmwzQc3dQFb9bbHK4sUIpzhl+q2rWDEgVdCil9lqWVsI58lC6E7Bd1mw
EUEnN74+F1WxzTKgk1+x5Q0umyLWw6BuFJEv9jY9YnFCvcBPlcZJL+9PaVBHCSEy
MugHFC4XncoYOOkmP/0fUHUYls+6oUu0pbB8A8L8yGWUPL3c1+NZp3QXNC6EdYZp
aebQmrm5894kVTmLGSgYsZ9Q2l6U1zqqk5vv7xxosB1a
-----END CERTIFICATE-----