Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NY1tQASTJS9rOesvN4wKOYDOKNc.roa
File:                     NY1tQASTJS9rOesvN4wKOYDOKNc.roa (raw, json)
Hash identifier:          PUXV097OSCqjKf1ak1aZ7mwLcFuterxtztja5bls3A4=
Subject key identifier:   35:8D:6D:40:04:93:25:2F:6B:39:EB:2F:37:8C:0A:39:80:CE:28:D7
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01997C963937CDF9EBEBA50F82AF0B626FC5
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NY1tQASTJS9rOesvN4wKOYDOKNc.roa
Signing time:             Wed 24 Sep 2025 16:37:23 +0000
ROA not before:           Wed 24 Sep 2025 16:37:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133153
IP address blocks:        193.254.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7c:96:39:37:cd:f9:eb:eb:a5:0f:82:af:0b:62:6f:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Sep 24 16:37:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=358d6d400493252f6b39eb2f378c0a3980ce28d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4a:4d:70:b0:c7:e9:23:51:7d:68:e6:ae:65:
                    6f:6f:86:be:47:bb:df:f5:f9:87:8b:06:9d:1e:e7:
                    33:81:76:44:e6:90:aa:9f:12:36:f0:49:f4:37:f3:
                    4c:86:19:46:e1:30:9c:49:6e:ba:84:50:27:a2:79:
                    64:c8:1a:81:01:a5:e0:97:9d:d2:7a:ec:35:ce:f7:
                    e8:af:fe:67:d5:b4:77:cc:41:b0:cd:6c:46:cc:f1:
                    31:9d:da:8d:b7:40:f0:95:b4:7f:d5:8c:91:db:92:
                    5f:37:87:2d:76:9f:a7:43:4f:c9:58:fc:e3:f4:2b:
                    65:4a:0b:85:30:dc:18:a7:d1:ed:70:5f:87:0e:3e:
                    49:47:8e:42:45:b2:be:b0:53:cd:8b:2f:25:89:6f:
                    fa:8f:0f:45:d7:25:4b:2d:4d:a5:63:af:03:a2:56:
                    a1:92:e3:10:07:80:04:f2:1f:cd:ae:6b:f1:43:7e:
                    e9:44:4a:b7:19:66:53:e4:61:71:83:20:0c:5b:5b:
                    d1:a4:7c:a4:49:24:57:b8:13:55:09:94:59:90:db:
                    e8:70:21:10:49:d8:9d:b2:0f:f7:bc:96:22:82:3c:
                    d2:9a:ad:ca:34:c1:87:cb:0a:43:6a:66:49:8a:7d:
                    9b:96:cc:c5:02:8f:07:fa:26:82:26:86:9b:7a:2d:
                    35:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:8D:6D:40:04:93:25:2F:6B:39:EB:2F:37:8C:0A:39:80:CE:28:D7
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NY1tQASTJS9rOesvN4wKOYDOKNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.254.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:39:85:e4:2e:a8:36:5c:b6:f6:78:ec:43:af:4e:b0:b2:e3:
         d0:11:b2:4f:24:b8:b6:73:8c:71:64:e2:23:2c:91:66:8e:a2:
         43:bb:3c:fb:77:19:cc:7a:01:b9:6a:b9:b9:37:38:c6:62:07:
         7c:2e:df:41:b8:d4:ad:5a:87:e5:aa:02:9c:25:75:8c:39:1e:
         15:8c:4d:86:28:b8:61:53:41:08:90:f4:96:96:a8:e5:fd:59:
         99:8e:a7:e8:df:ee:ba:d3:ef:dd:61:2f:ac:ac:81:d4:7b:79:
         d1:b8:7b:f7:1b:4f:e7:61:01:36:79:c9:c2:5f:fb:2e:7f:d8:
         82:cb:84:f3:8e:cc:f5:d9:27:95:f8:19:cb:36:2d:9f:37:53:
         81:d3:ff:1d:13:36:7f:1c:2c:8b:0f:43:44:df:3d:83:f2:eb:
         68:80:f3:dd:c8:36:27:62:90:f5:34:64:42:71:6b:29:2b:16:
         89:56:b3:71:5e:a3:1c:c2:4d:91:e6:ae:10:7b:67:a2:b7:8b:
         ba:88:70:ca:0c:74:ac:f1:19:cb:3a:35:b3:d3:a6:87:c1:0a:
         12:3b:a4:d7:8f:7c:45:7c:11:0a:fc:3e:9b:67:a9:70:c4:d9:
         64:b8:30:a5:b0:f1:90:7e:e6:d6:03:46:de:56:6d:c5:63:47:
         a3:69:90:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl8ljk3zfnr66UPgq8LYm/FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwOTI0MTYzNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNThkNmQ0MDA0OTMyNTJmNmIzOWViMmYzNzhjMGEzOTgwY2UyOGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0pNcLDH6SNRfWjmrmVvb4a+R7vf
9fmHiwadHuczgXZE5pCqnxI28En0N/NMhhlG4TCcSW66hFAnonlkyBqBAaXgl53S
euw1zvfor/5n1bR3zEGwzWxGzPExndqNt0DwlbR/1YyR25JfN4ctdp+nQ0/JWPzj
9CtlSguFMNwYp9HtcF+HDj5JR45CRbK+sFPNiy8liW/6jw9F1yVLLU2lY68Dolah
kuMQB4AE8h/NrmvxQ37pREq3GWZT5GFxgyAMW1vRpHykSSRXuBNVCZRZkNvocCEQ
Sdidsg/3vJYigjzSmq3KNMGHywpDamZJin2blszFAo8H+iaCJoabei01+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWNbUAEkyUvaznrLzeMCjmAzijXMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvTlkxdFFBU1RKUzlyT2Vzdk40d0tPWURPS05jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwf70MA0G
CSqGSIb3DQEBCwUAA4IBAQBUOYXkLqg2XLb2eOxDr06wsuPQEbJPJLi2c4xxZOIj
LJFmjqJDuzz7dxnMegG5arm5NzjGYgd8Lt9BuNStWoflqgKcJXWMOR4VjE2GKLhh
U0EIkPSWlqjl/VmZjqfo3+660+/dYS+srIHUe3nRuHv3G0/nYQE2ecnCX/suf9iC
y4Tzjsz12SeV+BnLNi2fN1OB0/8dEzZ/HCyLD0NE3z2D8utogPPdyDYnYpD1NGRC
cWspKxaJVrNxXqMcwk2R5q4Qe2eit4u6iHDKDHSs8RnLOjWz06aHwQoSO6TXj3xF
fBEK/D6bZ6lwxNlkuDClsPGQfubWA0beVm3FY0ejaZCi
-----END CERTIFICATE-----