Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/3a6bb4-24b8-4086-a29d-ee6c509b6221/1/NymzbNZBsKNd-Q-QLvAahyZY8zY.roa
File:                     NymzbNZBsKNd-Q-QLvAahyZY8zY.roa (raw, json)
Hash identifier:          4tm9+O5MAP6uU3Q2HGQCNAKZry1kf/X+Xwuo3WltB+8=
Subject key identifier:   37:29:B3:6C:D6:41:B0:A3:5D:F9:0F:90:2E:F0:1A:87:26:58:F3:36
Certificate issuer:       /CN=9855b80c45dfb5ea7aaa7dd1d8ed8b14f9c1dc45
Certificate serial:       0196889A86949F405F1EA1EB3F6B93F9ABD7
Authority key identifier: 98:55:B8:0C:45:DF:B5:EA:7A:AA:7D:D1:D8:ED:8B:14:F9:C1:DC:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mFW4DEXftep6qn3R2O2LFPnB3EU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/3a6bb4-24b8-4086-a29d-ee6c509b6221/1/NymzbNZBsKNd-Q-QLvAahyZY8zY.roa
Signing time:             Wed 30 Apr 2025 21:29:10 +0000
ROA not before:           Wed 30 Apr 2025 21:29:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210979
IP address blocks:        91.231.47.0/24 maxlen: 24
                          2a14:df80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/3a6bb4-24b8-4086-a29d-ee6c509b6221/1/mFW4DEXftep6qn3R2O2LFPnB3EU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/3a6bb4-24b8-4086-a29d-ee6c509b6221/1/mFW4DEXftep6qn3R2O2LFPnB3EU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mFW4DEXftep6qn3R2O2LFPnB3EU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 06:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:88:9a:86:94:9f:40:5f:1e:a1:eb:3f:6b:93:f9:ab:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9855b80c45dfb5ea7aaa7dd1d8ed8b14f9c1dc45
        Validity
            Not Before: Apr 30 21:29:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3729b36cd641b0a35df90f902ef01a872658f336
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e9:9e:57:0c:23:24:26:cb:fc:b7:0a:bc:82:
                    d5:58:cb:61:cb:a4:63:da:40:a6:f4:c9:00:bf:a4:
                    e9:34:10:e1:99:f6:d6:9a:3d:29:20:26:41:e2:11:
                    5a:41:b3:bc:8c:b8:d5:7f:2e:4f:36:ff:39:31:04:
                    04:e7:c5:a6:88:a5:62:97:90:7b:c1:f9:8d:db:1a:
                    f2:7e:76:e8:f8:1f:d8:5b:96:71:89:4b:88:c1:b9:
                    7c:72:e4:f6:7f:95:5a:83:bf:66:1e:f0:80:19:8a:
                    ec:68:f2:65:c4:70:c4:45:55:16:4e:6e:28:0c:ae:
                    16:a1:e6:19:a8:ad:34:5f:a2:d5:bc:64:d6:aa:08:
                    ac:42:41:ed:be:64:f8:3c:16:12:b3:c5:cf:f3:b4:
                    c2:74:5d:65:8e:d0:71:d5:de:4a:6b:d7:71:c2:61:
                    71:3b:aa:b4:4f:ac:00:ce:cd:89:f4:cd:bf:d9:de:
                    48:13:5e:9e:ba:c7:e0:18:87:25:89:1e:c5:b7:82:
                    9b:bd:fb:5e:53:fd:9e:85:68:00:9c:db:55:72:07:
                    2a:3e:46:e4:a4:c6:45:66:60:10:96:0d:0b:fa:59:
                    99:cc:4b:3e:e0:15:3b:f1:25:84:75:17:2f:44:77:
                    90:83:c2:86:04:55:e1:d1:de:d1:6b:b7:97:c1:77:
                    a0:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:29:B3:6C:D6:41:B0:A3:5D:F9:0F:90:2E:F0:1A:87:26:58:F3:36
            X509v3 Authority Key Identifier:
                keyid:98:55:B8:0C:45:DF:B5:EA:7A:AA:7D:D1:D8:ED:8B:14:F9:C1:DC:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mFW4DEXftep6qn3R2O2LFPnB3EU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/3a6bb4-24b8-4086-a29d-ee6c509b6221/1/NymzbNZBsKNd-Q-QLvAahyZY8zY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/3a6bb4-24b8-4086-a29d-ee6c509b6221/1/mFW4DEXftep6qn3R2O2LFPnB3EU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.47.0/24
                IPv6:
                  2a14:df80::/29

    Signature Algorithm: sha256WithRSAEncryption
         1b:19:64:eb:bb:38:25:91:2b:58:13:2a:52:b6:5f:d8:1e:52:
         68:37:fd:1a:75:3e:6f:96:9a:83:e5:16:35:fc:cf:c2:0f:9e:
         a2:27:ca:62:68:fd:80:22:c8:1a:41:84:b2:88:69:dd:39:bd:
         b5:5b:28:82:df:5e:04:a6:8b:3d:a7:43:71:b2:4e:53:17:2f:
         26:90:5b:c4:4a:45:da:1f:a3:be:63:15:46:7d:83:8c:36:d1:
         b9:6e:d5:63:54:17:b9:1d:ca:d3:14:3d:21:e6:b7:7f:ef:7c:
         b4:f3:c7:a6:24:10:e2:df:d6:16:6e:6d:68:ad:f4:1f:99:f1:
         58:07:f2:61:bb:de:dc:35:29:1c:82:5f:04:72:04:b8:5b:5a:
         07:51:27:34:11:1a:d9:10:dd:ef:6d:0c:78:6c:70:10:29:b2:
         e5:75:6e:1c:c2:e0:1f:97:e6:b6:df:d3:a8:b2:c1:b6:ad:0e:
         33:48:d3:66:fb:a6:9d:27:ae:83:88:4f:36:41:52:b5:1d:af:
         30:d1:49:bf:1f:b0:da:d3:c5:f5:99:4a:ee:57:f2:65:a5:d3:
         df:d0:a7:f8:e2:14:61:3e:f6:d2:05:3b:cf:ff:42:6f:72:c5:
         d8:19:bb:2e:47:53:35:65:97:4b:63:0f:9c:ba:1c:40:5b:99:
         a6:d0:df:c9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZaImoaUn0BfHqHrP2uT+avXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NTViODBjNDVkZmI1ZWE3YWFhN2RkMWQ4ZWQ4YjE0Zjlj
MWRjNDUwHhcNMjUwNDMwMjEyOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzI5YjM2Y2Q2NDFiMGEzNWRmOTBmOTAyZWYwMWE4NzI2NThmMzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+meVwwjJCbL/LcKvILVWMthy6Rj
2kCm9MkAv6TpNBDhmfbWmj0pICZB4hFaQbO8jLjVfy5PNv85MQQE58WmiKVil5B7
wfmN2xryfnbo+B/YW5ZxiUuIwbl8cuT2f5Vag79mHvCAGYrsaPJlxHDERVUWTm4o
DK4WoeYZqK00X6LVvGTWqgisQkHtvmT4PBYSs8XP87TCdF1ljtBx1d5Ka9dxwmFx
O6q0T6wAzs2J9M2/2d5IE16eusfgGIcliR7Ft4KbvfteU/2ehWgAnNtVcgcqPkbk
pMZFZmAQlg0L+lmZzEs+4BU78SWEdRcvRHeQg8KGBFXh0d7Ra7eXwXegGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDcps2zWQbCjXfkPkC7wGocmWPM2MB8GA1UdIwQY
MBaAFJhVuAxF37Xqeqp90djtixT5wdxFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUZXNERFWGZ0ZXA2cW4zUjJPMkxGUG5CM0VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8zYTZiYjQtMjRiOC00MDg2LWEyOWQt
ZWU2YzUwOWI2MjIxLzEvTnltemJOWkJzS05kLVEtUUx2QWFoeVpZOHpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8zYTZiYjQtMjRiOC00MDg2LWEyOWQtZWU2YzUwOWI2MjIx
LzEvbUZXNERFWGZ0ZXA2cW4zUjJPMkxGUG5CM0VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW+cvMA0E
AgACMAcDBQMqFN+AMA0GCSqGSIb3DQEBCwUAA4IBAQAbGWTruzglkStYEypStl/Y
HlJoN/0adT5vlpqD5RY1/M/CD56iJ8piaP2AIsgaQYSyiGndOb21WyiC314Epos9
p0Nxsk5TFy8mkFvESkXaH6O+YxVGfYOMNtG5btVjVBe5HcrTFD0h5rd/73y088em
JBDi39YWbm1orfQfmfFYB/Jhu97cNSkcgl8EcgS4W1oHUSc0ERrZEN3vbQx4bHAQ
KbLldW4cwuAfl+a239OossG2rQ4zSNNm+6adJ66DiE82QVK1Ha8w0Um/H7Da08X1
mUruV/JlpdPf0Kf44hRhPvbSBTvP/0JvcsXYGbsuR1M1ZZdLYw+cuhxAW5mm0N/J
-----END CERTIFICATE-----