Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/nyht33nqIkg8w94ICwE9lV75wa0.roa
File:                     nyht33nqIkg8w94ICwE9lV75wa0.roa (raw, json)
Hash identifier:          No9kSI5cI4cD2qAKsOch5y4UJluFhprYyxXrXemvcq4=
Subject key identifier:   9F:28:6D:DF:79:EA:22:48:3C:C3:DE:08:0B:01:3D:95:5E:F9:C1:AD
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0195391BE0CA9201C9DBB36A19AEAA9D8061
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/nyht33nqIkg8w94ICwE9lV75wa0.roa
Signing time:             Mon 24 Feb 2025 17:58:03 +0000
ROA not before:           Mon 24 Feb 2025 17:58:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        146.19.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 06:27:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:39:1b:e0:ca:92:01:c9:db:b3:6a:19:ae:aa:9d:80:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Feb 24 17:58:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f286ddf79ea22483cc3de080b013d955ef9c1ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:04:c5:76:8f:17:4b:d1:53:12:19:c4:36:34:
                    b4:bd:28:e6:4f:67:77:3a:e0:7e:1e:3f:38:aa:20:
                    b8:b6:74:12:bc:66:0a:8a:ba:da:20:2e:d4:ad:e9:
                    e2:34:ec:54:e5:e6:36:83:6d:ca:dc:a8:8b:d3:fd:
                    96:28:40:90:34:02:19:c7:85:de:e2:93:0c:c1:29:
                    10:8e:76:04:bc:82:08:76:74:f9:29:9b:61:68:bc:
                    b6:1c:8d:a4:d8:e7:59:a7:54:25:fd:eb:c7:75:0e:
                    e3:ba:c7:99:c7:0e:13:f9:22:d1:96:cf:62:86:ee:
                    fe:30:5f:ee:33:c8:bb:bc:d5:f7:45:b8:b9:11:ad:
                    19:23:77:17:f6:fc:4f:4a:07:3b:ee:1e:a7:91:80:
                    31:fd:48:09:af:75:bb:3a:3c:c1:b3:b6:19:4f:5b:
                    35:40:27:00:db:87:d3:33:35:74:22:11:59:36:71:
                    79:83:e2:b1:2a:d2:c5:7c:23:6e:e8:d3:56:72:dd:
                    65:29:dc:5b:78:d4:e4:91:08:e9:df:c2:28:08:54:
                    00:91:e7:22:b2:ad:94:07:3d:1d:99:25:f6:6c:61:
                    de:09:ca:50:65:47:16:90:0d:72:da:15:d4:af:6a:
                    55:93:6a:7f:9f:a8:c2:71:52:67:c6:73:0d:bb:88:
                    7a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:28:6D:DF:79:EA:22:48:3C:C3:DE:08:0B:01:3D:95:5E:F9:C1:AD
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/nyht33nqIkg8w94ICwE9lV75wa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:d1:79:30:1c:0a:9c:f1:93:00:63:dc:c5:43:20:3d:61:d8:
         0e:51:13:8a:ac:c9:c7:d4:35:95:c1:ec:a7:a0:47:b2:b6:d3:
         1a:fa:51:9e:be:53:e3:a5:40:01:aa:99:7d:b9:9a:15:43:d4:
         e3:c2:40:a1:80:b3:3c:20:9a:e9:ce:7d:ac:67:9d:7f:07:d1:
         34:03:3a:b1:b5:74:c7:bd:e7:d2:b1:7f:20:fb:c6:68:73:33:
         a7:9e:06:a7:e7:cc:fa:3f:33:94:26:98:75:19:e3:f3:2b:4d:
         ee:5d:5d:48:70:8e:d4:6f:1b:de:c1:ce:0d:61:47:2c:d1:42:
         e9:c6:8b:99:32:6c:0b:22:01:0d:d5:71:1f:e1:89:da:fc:24:
         77:ad:38:66:37:99:c9:65:8c:a3:7e:f8:4c:ae:f5:c6:b3:49:
         bf:5f:11:62:4c:39:f7:8d:a2:ed:5f:81:5f:43:cc:99:69:3b:
         0d:f5:ca:a4:32:1b:6b:d6:cb:4a:e6:8a:aa:83:24:1e:99:75:
         2a:f1:a2:c6:b7:67:c7:42:07:92:be:10:99:cf:07:f7:59:f3:
         dd:09:48:80:24:f5:5d:c4:ce:ed:42:80:ed:f4:86:32:84:61:
         e4:99:da:86:ee:7b:9b:c8:eb:22:9f:9f:58:2c:77:02:2b:fb:
         d5:1a:34:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZU5G+DKkgHJ27NqGa6qnYBhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMjI0MTc1ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjI4NmRkZjc5ZWEyMjQ4M2NjM2RlMDgwYjAxM2Q5NTVlZjljMWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgTFdo8XS9FTEhnENjS0vSjmT2d3
OuB+Hj84qiC4tnQSvGYKirraIC7UreniNOxU5eY2g23K3KiL0/2WKECQNAIZx4Xe
4pMMwSkQjnYEvIIIdnT5KZthaLy2HI2k2OdZp1Ql/evHdQ7juseZxw4T+SLRls9i
hu7+MF/uM8i7vNX3Rbi5Ea0ZI3cX9vxPSgc77h6nkYAx/UgJr3W7OjzBs7YZT1s1
QCcA24fTMzV0IhFZNnF5g+KxKtLFfCNu6NNWct1lKdxbeNTkkQjp38IoCFQAkeci
sq2UBz0dmSX2bGHeCcpQZUcWkA1y2hXUr2pVk2p/n6jCcVJnxnMNu4h6SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8obd956iJIPMPeCAsBPZVe+cGtMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvbnlodDMzbnFJa2c4dzk0SUN3RTlsVjc1d2EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhMVMA0G
CSqGSIb3DQEBCwUAA4IBAQBt0XkwHAqc8ZMAY9zFQyA9YdgOUROKrMnH1DWVweyn
oEeyttMa+lGevlPjpUABqpl9uZoVQ9TjwkChgLM8IJrpzn2sZ51/B9E0AzqxtXTH
vefSsX8g+8ZoczOnngan58z6PzOUJph1GePzK03uXV1IcI7Ubxvewc4NYUcs0ULp
xouZMmwLIgEN1XEf4Yna/CR3rThmN5nJZYyjfvhMrvXGs0m/XxFiTDn3jaLtX4Ff
Q8yZaTsN9cqkMhtr1stK5oqqgyQemXUq8aLGt2fHQgeSvhCZzwf3WfPdCUiAJPVd
xM7tQoDt9IYyhGHkmdqG7nubyOsin59YLHcCK/vVGjT9
-----END CERTIFICATE-----