Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/_BntLA1ByxKmEH1meyX9Ac_ENgo.roa
File:                     _BntLA1ByxKmEH1meyX9Ac_ENgo.roa (raw, json)
Hash identifier:          TUPv5gmhwM2daPbnbN57P3T8IlhR7ks/v0VAHtkzI+0=
Subject key identifier:   FC:19:ED:2C:0D:41:CB:12:A6:10:7D:66:7B:25:FD:01:CF:C4:36:0A
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B9480052EC81797B305A7BC254B698
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/_BntLA1ByxKmEH1meyX9Ac_ENgo.roa
Signing time:             Mon 01 Jan 2024 20:31:20 +0000
ROA not before:           Mon 01 Jan 2024 20:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29691
IP address blocks:        37.235.50.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:48:00:52:ec:81:79:7b:30:5a:7b:c2:54:b6:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc19ed2c0d41cb12a6107d667b25fd01cfc4360a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:cf:c5:cf:d2:97:ff:ed:38:8e:bb:e9:43:14:
                    df:8a:43:17:8c:12:ef:3c:23:99:8b:0c:08:00:31:
                    18:19:64:62:16:1b:92:1e:b8:46:5d:1a:02:45:94:
                    4d:ff:82:70:0f:c4:2f:81:33:01:3b:ac:11:6b:60:
                    bb:56:f4:86:95:9e:a1:88:41:28:8a:d6:79:64:82:
                    a7:c9:fc:6d:94:f8:8d:9d:e7:4f:ad:72:6e:ee:73:
                    76:b2:13:30:e1:31:35:61:f2:2c:11:5a:77:f2:14:
                    4c:b6:1a:8b:a8:62:a3:bc:26:ea:62:c6:b3:6b:e1:
                    26:c3:7e:12:76:c9:cb:a7:5b:57:30:1d:41:64:f5:
                    fe:e4:9e:d1:3d:1c:5d:da:3f:0d:c8:48:1b:8d:a2:
                    07:dc:92:c1:d9:a2:3e:a4:af:68:09:4c:24:44:f2:
                    96:c7:54:ff:f5:7f:2c:d0:18:ff:d7:5c:33:c5:f9:
                    46:bf:c1:90:2f:52:5f:59:db:46:ab:5b:5b:48:d1:
                    e2:c4:47:57:c4:d8:ac:fe:80:c3:fd:da:b4:f8:82:
                    f5:34:50:22:19:b1:6d:0c:8b:d5:69:49:27:d2:24:
                    e5:dc:da:cb:c9:60:83:9c:ad:06:e1:51:4d:e9:d5:
                    70:c7:5b:a3:d2:c3:eb:a7:e2:b7:83:5d:0f:13:10:
                    3e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:19:ED:2C:0D:41:CB:12:A6:10:7D:66:7B:25:FD:01:CF:C4:36:0A
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/_BntLA1ByxKmEH1meyX9Ac_ENgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.235.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:f2:e6:d4:5b:f1:de:aa:f9:1a:e3:87:a2:00:ab:48:9b:f6:
         6f:e2:f3:c2:77:0e:c3:87:48:f3:b2:4a:4b:d5:38:a3:a3:e3:
         5d:11:6e:e9:50:f4:47:f6:b0:03:1e:08:b5:2a:e4:cd:4c:f6:
         97:0b:46:82:b2:46:c7:f3:c1:41:4f:4a:97:29:a2:a0:41:ca:
         19:8b:28:21:27:7d:0d:c6:33:8d:59:4c:9f:b1:48:b6:03:07:
         7a:cc:28:55:40:6e:65:77:ce:0c:f9:f4:e4:97:04:27:54:32:
         6d:3a:14:70:1b:83:a9:51:1e:3d:3b:da:99:df:60:92:10:d3:
         9e:14:af:93:86:ab:4d:c5:70:ac:c0:dd:07:a9:35:ec:20:a4:
         f4:54:5a:df:20:ec:b7:96:e7:c8:e3:c6:eb:e1:d5:2b:2b:34:
         15:e9:e2:0a:44:57:1d:5e:2f:63:33:32:0b:9f:25:e5:52:9c:
         a0:dd:f5:b0:f4:b2:c0:8b:f0:5e:87:4a:8e:f2:fb:a1:0e:7d:
         fa:a0:0e:33:1d:91:f9:3b:1a:0e:e8:1f:81:33:a8:7b:85:a4:
         8f:82:8b:51:45:7c:c4:85:e1:95:c3:ea:c2:b1:c6:8e:6a:19:
         e4:0f:3f:bb:ff:38:22:05:e1:ca:a1:8a:0a:f8:3a:72:c7:f4:
         fb:74:cd:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuUgAUuyBeXswWnvCVLaYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzE5ZWQyYzBkNDFjYjEyYTYxMDdkNjY3YjI1ZmQwMWNmYzQzNjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAks/Fz9KX/+04jrvpQxTfikMXjBLv
PCOZiwwIADEYGWRiFhuSHrhGXRoCRZRN/4JwD8QvgTMBO6wRa2C7VvSGlZ6hiEEo
itZ5ZIKnyfxtlPiNnedPrXJu7nN2shMw4TE1YfIsEVp38hRMthqLqGKjvCbqYsaz
a+Emw34SdsnLp1tXMB1BZPX+5J7RPRxd2j8NyEgbjaIH3JLB2aI+pK9oCUwkRPKW
x1T/9X8s0Bj/11wzxflGv8GQL1JfWdtGq1tbSNHixEdXxNis/oDD/dq0+IL1NFAi
GbFtDIvVaUkn0iTl3NrLyWCDnK0G4VFN6dVwx1uj0sPrp+K3g10PExA+iQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwZ7SwNQcsSphB9Znsl/QHPxDYKMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvX0JudExBMUJ5eEttRUgxbWV5WDlBY19FTmdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJesyMA0G
CSqGSIb3DQEBCwUAA4IBAQBw8ubUW/Heqvka44eiAKtIm/Zv4vPCdw7Dh0jzskpL
1Tijo+NdEW7pUPRH9rADHgi1KuTNTPaXC0aCskbH88FBT0qXKaKgQcoZiyghJ30N
xjONWUyfsUi2Awd6zChVQG5ld84M+fTklwQnVDJtOhRwG4OpUR49O9qZ32CSENOe
FK+ThqtNxXCswN0HqTXsIKT0VFrfIOy3lufI48br4dUrKzQV6eIKRFcdXi9jMzIL
nyXlUpyg3fWw9LLAi/Beh0qO8vuhDn36oA4zHZH5OxoO6B+BM6h7haSPgotRRXzE
heGVw+rCscaOahnkDz+7/zgiBeHKoYoK+Dpyx/T7dM1U
-----END CERTIFICATE-----