Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/WTUcioF_Os4-XQkEQnPS1q_idj4.roa
File:                     WTUcioF_Os4-XQkEQnPS1q_idj4.roa (raw, json)
Hash identifier:          GoDJH/5tFY0kg++3GdMi45gfR3SA7rccJtYB4pw0JOA=
Subject key identifier:   59:35:1C:8A:81:7F:3A:CE:3E:5D:09:04:42:73:D2:D6:AF:E2:76:3E
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       0194328BEE9E0608B1FD6149E84EE5340A46
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/WTUcioF_Os4-XQkEQnPS1q_idj4.roa
Signing time:             Sat 04 Jan 2025 18:20:18 +0000
ROA not before:           Sat 04 Jan 2025 18:20:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        213.137.92.0/24 maxlen: 24
                          213.137.93.0/24 maxlen: 24
                          213.137.94.0/24 maxlen: 24
                          213.137.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:32:8b:ee:9e:06:08:b1:fd:61:49:e8:4e:e5:34:0a:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Jan  4 18:20:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59351c8a817f3ace3e5d09044273d2d6afe2763e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:4a:a9:cb:f9:8a:fa:f2:e5:3e:36:ae:8b:f8:
                    34:20:08:35:13:e6:01:f6:77:a7:66:b3:c8:b0:9f:
                    97:77:73:83:e6:80:01:e5:e9:8b:20:05:4a:9f:d8:
                    90:10:b0:04:a7:7f:78:b7:27:99:f9:fa:5e:eb:c0:
                    a6:74:d6:56:91:de:77:0a:0a:f1:1b:20:df:95:31:
                    24:60:35:5e:a8:94:1d:f2:eb:e5:66:27:6a:30:83:
                    e2:c3:e9:81:6b:95:18:35:78:6d:21:6e:5d:44:98:
                    75:22:5f:ad:9e:a1:dd:ba:b6:e8:6e:8e:7f:42:16:
                    23:95:59:47:60:18:a0:43:fe:5c:4f:37:22:0b:ba:
                    9e:53:60:b1:5d:8f:aa:0c:83:35:40:44:52:07:3a:
                    24:54:65:41:78:21:7d:ae:df:25:36:1c:32:29:92:
                    b3:77:4e:67:1c:df:8c:8c:ea:c5:9f:00:c3:1b:02:
                    12:db:4b:64:5b:e4:e1:93:aa:8c:2a:c6:e8:89:21:
                    cd:41:23:bc:f0:4b:3c:41:c3:76:fc:f1:5a:87:f6:
                    1b:79:e8:58:76:5f:6e:4d:59:39:89:66:93:de:35:
                    9f:c2:b4:23:5d:b2:b1:76:b0:57:66:8e:44:15:da:
                    8a:cd:f2:69:be:80:83:4a:11:09:99:15:26:b4:0a:
                    5b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:35:1C:8A:81:7F:3A:CE:3E:5D:09:04:42:73:D2:D6:AF:E2:76:3E
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/WTUcioF_Os4-XQkEQnPS1q_idj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.137.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:59:7d:b0:63:55:21:d7:eb:cd:96:42:3f:51:f5:14:24:fc:
         00:70:5f:11:d1:2f:dd:54:f5:ef:34:b2:05:e2:78:4c:a1:03:
         74:3a:27:a5:e8:8c:21:ec:7f:ae:76:af:a3:e0:be:0e:99:ed:
         c4:b7:2f:7b:28:ea:24:a7:48:30:e9:99:32:59:7a:ea:a7:74:
         42:a0:da:c9:2c:90:3e:8d:05:1d:f4:22:c2:cd:50:4f:e0:7c:
         3c:e5:ce:bb:ba:fa:71:ce:7b:44:e0:7f:c6:08:06:32:59:83:
         ef:00:72:cf:9a:9b:14:0e:d2:07:bf:36:6d:15:04:5e:30:cb:
         24:b1:b4:fe:2a:5c:27:a3:1e:0a:fb:28:f7:46:2d:43:89:62:
         67:f2:a7:07:e5:51:5a:6c:17:9a:a0:fe:27:a3:a4:75:2c:72:
         8c:d9:8f:30:e2:b3:c1:7d:a0:79:f2:24:78:12:e2:13:d8:96:
         4e:a7:13:38:a7:6d:c4:0f:ba:71:fb:46:1d:b9:d2:7e:d1:6c:
         89:18:e9:0f:3b:e2:3b:ce:b6:66:bf:fb:4c:ab:93:38:c2:90:
         9b:b0:27:19:a4:5a:24:2b:68:5d:a3:34:95:1c:e8:29:15:e0:
         e6:3f:af:bb:3f:7b:df:a0:76:96:c4:3e:66:6d:8b:fe:cb:82:
         f1:8a:3b:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQyi+6eBgix/WFJ6E7lNApGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjUwMTA0MTgyMDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTM1MWM4YTgxN2YzYWNlM2U1ZDA5MDQ0MjczZDJkNmFmZTI3NjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkqpy/mK+vLlPjaui/g0IAg1E+YB
9nenZrPIsJ+Xd3OD5oAB5emLIAVKn9iQELAEp394tyeZ+fpe68CmdNZWkd53Cgrx
GyDflTEkYDVeqJQd8uvlZidqMIPiw+mBa5UYNXhtIW5dRJh1Il+tnqHdurbobo5/
QhYjlVlHYBigQ/5cTzciC7qeU2CxXY+qDIM1QERSBzokVGVBeCF9rt8lNhwyKZKz
d05nHN+MjOrFnwDDGwIS20tkW+Thk6qMKsboiSHNQSO88Es8QcN2/PFah/YbeehY
dl9uTVk5iWaT3jWfwrQjXbKxdrBXZo5EFdqKzfJpvoCDShEJmRUmtApbMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFk1HIqBfzrOPl0JBEJz0tav4nY+MB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvV1RVY2lvRl9PczQtWFFrRVFuUFMxcV9pZGo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1YlcMA0G
CSqGSIb3DQEBCwUAA4IBAQBwWX2wY1Uh1+vNlkI/UfUUJPwAcF8R0S/dVPXvNLIF
4nhMoQN0Oiel6Iwh7H+udq+j4L4Ome3Ety97KOokp0gw6ZkyWXrqp3RCoNrJLJA+
jQUd9CLCzVBP4Hw85c67uvpxzntE4H/GCAYyWYPvAHLPmpsUDtIHvzZtFQReMMsk
sbT+Klwnox4K+yj3Ri1DiWJn8qcH5VFabBeaoP4no6R1LHKM2Y8w4rPBfaB58iR4
EuIT2JZOpxM4p23ED7px+0YdudJ+0WyJGOkPO+I7zrZmv/tMq5M4wpCbsCcZpFok
K2hdozSVHOgpFeDmP6+7P3vfoHaWxD5mbYv+y4LxijtI
-----END CERTIFICATE-----