Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/5cf431-4d57-4503-b28a-90ef7bda1dc3/1/N_tyoLCDJTny9mezS8ji3p3r7TA.roa
File:                     N_tyoLCDJTny9mezS8ji3p3r7TA.roa (raw, json)
Hash identifier:          SGunrVzvn3HA9fxPleK37dsWM8RC+2YTTS6kcHzWR7g=
Subject key identifier:   37:FB:72:A0:B0:83:25:39:F2:F6:67:B3:4B:C8:E2:DE:9D:EB:ED:30
Certificate issuer:       /CN=c1eb2c601fa6d07507973081faa1325fe190b276
Certificate serial:       018FA4759D7B046AC1B57345D4AC95000C8A
Authority key identifier: C1:EB:2C:60:1F:A6:D0:75:07:97:30:81:FA:A1:32:5F:E1:90:B2:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wessYB-m0HUHlzCB-qEyX-GQsnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/5cf431-4d57-4503-b28a-90ef7bda1dc3/1/N_tyoLCDJTny9mezS8ji3p3r7TA.roa
Signing time:             Thu 23 May 2024 07:58:42 +0000
ROA not before:           Thu 23 May 2024 07:58:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49456
IP address blocks:        193.169.70.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/5cf431-4d57-4503-b28a-90ef7bda1dc3/1/wessYB-m0HUHlzCB-qEyX-GQsnY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/5cf431-4d57-4503-b28a-90ef7bda1dc3/1/wessYB-m0HUHlzCB-qEyX-GQsnY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wessYB-m0HUHlzCB-qEyX-GQsnY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a4:75:9d:7b:04:6a:c1:b5:73:45:d4:ac:95:00:0c:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1eb2c601fa6d07507973081faa1325fe190b276
        Validity
            Not Before: May 23 07:58:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37fb72a0b0832539f2f667b34bc8e2de9debed30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:61:d3:3c:fc:8d:13:ac:0f:32:26:a0:2f:9a:
                    c4:69:c5:c6:fe:49:1f:18:fe:2f:a4:ca:65:ff:18:
                    75:d1:c0:ac:58:a1:44:f0:f6:3a:bf:ba:0f:0f:91:
                    89:a4:cb:81:42:a1:70:36:93:26:84:d5:c9:ba:8d:
                    9c:3f:c8:36:ac:41:22:10:e2:5c:11:2f:6a:56:05:
                    d8:c4:e5:1c:6f:1f:e6:d2:88:5c:f8:0b:f2:12:71:
                    9d:23:ba:f0:03:8c:d6:d6:d5:30:d1:c0:d0:4c:52:
                    6a:12:4e:9c:da:d5:c4:cc:ec:2a:60:b9:b8:f0:61:
                    92:d4:91:cd:5d:34:cd:75:f7:2b:77:fe:f7:d2:24:
                    7a:59:fa:9b:60:80:86:26:34:66:fa:77:9a:7b:31:
                    ce:71:0e:d8:60:c0:2a:b3:23:0c:7d:d7:b4:68:dd:
                    f7:36:07:09:13:dd:9b:99:e3:a7:7d:74:2b:92:fa:
                    d7:9e:3b:ed:c4:fe:f3:37:41:c7:68:82:d8:dd:f9:
                    be:cf:76:74:e2:58:2f:a4:83:98:cf:ff:0f:db:e6:
                    21:34:5b:c7:13:30:06:f1:f2:51:eb:47:40:d8:f0:
                    fc:b3:79:47:eb:79:d0:10:38:ac:aa:34:b6:f4:74:
                    58:5b:47:cd:57:82:21:26:9c:04:b3:9d:4b:80:01:
                    f4:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:FB:72:A0:B0:83:25:39:F2:F6:67:B3:4B:C8:E2:DE:9D:EB:ED:30
            X509v3 Authority Key Identifier:
                keyid:C1:EB:2C:60:1F:A6:D0:75:07:97:30:81:FA:A1:32:5F:E1:90:B2:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wessYB-m0HUHlzCB-qEyX-GQsnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/5cf431-4d57-4503-b28a-90ef7bda1dc3/1/N_tyoLCDJTny9mezS8ji3p3r7TA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/5cf431-4d57-4503-b28a-90ef7bda1dc3/1/wessYB-m0HUHlzCB-qEyX-GQsnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:a4:00:10:04:21:2a:74:d8:c1:fe:9f:19:3b:72:5f:77:7c:
         79:6c:dc:f0:cd:ff:f0:4f:58:d3:94:e7:dd:da:14:ac:7a:63:
         7c:d2:be:5c:54:46:7c:d4:f9:14:c0:a3:cf:e7:54:94:d4:4b:
         fd:99:8a:b0:08:5e:9a:8d:51:fe:c2:42:8a:96:ba:1a:aa:f1:
         71:45:49:cb:37:80:7c:b1:9b:bb:2d:02:df:7d:9c:6e:e5:fb:
         9b:aa:02:cf:09:63:c0:0f:3e:84:bf:f1:a4:55:8f:84:0e:58:
         06:f2:12:18:8a:5d:46:72:8a:ff:4d:0a:4a:e7:c9:68:47:73:
         5b:e5:e1:e1:53:20:6f:d9:ae:28:ef:54:e5:00:28:88:d8:ff:
         51:31:1a:53:51:99:c3:ae:e6:99:c3:41:d0:01:68:7f:a8:27:
         d1:83:f8:c4:cb:32:aa:dc:dd:73:9d:69:92:c6:da:54:7e:ec:
         b9:24:6c:fa:ae:1e:1e:16:6a:aa:b9:ee:a5:e1:a8:9c:2d:36:
         37:5d:72:f1:c7:ec:40:f4:f9:e4:c7:f1:a5:29:55:2d:10:42:
         73:c2:f7:6b:89:5e:b8:38:79:03:df:ec:a1:44:65:c9:f5:f1:
         ad:d4:ee:02:10:3d:b0:34:6d:52:d9:85:2d:6c:df:b2:23:fa:
         87:8d:71:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+kdZ17BGrBtXNF1KyVAAyKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZWIyYzYwMWZhNmQwNzUwNzk3MzA4MWZhYTEzMjVmZTE5
MGIyNzYwHhcNMjQwNTIzMDc1ODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2ZiNzJhMGIwODMyNTM5ZjJmNjY3YjM0YmM4ZTJkZTlkZWJlZDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA52HTPPyNE6wPMiagL5rEacXG/kkf
GP4vpMpl/xh10cCsWKFE8PY6v7oPD5GJpMuBQqFwNpMmhNXJuo2cP8g2rEEiEOJc
ES9qVgXYxOUcbx/m0ohc+AvyEnGdI7rwA4zW1tUw0cDQTFJqEk6c2tXEzOwqYLm4
8GGS1JHNXTTNdfcrd/730iR6WfqbYICGJjRm+neaezHOcQ7YYMAqsyMMfde0aN33
NgcJE92bmeOnfXQrkvrXnjvtxP7zN0HHaILY3fm+z3Z04lgvpIOYz/8P2+YhNFvH
EzAG8fJR60dA2PD8s3lH63nQEDisqjS29HRYW0fNV4IhJpwEs51LgAH0GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDf7cqCwgyU58vZns0vI4t6d6+0wMB8GA1UdIwQY
MBaAFMHrLGAfptB1B5cwgfqhMl/hkLJ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2Vzc1lCLW0wSFVIbHpDQi1xRXlYLUdRc25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81Y2Y0MzEtNGQ1Ny00NTAzLWIyOGEt
OTBlZjdiZGExZGMzLzEvTl90eW9MQ0RKVG55OW1lelM4amkzcDNyN1RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81Y2Y0MzEtNGQ1Ny00NTAzLWIyOGEtOTBlZjdiZGExZGMz
LzEvd2Vzc1lCLW0wSFVIbHpDQi1xRXlYLUdRc25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwalGMA0G
CSqGSIb3DQEBCwUAA4IBAQCIpAAQBCEqdNjB/p8ZO3Jfd3x5bNzwzf/wT1jTlOfd
2hSsemN80r5cVEZ81PkUwKPP51SU1Ev9mYqwCF6ajVH+wkKKlroaqvFxRUnLN4B8
sZu7LQLffZxu5fubqgLPCWPADz6Ev/GkVY+EDlgG8hIYil1Gcor/TQpK58loR3Nb
5eHhUyBv2a4o71TlACiI2P9RMRpTUZnDruaZw0HQAWh/qCfRg/jEyzKq3N1znWmS
xtpUfuy5JGz6rh4eFmqque6l4aicLTY3XXLxx+xA9Pnkx/GlKVUtEEJzwvdriV64
OHkD3+yhRGXJ9fGt1O4CED2wNG1S2YUtbN+yI/qHjXE0
-----END CERTIFICATE-----