Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/e6efcf-e5d9-49f0-b11f-d52fdc9e8287/1/N2FtKKOqa4K2finHqfhSUqsziPA.roa
File:                     N2FtKKOqa4K2finHqfhSUqsziPA.roa (raw, json)
Hash identifier:          ktTSW5gqVxT/6ADwVcQDZ2e+7MKRUW68fcXqEwpRu64=
Subject key identifier:   37:61:6D:28:A3:AA:6B:82:B6:7E:29:C7:A9:F8:52:52:AB:33:88:F0
Certificate issuer:       /CN=e1baf90ed13d175452cf5e5a1632a794bf1f4c9a
Certificate serial:       018CC3B72F26BB33BD0F04F400C69CC811FD
Authority key identifier: E1:BA:F9:0E:D1:3D:17:54:52:CF:5E:5A:16:32:A7:94:BF:1F:4C:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4br5DtE9F1RSz15aFjKnlL8fTJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/e6efcf-e5d9-49f0-b11f-d52fdc9e8287/1/N2FtKKOqa4K2finHqfhSUqsziPA.roa
Signing time:             Mon 01 Jan 2024 06:30:11 +0000
ROA not before:           Mon 01 Jan 2024 06:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198977
IP address blocks:        185.69.70.0/23 maxlen: 23
                          2a05:2100::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/e6efcf-e5d9-49f0-b11f-d52fdc9e8287/1/4br5DtE9F1RSz15aFjKnlL8fTJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/e6efcf-e5d9-49f0-b11f-d52fdc9e8287/1/4br5DtE9F1RSz15aFjKnlL8fTJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4br5DtE9F1RSz15aFjKnlL8fTJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 09:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2f:26:bb:33:bd:0f:04:f4:00:c6:9c:c8:11:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1baf90ed13d175452cf5e5a1632a794bf1f4c9a
        Validity
            Not Before: Jan  1 06:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37616d28a3aa6b82b67e29c7a9f85252ab3388f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ed:a4:ab:dc:a7:0c:53:81:56:06:8b:d8:2e:
                    6d:cb:0b:c0:35:13:b2:9f:91:2b:d6:f7:d5:65:79:
                    e6:65:7a:c6:d3:ae:ee:61:dd:73:72:6c:69:18:76:
                    39:e0:6a:0a:1e:91:fc:6f:16:bb:58:1c:d2:0e:2c:
                    f0:51:2f:4f:de:c2:af:ca:bf:42:1b:cb:01:90:8c:
                    39:99:73:dd:1d:04:28:c4:b6:09:0d:62:ad:ab:90:
                    f6:06:b2:21:f2:57:f6:fd:2f:7a:b9:eb:83:d8:07:
                    aa:98:8e:bd:cc:b7:f5:68:ca:b3:46:50:dc:c0:7c:
                    ab:03:b5:88:5f:73:db:34:16:56:09:05:73:e6:54:
                    b2:8f:fa:fa:7c:32:ca:49:02:94:ce:7c:77:36:2e:
                    81:b2:bc:80:b1:80:12:26:d9:d9:de:fd:4c:97:6f:
                    75:5f:6a:e4:e5:88:7e:1e:37:7a:c5:72:c3:da:21:
                    42:6f:80:da:3f:c1:1e:f8:ad:0c:ef:b6:4b:f9:90:
                    78:bc:1f:51:2a:24:4a:06:bc:ac:fa:45:ce:0a:37:
                    d6:e4:ac:fb:9e:2f:ab:b8:bd:ba:b3:5f:a3:8b:70:
                    82:a7:f8:11:1b:f9:f4:8d:f6:a9:38:bb:f6:02:15:
                    d3:67:65:03:75:61:53:44:27:e7:1b:b2:7f:65:78:
                    99:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:61:6D:28:A3:AA:6B:82:B6:7E:29:C7:A9:F8:52:52:AB:33:88:F0
            X509v3 Authority Key Identifier:
                keyid:E1:BA:F9:0E:D1:3D:17:54:52:CF:5E:5A:16:32:A7:94:BF:1F:4C:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4br5DtE9F1RSz15aFjKnlL8fTJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/e6efcf-e5d9-49f0-b11f-d52fdc9e8287/1/N2FtKKOqa4K2finHqfhSUqsziPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/e6efcf-e5d9-49f0-b11f-d52fdc9e8287/1/4br5DtE9F1RSz15aFjKnlL8fTJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.70.0/23
                IPv6:
                  2a05:2100::/30

    Signature Algorithm: sha256WithRSAEncryption
         49:f7:d0:bf:8f:b5:55:f9:0a:3e:67:a2:f8:f6:3e:4b:18:97:
         ea:ae:27:46:39:61:38:0c:13:db:b9:0a:6b:cc:c7:c8:34:55:
         42:92:4b:0f:05:e2:bb:47:2d:82:46:92:c4:0a:27:f8:8f:21:
         55:30:ed:41:4a:53:29:a7:f9:19:76:bf:03:70:2a:00:fe:db:
         9e:22:28:ea:97:1b:23:79:18:b5:3f:a3:82:08:7a:c2:3a:38:
         dc:6c:3e:b4:7f:47:f0:28:e1:2c:53:75:40:d0:88:5c:79:97:
         5c:5d:6b:5a:c4:a5:a8:a3:85:19:a5:04:08:b5:c3:06:09:66:
         22:b5:fa:48:9c:cb:8d:35:c0:8e:33:ae:74:6c:35:32:75:46:
         cf:68:5c:6c:05:a4:04:6d:c0:3d:f1:66:15:f7:f0:57:fe:7d:
         da:ca:c3:cc:a3:23:58:c5:08:c0:01:1c:f1:bf:3c:4e:f9:d5:
         9f:0c:2c:26:cd:29:a2:c9:64:ea:c1:d8:24:db:91:0c:6e:3d:
         a5:63:fa:d1:e1:b6:b2:6b:d0:a6:b5:c0:3b:8a:3f:ac:de:1d:
         ae:cf:15:da:f9:f1:0b:44:c6:d8:1d:95:79:55:54:d8:6a:4b:
         e3:03:a5:5d:8c:17:34:ab:6a:74:9a:2a:a5:74:9f:43:09:3c:
         6f:c6:a6:03
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDty8muzO9DwT0AMacyBH9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxYmFmOTBlZDEzZDE3NTQ1MmNmNWU1YTE2MzJhNzk0YmYx
ZjRjOWEwHhcNMjQwMTAxMDYzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzYxNmQyOGEzYWE2YjgyYjY3ZTI5YzdhOWY4NTI1MmFiMzM4OGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+2kq9ynDFOBVgaL2C5tywvANROy
n5Er1vfVZXnmZXrG067uYd1zcmxpGHY54GoKHpH8bxa7WBzSDizwUS9P3sKvyr9C
G8sBkIw5mXPdHQQoxLYJDWKtq5D2BrIh8lf2/S96ueuD2AeqmI69zLf1aMqzRlDc
wHyrA7WIX3PbNBZWCQVz5lSyj/r6fDLKSQKUznx3Ni6BsryAsYASJtnZ3v1Ml291
X2rk5Yh+Hjd6xXLD2iFCb4DaP8Ee+K0M77ZL+ZB4vB9RKiRKBrys+kXOCjfW5Kz7
ni+ruL26s1+ji3CCp/gRG/n0jfapOLv2AhXTZ2UDdWFTRCfnG7J/ZXiZaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDdhbSijqmuCtn4px6n4UlKrM4jwMB8GA1UdIwQY
MBaAFOG6+Q7RPRdUUs9eWhYyp5S/H0yaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGJyNUR0RTlGMVJTejE1YUZqS25sTDhmVEpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9lNmVmY2YtZTVkOS00OWYwLWIxMWYt
ZDUyZmRjOWU4Mjg3LzEvTjJGdEtLT3FhNEsyZmluSHFmaFNVcXN6aVBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9lNmVmY2YtZTVkOS00OWYwLWIxMWYtZDUyZmRjOWU4Mjg3
LzEvNGJyNUR0RTlGMVJTejE1YUZqS25sTDhmVEpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuUVGMA0E
AgACMAcDBQIqBSEAMA0GCSqGSIb3DQEBCwUAA4IBAQBJ99C/j7VV+Qo+Z6L49j5L
GJfqridGOWE4DBPbuQprzMfINFVCkksPBeK7Ry2CRpLECif4jyFVMO1BSlMpp/kZ
dr8DcCoA/tueIijqlxsjeRi1P6OCCHrCOjjcbD60f0fwKOEsU3VA0IhceZdcXWta
xKWoo4UZpQQItcMGCWYitfpInMuNNcCOM650bDUydUbPaFxsBaQEbcA98WYV9/BX
/n3aysPMoyNYxQjAARzxvzxO+dWfDCwmzSmiyWTqwdgk25EMbj2lY/rR4baya9Cm
tcA7ij+s3h2uzxXa+fELRMbYHZV5VVTYakvjA6VdjBc0q2p0miqldJ9DCTxvxqYD
-----END CERTIFICATE-----