Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/76fb22-124c-4866-8e4d-8b792a42d0ef/1/tylNMSSvS99Dcyy-HHi_PFuMqa4.roa
File:                     tylNMSSvS99Dcyy-HHi_PFuMqa4.roa (raw, json)
Hash identifier:          ccMlffzxJqfYWwFrr0eYQi/P7Vh6cNEU7oOeSOxzYpY=
Subject key identifier:   B7:29:4D:31:24:AF:4B:DF:43:73:2C:BE:1C:78:BF:3C:5B:8C:A9:AE
Certificate issuer:       /CN=1e5fe0ae25c6eae27763dcdec51a0e10ebc6c374
Certificate serial:       01942826570B9C6E9517B70705BFA4980D48
Authority key identifier: 1E:5F:E0:AE:25:C6:EA:E2:77:63:DC:DE:C5:1A:0E:10:EB:C6:C3:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hl_griXG6uJ3Y9zexRoOEOvGw3Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/76fb22-124c-4866-8e4d-8b792a42d0ef/1/tylNMSSvS99Dcyy-HHi_PFuMqa4.roa
Signing time:             Thu 02 Jan 2025 17:53:08 +0000
ROA not before:           Thu 02 Jan 2025 17:53:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41072
IP address blocks:        193.104.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/76fb22-124c-4866-8e4d-8b792a42d0ef/1/Hl_griXG6uJ3Y9zexRoOEOvGw3Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/76fb22-124c-4866-8e4d-8b792a42d0ef/1/Hl_griXG6uJ3Y9zexRoOEOvGw3Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hl_griXG6uJ3Y9zexRoOEOvGw3Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:57:0b:9c:6e:95:17:b7:07:05:bf:a4:98:0d:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5fe0ae25c6eae27763dcdec51a0e10ebc6c374
        Validity
            Not Before: Jan  2 17:53:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7294d3124af4bdf43732cbe1c78bf3c5b8ca9ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:69:f2:42:88:4d:63:67:af:1a:bc:f4:d1:63:
                    c0:9e:6e:21:f1:e5:eb:43:6e:a8:4a:99:09:1f:a9:
                    32:39:f6:e6:ba:06:28:00:87:90:d5:66:11:1a:1e:
                    fc:3d:28:fc:f9:66:94:08:f7:ae:2f:e9:57:b4:78:
                    de:c4:94:ac:c2:97:6e:60:93:cc:59:37:ca:cf:93:
                    17:ce:83:65:4f:24:5d:11:17:12:23:da:fb:8b:93:
                    99:f0:e4:d9:1d:77:a3:37:97:8b:58:0c:d0:41:ec:
                    8b:9f:8d:5f:35:c2:e0:e8:25:18:9d:fa:51:63:38:
                    5a:67:8a:fe:b2:3c:92:69:21:67:8d:ac:3e:4e:fb:
                    06:00:13:e5:43:c7:1e:0d:5c:89:bd:ea:b1:fa:bf:
                    56:1c:ee:7a:69:ba:28:9b:dd:d9:10:a3:c3:d7:ef:
                    bb:7c:6d:83:65:33:38:99:3c:9a:7b:c8:af:fa:87:
                    2a:66:bb:63:68:ce:8c:ca:06:c0:9b:bb:77:60:7f:
                    ac:a1:1e:af:ac:b5:e2:58:3b:ff:59:7f:c6:c1:46:
                    9f:cb:7a:12:8e:e1:6a:3b:7a:ac:af:73:0e:68:b1:
                    14:8a:db:2d:3c:bc:3a:db:de:b5:2b:b6:de:a7:cc:
                    08:2d:53:70:75:fa:df:98:dd:c2:bb:2a:4d:46:2b:
                    00:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:29:4D:31:24:AF:4B:DF:43:73:2C:BE:1C:78:BF:3C:5B:8C:A9:AE
            X509v3 Authority Key Identifier:
                keyid:1E:5F:E0:AE:25:C6:EA:E2:77:63:DC:DE:C5:1A:0E:10:EB:C6:C3:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hl_griXG6uJ3Y9zexRoOEOvGw3Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/76fb22-124c-4866-8e4d-8b792a42d0ef/1/tylNMSSvS99Dcyy-HHi_PFuMqa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/76fb22-124c-4866-8e4d-8b792a42d0ef/1/Hl_griXG6uJ3Y9zexRoOEOvGw3Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:4d:ac:01:04:35:f0:2b:5e:da:6e:83:37:64:bb:4c:1c:d5:
         6b:a9:65:c5:a8:66:76:08:35:c2:92:6d:c8:13:4e:f3:13:15:
         85:47:65:89:db:43:57:9f:90:0d:9a:fa:41:8f:77:c9:68:fc:
         ef:01:fb:65:1c:be:87:68:bf:96:1e:1d:80:de:50:39:5e:e6:
         47:8b:f2:77:3a:fd:48:d6:69:2f:f4:65:72:cb:28:ab:05:99:
         85:f3:f5:91:ed:cb:f9:a3:d4:f5:17:c0:86:f3:b7:9c:ad:95:
         43:a8:60:46:43:cb:f1:e7:c7:f2:2b:5b:88:f0:70:2f:56:36:
         19:86:cf:4b:39:75:84:76:c1:52:9d:8d:63:4f:ac:99:56:f0:
         23:a1:4b:e2:f3:de:2b:6c:16:e0:f4:0b:a1:37:a5:27:f4:53:
         88:09:34:e4:b4:c8:04:ac:4d:d8:ea:44:4a:f8:d3:fd:d7:ab:
         1c:8e:80:70:3b:b7:f7:d0:f6:ad:ca:47:ff:58:c9:9d:22:b6:
         48:d0:e9:fa:2d:92:b4:07:bc:00:0d:73:ca:74:4e:90:52:15:
         ab:22:d0:b6:63:ac:01:1e:c6:07:f8:b7:16:a7:b3:df:21:32:
         30:26:75:90:20:6e:85:09:55:a9:cb:45:2d:e2:1b:6d:af:4a:
         77:82:a7:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJlcLnG6VF7cHBb+kmA1IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWZlMGFlMjVjNmVhZTI3NzYzZGNkZWM1MWEwZTEwZWJj
NmMzNzQwHhcNMjUwMTAyMTc1MzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzI5NGQzMTI0YWY0YmRmNDM3MzJjYmUxYzc4YmYzYzViOGNhOWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2nyQohNY2evGrz00WPAnm4h8eXr
Q26oSpkJH6kyOfbmugYoAIeQ1WYRGh78PSj8+WaUCPeuL+lXtHjexJSswpduYJPM
WTfKz5MXzoNlTyRdERcSI9r7i5OZ8OTZHXejN5eLWAzQQeyLn41fNcLg6CUYnfpR
YzhaZ4r+sjySaSFnjaw+TvsGABPlQ8ceDVyJveqx+r9WHO56aboom93ZEKPD1++7
fG2DZTM4mTyae8iv+ocqZrtjaM6MygbAm7t3YH+soR6vrLXiWDv/WX/GwUafy3oS
juFqO3qsr3MOaLEUitstPLw62961K7bep8wILVNwdfrfmN3CuypNRisAgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLcpTTEkr0vfQ3Msvhx4vzxbjKmuMB8GA1UdIwQY
MBaAFB5f4K4lxurid2Pc3sUaDhDrxsN0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxfZ3JpWEc2dUozWTl6ZXhSb09FT3ZHdzNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS83NmZiMjItMTI0Yy00ODY2LThlNGQt
OGI3OTJhNDJkMGVmLzEvdHlsTk1TU3ZTOTlEY3l5LUhIaV9QRnVNcWE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS83NmZiMjItMTI0Yy00ODY2LThlNGQtOGI3OTJhNDJkMGVm
LzEvSGxfZ3JpWEc2dUozWTl6ZXhSb09FT3ZHdzNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWgAMA0G
CSqGSIb3DQEBCwUAA4IBAQBQTawBBDXwK17aboM3ZLtMHNVrqWXFqGZ2CDXCkm3I
E07zExWFR2WJ20NXn5ANmvpBj3fJaPzvAftlHL6HaL+WHh2A3lA5XuZHi/J3Ov1I
1mkv9GVyyyirBZmF8/WR7cv5o9T1F8CG87ecrZVDqGBGQ8vx58fyK1uI8HAvVjYZ
hs9LOXWEdsFSnY1jT6yZVvAjoUvi894rbBbg9AuhN6Un9FOICTTktMgErE3Y6kRK
+NP916scjoBwO7f30Patykf/WMmdIrZI0On6LZK0B7wADXPKdE6QUhWrItC2Y6wB
HsYH+LcWp7PfITIwJnWQIG6FCVWpy0Ut4httr0p3gqe2
-----END CERTIFICATE-----