Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/4zzjavUcKJv_0PM6hWII9tr-qPs.roa
File:                     4zzjavUcKJv_0PM6hWII9tr-qPs.roa (raw, json)
Hash identifier:          snxBw81VZoH9o/vCyoh/mKX1B5BUbZUet3Pw+ZagMPw=
Subject key identifier:   E3:3C:E3:6A:F5:1C:28:9B:FF:D0:F3:3A:85:62:08:F6:DA:FE:A8:FB
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       018D6855E5DC985A83A1F07E7FC4CB7F1990
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/4zzjavUcKJv_0PM6hWII9tr-qPs.roa
Signing time:             Fri 02 Feb 2024 05:41:16 +0000
ROA not before:           Fri 02 Feb 2024 05:41:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        141.226.246.0/24 maxlen: 24
                          213.137.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:68:55:e5:dc:98:5a:83:a1:f0:7e:7f:c4:cb:7f:19:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Feb  2 05:41:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e33ce36af51c289bffd0f33a856208f6dafea8fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e0:69:5c:86:6a:8d:0d:c7:f5:92:de:db:c2:
                    96:03:6b:80:e8:9b:74:20:ba:b9:46:a1:e3:6c:3e:
                    9f:5a:a6:a1:cd:71:7b:e1:d5:59:78:33:2b:d2:4c:
                    36:41:c1:32:dc:e9:7c:83:19:53:d1:4d:ad:b7:25:
                    c8:c4:4b:f0:0a:35:4e:d0:da:fb:54:5e:df:9d:48:
                    98:1d:28:28:b0:12:c9:9f:d3:61:28:08:34:82:2b:
                    43:3f:2f:b1:db:67:3b:63:a2:9c:09:e4:75:59:25:
                    6a:9a:12:c5:d0:c9:18:53:fd:f1:f8:3d:33:91:41:
                    2b:d6:a5:37:d2:75:0d:0c:02:15:4e:db:87:bb:f5:
                    36:eb:40:e4:09:d4:d3:9f:fb:b4:4c:1e:a6:43:6b:
                    ac:46:a2:e1:c5:f4:b9:a4:2c:fa:86:51:f0:d3:8c:
                    b8:86:b5:aa:b8:f6:ac:d0:1e:14:92:f7:43:71:ca:
                    29:2c:86:08:fb:6f:62:09:c3:b1:bc:84:16:cb:b0:
                    fc:de:dc:ca:b1:87:a8:19:4e:41:40:d6:21:4e:de:
                    75:0d:40:2e:78:16:cc:f8:97:fe:9c:ec:5c:84:36:
                    b6:1d:a2:0d:d0:88:5e:6b:ed:72:1f:ba:5d:95:d9:
                    ef:9a:1d:13:0a:d4:10:8f:15:1f:5b:9c:52:28:53:
                    e6:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:3C:E3:6A:F5:1C:28:9B:FF:D0:F3:3A:85:62:08:F6:DA:FE:A8:FB
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/4zzjavUcKJv_0PM6hWII9tr-qPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.226.246.0/24
                  213.137.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:dd:3a:64:74:15:9a:73:56:95:b7:4b:51:ce:ab:b9:6d:2d:
         64:f3:af:bf:5c:b9:6b:8f:25:c9:2e:63:ef:c7:3b:ac:7e:6c:
         e9:df:09:f1:bb:b8:22:e3:25:50:0a:bb:75:80:a9:52:2f:34:
         43:20:22:58:db:0f:39:3c:b5:ea:35:42:98:d4:bd:3c:44:d0:
         8b:ac:b2:59:62:7b:56:33:43:41:58:93:d8:7d:da:e8:90:aa:
         3e:21:f8:4d:cb:55:05:12:aa:51:4e:8a:b9:7c:0d:4e:49:46:
         23:60:a3:79:6a:8d:a0:fd:2c:68:92:8b:7f:67:82:ae:17:6b:
         e3:07:27:3c:e1:8f:63:75:bb:3d:b6:c5:ac:54:45:34:4b:85:
         83:39:3d:18:83:33:0b:a7:bf:9e:20:2e:0b:54:8c:59:0f:f1:
         73:f0:0b:27:b0:03:9e:97:b5:4c:a8:c5:18:da:81:f6:ac:23:
         83:14:46:8f:de:58:e1:d2:ed:bf:80:4b:60:c3:2a:1e:72:30:
         00:c3:d6:b1:d0:11:9b:dd:3c:a4:18:c4:a0:35:c0:21:ba:9c:
         77:80:33:12:6a:f9:1f:d3:5f:ad:a1:71:f7:66:4a:fb:af:35:
         1b:ff:d5:09:01:9f:f7:49:bc:64:20:43:6b:0f:43:c5:dd:e0:
         7c:49:c5:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1oVeXcmFqDofB+f8TLfxmQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjQwMjAyMDU0MTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzNjZTM2YWY1MWMyODliZmZkMGYzM2E4NTYyMDhmNmRhZmVhOGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+BpXIZqjQ3H9ZLe28KWA2uA6Jt0
ILq5RqHjbD6fWqahzXF74dVZeDMr0kw2QcEy3Ol8gxlT0U2ttyXIxEvwCjVO0Nr7
VF7fnUiYHSgosBLJn9NhKAg0gitDPy+x22c7Y6KcCeR1WSVqmhLF0MkYU/3x+D0z
kUEr1qU30nUNDAIVTtuHu/U260DkCdTTn/u0TB6mQ2usRqLhxfS5pCz6hlHw04y4
hrWquPas0B4UkvdDccopLIYI+29iCcOxvIQWy7D83tzKsYeoGU5BQNYhTt51DUAu
eBbM+Jf+nOxchDa2HaIN0Ihea+1yH7pdldnvmh0TCtQQjxUfW5xSKFPmFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOM842r1HCib/9DzOoViCPba/qj7MB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvNHp6amF2VWNLSnZfMFBNNmhXSUk5dHItcVBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjeL2AwQA
1YlSMA0GCSqGSIb3DQEBCwUAA4IBAQCM3TpkdBWac1aVt0tRzqu5bS1k86+/XLlr
jyXJLmPvxzusfmzp3wnxu7gi4yVQCrt1gKlSLzRDICJY2w85PLXqNUKY1L08RNCL
rLJZYntWM0NBWJPYfdrokKo+IfhNy1UFEqpRToq5fA1OSUYjYKN5ao2g/Sxokot/
Z4KuF2vjByc84Y9jdbs9tsWsVEU0S4WDOT0YgzMLp7+eIC4LVIxZD/Fz8AsnsAOe
l7VMqMUY2oH2rCODFEaP3ljh0u2/gEtgwyoecjAAw9ax0BGb3TykGMSgNcAhupx3
gDMSavkf01+toXH3Zkr7rzUb/9UJAZ/3SbxkIENrD0PF3eB8ScUo
-----END CERTIFICATE-----