Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/140105-e462-48d2-a58f-a57035792e57/1/teEfmPQf8tnjfGLTS12FwMTkOmE.roa
File:                     teEfmPQf8tnjfGLTS12FwMTkOmE.roa (raw, json)
Hash identifier:          SKQQFiihYob1kvToMbtlESJCoSTXYbFLubzmSbbHzZY=
Subject key identifier:   B5:E1:1F:98:F4:1F:F2:D9:E3:7C:62:D3:4B:5D:85:C0:C4:E4:3A:61
Certificate issuer:       /CN=70f5d9eeefa305aecaee31e6fcb4e22321b2804a
Certificate serial:       0191460CC1FF01F390542127514F9E939C9E
Authority key identifier: 70:F5:D9:EE:EF:A3:05:AE:CA:EE:31:E6:FC:B4:E2:23:21:B2:80:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPXZ7u-jBa7K7jHm_LTiIyGygEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/140105-e462-48d2-a58f-a57035792e57/1/teEfmPQf8tnjfGLTS12FwMTkOmE.roa
Signing time:             Mon 12 Aug 2024 10:05:26 +0000
ROA not before:           Mon 12 Aug 2024 10:05:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210858
IP address blocks:        185.141.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/140105-e462-48d2-a58f-a57035792e57/1/cPXZ7u-jBa7K7jHm_LTiIyGygEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/140105-e462-48d2-a58f-a57035792e57/1/cPXZ7u-jBa7K7jHm_LTiIyGygEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPXZ7u-jBa7K7jHm_LTiIyGygEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:46:0c:c1:ff:01:f3:90:54:21:27:51:4f:9e:93:9c:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f5d9eeefa305aecaee31e6fcb4e22321b2804a
        Validity
            Not Before: Aug 12 10:05:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5e11f98f41ff2d9e37c62d34b5d85c0c4e43a61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:50:71:16:db:a4:22:14:58:15:1d:da:75:5f:
                    38:04:e9:0e:2e:bf:88:2b:47:1f:25:2f:b5:23:10:
                    3b:37:60:27:7b:ac:a9:ff:ff:0f:dc:26:13:e2:39:
                    2a:bb:0c:ad:ff:7c:82:3d:e9:65:25:ed:30:94:70:
                    92:c4:c8:8e:56:4d:b9:00:6e:d6:bd:9a:e8:60:48:
                    2e:77:cc:a5:8d:2f:6b:aa:1a:16:06:63:4b:29:f5:
                    84:90:6d:a0:28:a0:b0:3e:6b:70:a9:67:2e:04:58:
                    ac:05:5d:d9:b6:fe:dd:cb:00:75:c9:b2:10:51:06:
                    83:d9:98:40:15:4a:77:7a:83:35:9f:62:7d:37:75:
                    ff:33:19:39:ff:25:d2:39:f2:8e:e3:08:98:9c:c8:
                    8f:0a:4f:6a:7a:02:f7:30:13:d5:00:4d:b3:1b:b1:
                    d1:f0:00:0e:e6:a6:80:53:9f:da:53:cb:7b:a4:7c:
                    91:e3:35:b8:e1:4f:ff:ac:10:9a:ea:93:ad:bf:0f:
                    09:cc:8b:e5:9a:71:20:18:b4:d1:00:a5:7b:7d:34:
                    6b:91:ee:cf:0a:bb:55:16:2e:2b:90:ed:27:f5:64:
                    39:16:81:f5:3a:e8:62:3e:ff:34:0c:d8:34:68:16:
                    51:8f:6d:e9:2d:c5:a8:5d:5f:6c:4c:0a:77:86:a2:
                    c1:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:E1:1F:98:F4:1F:F2:D9:E3:7C:62:D3:4B:5D:85:C0:C4:E4:3A:61
            X509v3 Authority Key Identifier:
                keyid:70:F5:D9:EE:EF:A3:05:AE:CA:EE:31:E6:FC:B4:E2:23:21:B2:80:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPXZ7u-jBa7K7jHm_LTiIyGygEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/140105-e462-48d2-a58f-a57035792e57/1/teEfmPQf8tnjfGLTS12FwMTkOmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/140105-e462-48d2-a58f-a57035792e57/1/cPXZ7u-jBa7K7jHm_LTiIyGygEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:5c:90:5e:b0:ac:60:48:ee:9e:58:6a:46:ef:ae:5b:e4:4f:
         e1:9e:56:d0:4c:36:ea:ff:52:c0:f5:5b:e4:4d:c4:86:cd:b9:
         b0:85:3e:c2:eb:fd:a9:55:5c:91:61:4e:49:5e:89:c9:e3:9f:
         b9:e6:c0:4a:3e:6c:7a:da:46:07:ae:ef:e6:30:de:ba:a2:97:
         78:57:61:39:10:c0:9b:95:a3:5b:a8:1a:f5:63:2b:4e:89:73:
         c5:8c:b5:a0:ce:93:4b:73:b1:a6:7b:53:c5:4d:c1:db:79:c6:
         04:55:cd:1d:9e:e2:af:10:04:77:41:be:5e:36:84:42:db:52:
         3e:32:a4:f0:75:58:6a:13:19:64:63:8f:b2:01:22:31:47:7d:
         73:ae:3d:8e:58:ca:c2:22:86:a5:f9:a9:0c:9a:9a:67:25:54:
         ba:93:df:76:96:d1:db:4b:77:0e:bf:32:bb:93:2a:fe:a3:09:
         37:41:e5:89:25:25:ec:2b:8e:1a:cf:a9:36:7f:e7:ff:2d:9a:
         a9:21:24:3d:c0:2a:19:3e:a4:b5:5b:69:37:2e:72:31:9b:d5:
         03:cc:9c:4e:8c:63:08:ed:71:d7:e1:79:58:b2:9b:c9:3b:a2:
         af:d4:3a:5c:7d:ee:a4:d9:5f:d2:a2:da:0e:1b:17:f2:96:d4:
         a1:df:1f:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFGDMH/AfOQVCEnUU+ek5yeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjVkOWVlZWZhMzA1YWVjYWVlMzFlNmZjYjRlMjIzMjFi
MjgwNGEwHhcNMjQwODEyMTAwNTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWUxMWY5OGY0MWZmMmQ5ZTM3YzYyZDM0YjVkODVjMGM0ZTQzYTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlBxFtukIhRYFR3adV84BOkOLr+I
K0cfJS+1IxA7N2Ane6yp//8P3CYT4jkquwyt/3yCPellJe0wlHCSxMiOVk25AG7W
vZroYEgud8yljS9rqhoWBmNLKfWEkG2gKKCwPmtwqWcuBFisBV3Ztv7dywB1ybIQ
UQaD2ZhAFUp3eoM1n2J9N3X/Mxk5/yXSOfKO4wiYnMiPCk9qegL3MBPVAE2zG7HR
8AAO5qaAU5/aU8t7pHyR4zW44U//rBCa6pOtvw8JzIvlmnEgGLTRAKV7fTRrke7P
CrtVFi4rkO0n9WQ5FoH1OuhiPv80DNg0aBZRj23pLcWoXV9sTAp3hqLBSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLXhH5j0H/LZ43xi00tdhcDE5DphMB8GA1UdIwQY
MBaAFHD12e7vowWuyu4x5vy04iMhsoBKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BYWjd1LWpCYTdLN2pIbV9MVGlJeUd5Z0VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8xNDAxMDUtZTQ2Mi00OGQyLWE1OGYt
YTU3MDM1NzkyZTU3LzEvdGVFZm1QUWY4dG5qZkdMVFMxMkZ3TVRrT21FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8xNDAxMDUtZTQ2Mi00OGQyLWE1OGYtYTU3MDM1NzkyZTU3
LzEvY1BYWjd1LWpCYTdLN2pIbV9MVGlJeUd5Z0VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY2DMA0G
CSqGSIb3DQEBCwUAA4IBAQAuXJBesKxgSO6eWGpG765b5E/hnlbQTDbq/1LA9Vvk
TcSGzbmwhT7C6/2pVVyRYU5JXonJ45+55sBKPmx62kYHru/mMN66opd4V2E5EMCb
laNbqBr1YytOiXPFjLWgzpNLc7Gme1PFTcHbecYEVc0dnuKvEAR3Qb5eNoRC21I+
MqTwdVhqExlkY4+yASIxR31zrj2OWMrCIoal+akMmppnJVS6k992ltHbS3cOvzK7
kyr+owk3QeWJJSXsK44az6k2f+f/LZqpISQ9wCoZPqS1W2k3LnIxm9UDzJxOjGMI
7XHX4XlYspvJO6Kv1Dpcfe6k2V/SotoOGxfyltSh3x+u
-----END CERTIFICATE-----