Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/D6z3uH2EsI5QhDsSYxjtlpl1eHA.roa
File:                     D6z3uH2EsI5QhDsSYxjtlpl1eHA.roa (raw, json)
Hash identifier:          ZGD46BffVNFNd8Dv/G9ld9z6dYrkJsXhn/Uio551jbU=
Subject key identifier:   0F:AC:F7:B8:7D:84:B0:8E:50:84:3B:12:63:18:ED:96:99:75:78:70
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       01927A23628C8107C938D4DDAC2593AFCD16
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/D6z3uH2EsI5QhDsSYxjtlpl1eHA.roa
Signing time:             Fri 11 Oct 2024 05:53:12 +0000
ROA not before:           Fri 11 Oct 2024 05:53:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        213.137.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7a:23:62:8c:81:07:c9:38:d4:dd:ac:25:93:af:cd:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Oct 11 05:53:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0facf7b87d84b08e50843b126318ed9699757870
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:6b:bc:62:9e:99:a2:f9:a8:97:f9:f6:c6:c6:
                    47:e4:66:2a:08:f1:3a:11:24:52:8f:89:9f:ed:ee:
                    c8:b6:98:d9:0e:60:fc:0e:1b:1e:48:a6:24:ca:b6:
                    9b:65:bc:fd:52:05:14:bf:88:15:65:c8:95:c4:e3:
                    59:16:a3:a6:37:92:79:d9:eb:41:16:13:cd:bc:13:
                    63:8b:11:4e:2e:10:77:40:be:33:36:5a:b8:8e:0f:
                    cb:cd:16:ba:30:6c:53:4a:6d:92:52:de:dd:3e:11:
                    1d:b9:b8:25:70:ac:19:e8:ed:cf:a9:91:e9:d7:28:
                    e3:79:da:f2:60:07:02:e2:63:66:e8:c2:9d:b2:1c:
                    96:62:38:62:f0:4f:30:79:87:f4:85:a2:4f:fd:36:
                    54:ba:c8:b4:37:89:b0:83:24:2a:59:87:c7:92:87:
                    05:69:6b:7d:22:98:52:92:68:04:b9:13:c7:9b:fe:
                    5b:1c:a0:ce:ea:10:30:68:de:2b:e7:ce:e3:5d:e4:
                    01:16:fb:e2:ea:cd:d9:e2:3b:97:9f:ac:c6:9e:e5:
                    e3:da:a7:f1:f6:bb:48:50:8e:68:4c:ab:f1:f9:48:
                    df:5c:54:cc:66:02:70:07:ec:02:b8:6a:c1:7d:f4:
                    be:55:47:c5:92:31:47:33:1d:c1:e7:21:44:82:e5:
                    c7:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:AC:F7:B8:7D:84:B0:8E:50:84:3B:12:63:18:ED:96:99:75:78:70
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/D6z3uH2EsI5QhDsSYxjtlpl1eHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.137.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:24:82:a5:41:c5:a2:3e:80:3a:6c:ca:8e:bd:24:2b:6d:bd:
         93:58:ea:88:65:b9:94:f0:d5:1b:7f:1f:c9:ab:c2:21:9a:44:
         62:36:5b:83:a9:e9:3f:9b:95:ef:56:71:7b:56:5b:22:a1:d5:
         c5:3f:db:e7:16:8b:1e:f4:22:7a:52:a6:20:0c:11:84:05:6e:
         f0:db:c5:d5:f1:ad:75:65:6c:8f:25:6b:48:11:11:e4:ee:f6:
         2a:1f:a1:d1:45:b0:a4:88:6f:fc:01:e0:4f:ac:53:86:bc:4c:
         a6:28:98:71:e5:aa:62:7a:2c:b7:51:cb:93:af:90:4e:87:7d:
         5a:6f:ba:a6:33:0a:92:52:b9:94:eb:e7:12:ba:f4:2a:d1:dc:
         c6:bf:08:30:3b:69:6b:57:4f:99:f3:26:6c:c8:65:b4:b9:1b:
         7b:93:35:e0:50:66:28:b3:4a:6e:62:2b:d3:49:46:6a:84:78:
         d5:d5:77:61:24:2f:14:bc:f2:e2:c5:db:e7:a9:2a:96:4b:0a:
         c6:08:a4:ed:71:4f:8f:32:b8:4a:5d:92:d7:e4:82:83:59:df:
         53:fa:d0:9b:10:26:0c:69:03:11:75:24:15:ea:8d:1c:d5:78:
         b4:f4:f2:27:24:db:fa:f8:00:d9:1a:01:ba:ba:f9:f4:57:c3:
         c9:08:e3:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ6I2KMgQfJONTdrCWTr80WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjQxMDExMDU1MzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmFjZjdiODdkODRiMDhlNTA4NDNiMTI2MzE4ZWQ5Njk5NzU3ODcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmu8Yp6Zovmol/n2xsZH5GYqCPE6
ESRSj4mf7e7ItpjZDmD8DhseSKYkyrabZbz9UgUUv4gVZciVxONZFqOmN5J52etB
FhPNvBNjixFOLhB3QL4zNlq4jg/LzRa6MGxTSm2SUt7dPhEdubglcKwZ6O3PqZHp
1yjjedryYAcC4mNm6MKdshyWYjhi8E8weYf0haJP/TZUusi0N4mwgyQqWYfHkocF
aWt9IphSkmgEuRPHm/5bHKDO6hAwaN4r587jXeQBFvvi6s3Z4juXn6zGnuXj2qfx
9rtIUI5oTKvx+UjfXFTMZgJwB+wCuGrBffS+VUfFkjFHMx3B5yFEguXHvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+s97h9hLCOUIQ7EmMY7ZaZdXhwMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvRDZ6M3VIMkVzSTVRaERzU1l4anRscGwxZUhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YlaMA0G
CSqGSIb3DQEBCwUAA4IBAQAwJIKlQcWiPoA6bMqOvSQrbb2TWOqIZbmU8NUbfx/J
q8IhmkRiNluDqek/m5XvVnF7VlsiodXFP9vnFose9CJ6UqYgDBGEBW7w28XV8a11
ZWyPJWtIERHk7vYqH6HRRbCkiG/8AeBPrFOGvEymKJhx5apieiy3UcuTr5BOh31a
b7qmMwqSUrmU6+cSuvQq0dzGvwgwO2lrV0+Z8yZsyGW0uRt7kzXgUGYos0puYivT
SUZqhHjV1XdhJC8UvPLixdvnqSqWSwrGCKTtcU+PMrhKXZLX5IKDWd9T+tCbECYM
aQMRdSQV6o0c1Xi09PInJNv6+ADZGgG6uvn0V8PJCOMZ
-----END CERTIFICATE-----