Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/DDFKoxTPYE7ilqPiExcTldqQtxQ.roa
File:                     DDFKoxTPYE7ilqPiExcTldqQtxQ.roa (raw, json)
Hash identifier:          3pOehKTGvq9pClPWLlvICsZJFMAUJPm87zg9RG2hrJs=
Subject key identifier:   0C:31:4A:A3:14:CF:60:4E:E2:96:A3:E2:13:17:13:95:DA:90:B7:14
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       0192E1828A9362E2187471EABEB9F88EE2ED
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/DDFKoxTPYE7ilqPiExcTldqQtxQ.roa
Signing time:             Thu 31 Oct 2024 07:38:01 +0000
ROA not before:           Thu 31 Oct 2024 07:38:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        141.226.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e1:82:8a:93:62:e2:18:74:71:ea:be:b9:f8:8e:e2:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Oct 31 07:38:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c314aa314cf604ee296a3e213171395da90b714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:49:1d:e5:82:d6:b5:85:44:8c:7b:f9:0d:a1:
                    aa:9b:44:a8:c8:99:c8:24:ca:69:6c:ec:85:e0:bd:
                    29:73:77:f7:4f:f4:75:05:b4:8e:8b:da:e5:1b:5b:
                    2d:0f:dc:e2:60:aa:a2:4c:64:3e:34:fc:95:0e:0e:
                    2a:09:b6:2f:cc:15:a8:2e:03:53:49:75:be:9a:e0:
                    28:7c:03:fc:19:95:29:9a:1a:e3:13:ee:eb:04:95:
                    b0:b3:ed:26:51:0a:91:7e:4f:44:b3:28:23:b6:a4:
                    94:46:f9:f0:78:25:21:8b:f8:11:6f:d3:48:f7:8e:
                    15:4e:73:46:da:6e:a3:98:d4:4d:93:c2:12:ae:d1:
                    39:a4:f0:46:38:bd:01:f0:52:aa:3b:26:d0:80:d7:
                    f0:02:5c:9f:c6:3b:db:9b:45:b1:2d:d7:22:11:6f:
                    21:01:ce:52:aa:d2:d2:90:68:4f:69:37:78:34:95:
                    c0:d6:db:48:13:2c:e3:c1:ce:88:15:e5:46:7d:42:
                    8f:f2:75:75:3e:7e:bf:1e:d3:38:fb:6a:a2:1f:6d:
                    0c:6a:d0:0e:90:47:e2:c3:97:59:63:63:2d:f9:7e:
                    30:af:6d:e7:90:3b:b4:54:8b:b4:b3:7b:4c:40:ac:
                    8a:3a:1e:9e:2a:77:2d:39:33:55:38:84:7b:59:ca:
                    2f:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:31:4A:A3:14:CF:60:4E:E2:96:A3:E2:13:17:13:95:DA:90:B7:14
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/DDFKoxTPYE7ilqPiExcTldqQtxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.226.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:a4:15:26:db:c5:a3:5b:31:0f:76:71:10:36:bb:ef:25:1c:
         62:a0:ee:a8:81:c2:d3:85:85:34:30:73:47:b8:78:94:5b:72:
         38:88:c4:e5:df:4f:58:17:a5:2b:c8:be:5b:dd:60:25:4c:9e:
         db:19:8f:9a:7f:27:f7:28:ed:d2:57:6c:77:a0:99:90:06:65:
         9e:56:c9:8c:87:63:fe:22:b5:21:1f:93:37:86:8a:90:d7:ba:
         b0:a5:6d:8f:c3:3f:96:60:b1:e7:d0:67:27:b8:f1:0c:b0:98:
         0d:f4:9b:6e:36:86:f8:3f:8d:c7:24:15:55:3f:8e:7a:0f:8b:
         6a:9d:df:cb:f7:10:27:c5:e1:25:6f:18:d7:b9:ee:e3:00:26:
         f3:b6:18:83:a8:32:04:ab:18:ac:2e:ba:7c:1b:b3:bf:86:38:
         7e:f9:9a:7a:45:e6:8a:b9:b1:17:74:da:19:4b:20:38:f0:74:
         bb:c0:4b:f3:88:4d:ae:23:6c:e9:c6:2d:f2:7c:12:89:3d:72:
         e1:e0:da:76:2a:b6:7b:b3:32:89:80:50:ca:23:a1:24:64:47:
         af:10:60:1b:c2:51:97:4d:6d:c9:c1:23:95:ef:24:39:25:f9:
         59:2d:62:32:6a:a5:c8:be:aa:42:7e:00:b9:08:7d:f5:18:04:
         30:0c:8a:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLhgoqTYuIYdHHqvrn4juLtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjQxMDMxMDczODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzMxNGFhMzE0Y2Y2MDRlZTI5NmEzZTIxMzE3MTM5NWRhOTBiNzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUkd5YLWtYVEjHv5DaGqm0SoyJnI
JMppbOyF4L0pc3f3T/R1BbSOi9rlG1stD9ziYKqiTGQ+NPyVDg4qCbYvzBWoLgNT
SXW+muAofAP8GZUpmhrjE+7rBJWws+0mUQqRfk9EsygjtqSURvnweCUhi/gRb9NI
944VTnNG2m6jmNRNk8ISrtE5pPBGOL0B8FKqOybQgNfwAlyfxjvbm0WxLdciEW8h
Ac5SqtLSkGhPaTd4NJXA1ttIEyzjwc6IFeVGfUKP8nV1Pn6/HtM4+2qiH20MatAO
kEfiw5dZY2Mt+X4wr23nkDu0VIu0s3tMQKyKOh6eKnctOTNVOIR7WcovkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAwxSqMUz2BO4paj4hMXE5XakLcUMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvRERGS294VFBZRTdpbHFQaUV4Y1RsZHFRdHhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjeL2MA0G
CSqGSIb3DQEBCwUAA4IBAQDHpBUm28WjWzEPdnEQNrvvJRxioO6ogcLThYU0MHNH
uHiUW3I4iMTl309YF6UryL5b3WAlTJ7bGY+afyf3KO3SV2x3oJmQBmWeVsmMh2P+
IrUhH5M3hoqQ17qwpW2Pwz+WYLHn0GcnuPEMsJgN9JtuNob4P43HJBVVP456D4tq
nd/L9xAnxeElbxjXue7jACbzthiDqDIEqxisLrp8G7O/hjh++Zp6ReaKubEXdNoZ
SyA48HS7wEvziE2uI2zpxi3yfBKJPXLh4Np2KrZ7szKJgFDKI6EkZEevEGAbwlGX
TW3JwSOV7yQ5JflZLWIyaqXIvqpCfgC5CH31GAQwDIqn
-----END CERTIFICATE-----