Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/T1V76bxlhezLMl4Tzlvgqgk0pcg.roa
File:                     T1V76bxlhezLMl4Tzlvgqgk0pcg.roa (raw, json)
Hash identifier:          Hk9kWyBSS3VZQ3ORtc2F2qsaXDclUxsqlus/HDJzLds=
Subject key identifier:   4F:55:7B:E9:BC:65:85:EC:CB:32:5E:13:CE:5B:E0:AA:09:34:A5:C8
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       0194221FDB7B1E854F8AA0C43FEE7AA8B6D9
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/T1V76bxlhezLMl4Tzlvgqgk0pcg.roa
Signing time:             Wed 01 Jan 2025 13:48:20 +0000
ROA not before:           Wed 01 Jan 2025 13:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199393
IP address blocks:        141.226.241.0/24 maxlen: 24
                          141.226.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:db:7b:1e:85:4f:8a:a0:c4:3f:ee:7a:a8:b6:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Jan  1 13:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f557be9bc6585eccb325e13ce5be0aa0934a5c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:65:47:1d:cd:f4:9b:69:d4:7d:dc:c8:1c:d6:
                    fb:b3:17:a4:fc:4b:4f:5c:a4:96:4e:f1:5c:89:8e:
                    2f:ed:3b:d0:10:1d:65:04:43:f1:c8:c6:a0:e5:ed:
                    66:a0:a9:ab:de:83:72:f0:da:f4:57:e3:79:0b:82:
                    ed:8b:79:c2:94:d3:a7:17:14:43:42:7b:f9:50:e9:
                    9c:c1:dd:40:16:ec:fc:5e:f4:53:6d:70:16:5e:01:
                    3f:a0:6f:90:dd:5e:57:78:6e:c4:98:b2:98:1a:59:
                    fa:59:ce:c7:48:5d:c9:f2:d7:97:af:27:ee:3f:e5:
                    09:aa:b8:90:53:03:8c:f9:42:58:4d:55:c3:8b:df:
                    49:b5:a3:48:99:fd:39:2f:3f:39:ac:93:0a:05:a7:
                    c7:48:00:e0:1c:e7:18:48:5e:13:17:dd:51:cb:95:
                    23:35:ad:56:ea:b2:9c:3e:7c:9d:b1:8f:6a:9b:0a:
                    d1:22:dd:81:fa:56:20:cf:22:0a:e0:00:52:6a:b5:
                    59:67:36:f4:83:e8:9c:36:d0:06:bc:46:09:d1:b8:
                    c8:d3:17:65:b8:4b:67:5b:89:84:c9:10:cc:b7:ff:
                    9f:4c:e8:06:30:04:f2:41:89:9e:da:94:50:16:02:
                    5f:0c:19:dc:3f:97:24:b5:1f:7d:b2:13:e9:21:4c:
                    64:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:55:7B:E9:BC:65:85:EC:CB:32:5E:13:CE:5B:E0:AA:09:34:A5:C8
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/T1V76bxlhezLMl4Tzlvgqgk0pcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.226.241.0-141.226.242.255

    Signature Algorithm: sha256WithRSAEncryption
         63:fc:fe:e4:b8:cd:8b:46:6f:fd:dd:46:61:cf:2f:e1:4e:d8:
         f9:43:a9:d1:e9:5e:42:bf:7c:36:ed:64:c5:cb:d3:04:39:b2:
         01:c1:fd:83:3b:f3:7b:ac:31:08:32:11:d5:21:1d:07:89:bb:
         d2:49:a4:63:2f:55:e9:d4:d2:09:40:a8:6c:f2:fe:bf:ba:56:
         42:93:62:2f:e8:17:8a:6c:d9:9e:16:db:82:96:85:33:13:dd:
         f2:1a:f5:0b:4c:df:a2:de:0b:34:d6:a1:0d:13:ca:ff:5a:fc:
         7e:a3:a8:d4:3d:6e:f0:ed:9b:ec:8d:64:f7:99:14:b4:23:73:
         55:54:71:46:48:c5:9b:a5:1a:3e:97:73:05:20:ae:8e:f1:03:
         9f:ca:2b:b7:dc:eb:53:40:40:64:29:24:68:dd:54:ae:7a:b6:
         76:ff:6c:db:42:4b:d0:66:b4:e9:73:21:27:92:58:f2:d4:fb:
         46:87:5d:e8:32:42:04:ad:28:e0:dd:6a:55:68:b8:83:db:78:
         6d:d1:b9:95:19:fa:59:57:f8:80:92:6f:bd:31:c4:68:38:37:
         9f:ba:fa:d0:45:ab:da:cc:a0:c3:65:6b:9b:dc:2f:52:3c:3e:
         8f:a5:55:e8:54:04:7f:01:4b:ef:32:f6:08:b7:65:12:6b:c3:
         96:70:a7:62
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQiH9t7HoVPiqDEP+56qLbZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjUwMTAxMTM0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjU1N2JlOWJjNjU4NWVjY2IzMjVlMTNjZTViZTBhYTA5MzRhNWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2VHHc30m2nUfdzIHNb7sxek/EtP
XKSWTvFciY4v7TvQEB1lBEPxyMag5e1moKmr3oNy8Nr0V+N5C4Lti3nClNOnFxRD
Qnv5UOmcwd1AFuz8XvRTbXAWXgE/oG+Q3V5XeG7EmLKYGln6Wc7HSF3J8teXryfu
P+UJqriQUwOM+UJYTVXDi99JtaNImf05Lz85rJMKBafHSADgHOcYSF4TF91Ry5Uj
Na1W6rKcPnydsY9qmwrRIt2B+lYgzyIK4ABSarVZZzb0g+icNtAGvEYJ0bjI0xdl
uEtnW4mEyRDMt/+fTOgGMATyQYme2pRQFgJfDBncP5cktR99shPpIUxkbwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFE9Ve+m8ZYXsyzJeE85b4KoJNKXIMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvVDFWNzZieGxoZXpMTWw0VHpsdmdxZ2swcGNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACN4vED
BACN4vIwDQYJKoZIhvcNAQELBQADggEBAGP8/uS4zYtGb/3dRmHPL+FO2PlDqdHp
XkK/fDbtZMXL0wQ5sgHB/YM783usMQgyEdUhHQeJu9JJpGMvVenU0glAqGzy/r+6
VkKTYi/oF4ps2Z4W24KWhTMT3fIa9QtM36LeCzTWoQ0Tyv9a/H6jqNQ9bvDtm+yN
ZPeZFLQjc1VUcUZIxZulGj6XcwUgro7xA5/KK7fc61NAQGQpJGjdVK56tnb/bNtC
S9BmtOlzISeSWPLU+0aHXegyQgStKODdalVouIPbeG3RuZUZ+llX+ICSb70xxGg4
N5+6+tBFq9rMoMNla5vcL1I8Po+lVehUBH8BS+8y9gi3ZRJrw5Zwp2I=
-----END CERTIFICATE-----