Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/_2RAZTcGLPFkH36FpgDCKfnf69o.roa
File:                     _2RAZTcGLPFkH36FpgDCKfnf69o.roa (raw, json)
Hash identifier:          rWOaI8bHCSu6JvqiR5iiLvp9ktf9nPCTMOxrv5N2Fyk=
Subject key identifier:   FF:64:40:65:37:06:2C:F1:64:1F:7E:85:A6:00:C2:29:F9:DF:EB:DA
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       0191E0AEAAA8F0A8F14427EFBE077FD73990
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/_2RAZTcGLPFkH36FpgDCKfnf69o.roa
Signing time:             Wed 11 Sep 2024 10:43:48 +0000
ROA not before:           Wed 11 Sep 2024 10:43:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215101
IP address blocks:        141.226.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e0:ae:aa:a8:f0:a8:f1:44:27:ef:be:07:7f:d7:39:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Sep 11 10:43:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff64406537062cf1641f7e85a600c229f9dfebda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f6:2b:c5:6a:f8:a1:9a:2d:9f:82:b5:a1:d1:
                    f9:1e:bf:f6:50:e1:e3:8c:ea:4a:17:a2:f4:1c:d5:
                    49:23:4f:e0:0b:30:94:93:e4:37:3b:8d:4d:b7:78:
                    94:02:2f:7f:87:70:9b:ae:6e:eb:7f:ef:48:53:ba:
                    ed:17:b7:14:d9:31:9c:5a:5a:e2:a9:0b:af:ca:c0:
                    b8:00:26:cd:fb:6d:f1:8b:93:f0:b0:7b:14:ce:65:
                    0b:5f:62:62:d4:da:d8:72:d0:5f:c3:7a:a4:6c:a2:
                    70:85:cc:b2:a7:88:98:95:3a:98:04:87:81:1f:50:
                    8d:6a:9e:8b:77:83:bf:92:c0:b0:5b:09:6e:d2:15:
                    86:0c:d0:d0:af:e0:97:80:5b:d5:e7:63:ef:9b:8d:
                    d0:8a:ac:f6:89:36:28:de:2f:1b:b4:60:eb:f4:25:
                    c4:a6:25:aa:39:d4:af:b8:50:08:fa:a8:cc:b7:4a:
                    20:00:6a:7f:a5:bf:b7:58:2b:39:62:3b:fd:33:e9:
                    0f:13:1b:ba:64:54:ff:4b:ac:71:71:37:20:aa:49:
                    fd:96:72:1a:51:31:4c:d8:c1:ab:07:52:21:12:3e:
                    1d:5f:8c:a5:47:e3:22:59:a2:3c:4b:fd:03:f0:94:
                    97:7c:51:28:e9:fa:3a:c6:57:55:b5:b9:fa:84:97:
                    e2:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:64:40:65:37:06:2C:F1:64:1F:7E:85:A6:00:C2:29:F9:DF:EB:DA
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/_2RAZTcGLPFkH36FpgDCKfnf69o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.226.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:40:01:6b:0a:48:43:d2:07:c5:e3:5c:ac:8d:b2:a2:44:23:
         88:97:ea:a7:1a:da:50:a2:6e:ac:2e:9c:19:0a:63:bd:22:75:
         6c:64:55:8a:c1:23:82:6e:09:94:79:27:3a:f2:ab:af:09:8c:
         ef:03:4a:6e:08:1c:22:eb:62:20:19:7a:72:19:16:4f:24:48:
         d4:b2:fc:13:02:43:48:13:40:0a:7b:31:23:14:fb:50:40:b9:
         d9:eb:15:ec:fe:61:77:b3:1f:a8:79:91:96:9c:8d:c1:e3:d2:
         5d:90:2c:94:e4:4b:2d:c7:dd:ab:b4:b3:9c:97:d8:b8:78:3b:
         57:02:57:71:db:66:12:b2:33:b2:91:be:c8:2f:df:b7:a6:f2:
         10:52:36:25:e8:3b:ee:fb:83:59:26:83:a8:34:13:18:ed:10:
         aa:d3:dc:29:9f:2b:25:79:e9:b2:f8:4e:ba:a8:9b:7b:bb:85:
         3b:e3:d9:40:78:6f:b2:fc:65:19:11:d1:bc:a8:5f:f7:63:42:
         0d:12:c8:37:e5:a8:81:9a:62:c4:5e:28:f1:71:1c:85:a3:76:
         b8:22:56:5d:b7:04:81:39:96:78:a2:66:cf:87:41:bb:b5:54:
         a2:c6:43:9c:52:a4:6a:e6:b6:9b:5e:b5:e0:32:13:51:4a:b3:
         0f:a3:d3:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHgrqqo8KjxRCfvvgd/1zmQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjQwOTExMTA0MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjY0NDA2NTM3MDYyY2YxNjQxZjdlODVhNjAwYzIyOWY5ZGZlYmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfYrxWr4oZotn4K1odH5Hr/2UOHj
jOpKF6L0HNVJI0/gCzCUk+Q3O41Nt3iUAi9/h3Cbrm7rf+9IU7rtF7cU2TGcWlri
qQuvysC4ACbN+23xi5PwsHsUzmULX2Ji1NrYctBfw3qkbKJwhcyyp4iYlTqYBIeB
H1CNap6Ld4O/ksCwWwlu0hWGDNDQr+CXgFvV52Pvm43Qiqz2iTYo3i8btGDr9CXE
piWqOdSvuFAI+qjMt0ogAGp/pb+3WCs5Yjv9M+kPExu6ZFT/S6xxcTcgqkn9lnIa
UTFM2MGrB1IhEj4dX4ylR+MiWaI8S/0D8JSXfFEo6fo6xldVtbn6hJfinQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP9kQGU3BizxZB9+haYAwin53+vaMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvXzJSQVpUY0dMUEZrSDM2RnBnRENLZm5mNjlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjeL1MA0G
CSqGSIb3DQEBCwUAA4IBAQCeQAFrCkhD0gfF41ysjbKiRCOIl+qnGtpQom6sLpwZ
CmO9InVsZFWKwSOCbgmUeSc68quvCYzvA0puCBwi62IgGXpyGRZPJEjUsvwTAkNI
E0AKezEjFPtQQLnZ6xXs/mF3sx+oeZGWnI3B49JdkCyU5Estx92rtLOcl9i4eDtX
Aldx22YSsjOykb7IL9+3pvIQUjYl6Dvu+4NZJoOoNBMY7RCq09wpnysleemy+E66
qJt7u4U749lAeG+y/GUZEdG8qF/3Y0INEsg35aiBmmLEXijxcRyFo3a4IlZdtwSB
OZZ4ombPh0G7tVSixkOcUqRq5rabXrXgMhNRSrMPo9Nj
-----END CERTIFICATE-----