Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/atde6o2VUVS8ClCYHEN3TJ64PcU.roa
File:                     atde6o2VUVS8ClCYHEN3TJ64PcU.roa (raw, json)
Hash identifier:          oihZddIXZ+aHgZmQ3H/cN/k4N0fdk94abSuMyeXPyJc=
Subject key identifier:   6A:D7:5E:EA:8D:95:51:54:BC:0A:50:98:1C:43:77:4C:9E:B8:3D:C5
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       018D689B7AD41079D9C29E256FA0BBF5D083
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/atde6o2VUVS8ClCYHEN3TJ64PcU.roa
Signing time:             Fri 02 Feb 2024 06:57:16 +0000
ROA not before:           Fri 02 Feb 2024 06:57:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        141.226.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:68:9b:7a:d4:10:79:d9:c2:9e:25:6f:a0:bb:f5:d0:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Feb  2 06:57:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ad75eea8d955154bc0a50981c43774c9eb83dc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:22:1c:33:0c:62:86:f4:38:8c:22:2e:45:f4:
                    60:3e:2a:80:44:97:48:34:27:17:59:8d:bd:2c:de:
                    56:80:a8:5f:2c:a7:20:2d:97:78:01:6b:1c:5c:e3:
                    c1:e4:16:cc:93:46:a4:d3:65:13:58:cc:b7:b7:c1:
                    6c:8a:7a:c6:6e:dc:ed:82:8b:e8:9f:42:cd:26:50:
                    14:02:3c:dc:1a:61:4f:51:b7:5d:a0:76:67:c0:82:
                    51:da:c2:2a:4b:10:51:f1:02:5f:bb:8f:ff:fc:43:
                    f2:bc:5a:0c:9e:24:c9:b3:6a:36:2c:9c:54:39:0b:
                    f3:f6:35:3a:c6:f1:8a:73:56:58:35:01:16:95:4f:
                    d8:62:06:55:7a:db:d9:23:51:9a:d9:12:46:5f:f0:
                    16:49:95:07:bf:20:1c:d9:1f:4f:10:a5:8e:b5:ea:
                    bf:01:ee:59:51:30:db:a3:64:4a:ea:60:5a:23:d4:
                    03:e6:0f:d5:bc:06:d1:48:38:b5:fb:7c:fa:0f:50:
                    ac:dd:fc:c3:26:81:51:2d:5f:ee:34:54:a8:97:0a:
                    8e:21:3e:58:a4:00:7f:f7:47:5e:87:04:ae:3f:8d:
                    83:bf:cb:69:76:fd:a1:b3:02:b5:60:d3:cd:06:87:
                    a3:2c:e3:1c:7f:cc:a4:c6:11:a9:8c:5d:81:bd:5c:
                    19:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:D7:5E:EA:8D:95:51:54:BC:0A:50:98:1C:43:77:4C:9E:B8:3D:C5
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/atde6o2VUVS8ClCYHEN3TJ64PcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.226.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:f4:d0:c8:21:4c:0f:fd:96:c6:77:18:51:0a:07:2e:4f:93:
         22:d2:13:ff:78:fe:5b:ed:42:dd:70:1d:01:cd:53:28:6d:a7:
         be:88:3a:2e:2e:cd:9c:0e:9c:58:f1:ff:2d:d5:9c:e6:39:7e:
         9a:c0:8b:64:31:5f:d0:b3:b6:9d:a5:3d:8c:51:ef:9d:77:3e:
         2d:5a:49:ee:05:78:e5:f3:31:ec:1f:4a:e9:b0:32:ad:58:21:
         82:26:41:61:a9:db:e8:03:5f:f3:30:28:0a:33:fc:ee:b7:da:
         b2:9a:88:7c:5d:f9:71:ca:02:ab:c4:81:18:30:dc:a4:ad:34:
         40:13:3a:7e:df:dc:11:43:55:66:a0:b6:9d:6d:39:41:24:7c:
         72:98:3b:c5:bc:ca:e9:83:a3:df:d4:7f:8e:5f:2d:9f:28:e5:
         a6:cc:cd:2c:77:84:37:7f:5f:87:b0:96:f7:93:2e:99:6b:ef:
         d9:11:71:f3:96:a6:94:9c:a8:42:b8:d5:97:8c:22:50:f4:a2:
         95:d7:64:76:39:60:7c:02:85:0e:d3:80:e4:db:a7:7f:b3:87:
         e2:c0:0c:9b:1b:5d:72:79:9a:67:c1:4d:ae:c4:09:43:e8:89:
         11:22:cd:db:ba:6d:81:c7:71:42:d4:46:e1:7a:57:72:fc:82:
         6c:fa:2e:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1om3rUEHnZwp4lb6C79dCDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjQwMjAyMDY1NzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWQ3NWVlYThkOTU1MTU0YmMwYTUwOTgxYzQzNzc0YzllYjgzZGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSIcMwxihvQ4jCIuRfRgPiqARJdI
NCcXWY29LN5WgKhfLKcgLZd4AWscXOPB5BbMk0ak02UTWMy3t8FsinrGbtztgovo
n0LNJlAUAjzcGmFPUbddoHZnwIJR2sIqSxBR8QJfu4///EPyvFoMniTJs2o2LJxU
OQvz9jU6xvGKc1ZYNQEWlU/YYgZVetvZI1Ga2RJGX/AWSZUHvyAc2R9PEKWOteq/
Ae5ZUTDbo2RK6mBaI9QD5g/VvAbRSDi1+3z6D1Cs3fzDJoFRLV/uNFSolwqOIT5Y
pAB/90dehwSuP42Dv8tpdv2hswK1YNPNBoejLOMcf8ykxhGpjF2BvVwZDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGrXXuqNlVFUvApQmBxDd0yeuD3FMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvYXRkZTZvMlZVVlM4Q2xDWUhFTjNUSjY0UGNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjeL2MA0G
CSqGSIb3DQEBCwUAA4IBAQCS9NDIIUwP/ZbGdxhRCgcuT5Mi0hP/eP5b7ULdcB0B
zVMobae+iDouLs2cDpxY8f8t1ZzmOX6awItkMV/Qs7adpT2MUe+ddz4tWknuBXjl
8zHsH0rpsDKtWCGCJkFhqdvoA1/zMCgKM/zut9qymoh8XflxygKrxIEYMNykrTRA
Ezp+39wRQ1VmoLadbTlBJHxymDvFvMrpg6Pf1H+OXy2fKOWmzM0sd4Q3f1+HsJb3
ky6Za+/ZEXHzlqaUnKhCuNWXjCJQ9KKV12R2OWB8AoUO04Dk26d/s4fiwAybG11y
eZpnwU2uxAlD6IkRIs3bum2Bx3FC1Ebheldy/IJs+i4q
-----END CERTIFICATE-----