Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/qKYVM3P93nRLVm1u2UrwJZv55bk.roa
File:                     qKYVM3P93nRLVm1u2UrwJZv55bk.roa (raw, json)
Hash identifier:          KSRsXe0OKgKTS1RVQSoIU/On2UiXlk0V9ZkfCB9F0RQ=
Subject key identifier:   A8:A6:15:33:73:FD:DE:74:4B:56:6D:6E:D9:4A:F0:25:9B:F9:E5:B9
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       0191C78A1B4C0290FC1790EA699CCCFE6541
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/qKYVM3P93nRLVm1u2UrwJZv55bk.roa
Signing time:             Fri 06 Sep 2024 13:33:22 +0000
ROA not before:           Fri 06 Sep 2024 13:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199393
IP address blocks:        141.226.241.0/24 maxlen: 24
                          141.226.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c7:8a:1b:4c:02:90:fc:17:90:ea:69:9c:cc:fe:65:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Sep  6 13:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8a6153373fdde744b566d6ed94af0259bf9e5b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:49:32:b2:20:9e:27:0e:89:d0:b4:36:b4:75:
                    65:96:b6:c8:82:d2:0f:b3:a5:ce:89:3d:14:55:c7:
                    9d:7c:ff:f8:b4:c0:a2:3c:3d:1b:c8:24:23:ab:86:
                    60:bf:e4:01:07:d4:85:02:21:ea:cf:d8:df:c2:04:
                    15:0f:39:d6:ac:6b:9d:26:54:ef:bc:55:1e:63:db:
                    51:ff:10:d4:71:c0:76:e7:4f:16:42:b6:51:a2:92:
                    1e:71:66:b3:fa:cc:81:52:05:97:85:c6:dc:d7:e7:
                    21:a3:ab:61:ce:ed:8a:db:a5:c0:b5:ff:0d:69:5e:
                    fb:51:4d:ff:23:a7:94:5c:ff:55:dd:94:ad:b6:93:
                    5b:14:9c:e7:69:ed:e7:e6:8a:33:65:05:5f:d1:63:
                    33:a0:e2:4a:92:a3:ef:e3:1c:9e:b8:f6:f5:de:2b:
                    1c:3f:de:a5:f3:2d:80:a7:37:3f:fa:5c:a9:21:ce:
                    e0:f8:0b:11:ef:65:52:d2:92:29:b6:f7:58:9e:27:
                    84:21:17:d7:5a:45:64:6d:f4:1d:5d:77:a0:6c:06:
                    19:55:94:23:87:ba:97:a8:52:d1:e4:2e:dc:63:ee:
                    22:49:ad:c8:d9:89:04:e2:fa:6a:e7:5c:de:e8:ef:
                    4a:35:00:1b:c4:07:f3:a2:ec:c0:aa:2d:f1:48:ac:
                    aa:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:A6:15:33:73:FD:DE:74:4B:56:6D:6E:D9:4A:F0:25:9B:F9:E5:B9
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/qKYVM3P93nRLVm1u2UrwJZv55bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.226.241.0-141.226.242.255

    Signature Algorithm: sha256WithRSAEncryption
         15:27:8f:17:b1:ce:9d:45:da:ed:da:ae:f8:c1:0f:79:35:69:
         9d:17:c7:02:9e:04:58:77:f6:d8:56:a7:0e:30:0e:cc:c9:96:
         8a:a7:c0:4a:5e:ed:e6:6e:5e:f8:ee:14:a6:7e:88:7e:1d:48:
         7f:23:14:8c:7c:fa:4e:4a:f3:78:ae:ba:42:18:8b:bd:3f:a9:
         0d:c2:38:0a:41:89:4c:6e:26:0f:06:f4:40:1a:45:58:1d:f8:
         43:84:42:aa:5d:f5:35:dd:c2:d4:e1:88:e2:13:b5:3a:dc:ef:
         18:1b:5b:f7:3f:ae:8b:0e:52:74:f4:e5:78:85:e8:bc:31:b1:
         e7:36:2d:65:e4:7c:39:e6:60:a9:0d:1f:3d:44:d0:96:74:5d:
         67:85:bc:1e:72:13:99:a9:cc:3c:d4:dd:63:bf:c4:a8:cf:3a:
         34:99:05:cd:1c:8f:dd:c1:ba:8b:27:9c:71:2a:a9:7f:97:ef:
         17:c4:1e:c6:10:c3:d9:d7:c6:bc:44:51:a1:9c:58:fe:14:e3:
         cb:70:3f:1e:93:d0:e8:9d:b5:f1:83:b1:e7:c9:15:8a:f1:90:
         83:4d:c5:e5:c5:45:5b:60:61:40:63:b0:11:52:c4:df:fa:60:
         0f:2e:29:fd:2b:01:33:97:1a:8e:b4:d4:ac:db:8d:46:11:56:
         6b:86:92:ec
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZHHihtMApD8F5DqaZzM/mVBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjQwOTA2MTMzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGE2MTUzMzczZmRkZTc0NGI1NjZkNmVkOTRhZjAyNTliZjllNWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0kysiCeJw6J0LQ2tHVllrbIgtIP
s6XOiT0UVcedfP/4tMCiPD0byCQjq4Zgv+QBB9SFAiHqz9jfwgQVDznWrGudJlTv
vFUeY9tR/xDUccB2508WQrZRopIecWaz+syBUgWXhcbc1+cho6thzu2K26XAtf8N
aV77UU3/I6eUXP9V3ZSttpNbFJznae3n5oozZQVf0WMzoOJKkqPv4xyeuPb13isc
P96l8y2Apzc/+lypIc7g+AsR72VS0pIptvdYnieEIRfXWkVkbfQdXXegbAYZVZQj
h7qXqFLR5C7cY+4iSa3I2YkE4vpq51ze6O9KNQAbxAfzouzAqi3xSKyqlwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKimFTNz/d50S1ZtbtlK8CWb+eW5MB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvcUtZVk0zUDkzblJMVm0xdTJVcndKWnY1NWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACN4vED
BACN4vIwDQYJKoZIhvcNAQELBQADggEBABUnjxexzp1F2u3arvjBD3k1aZ0XxwKe
BFh39thWpw4wDszJloqnwEpe7eZuXvjuFKZ+iH4dSH8jFIx8+k5K83iuukIYi70/
qQ3COApBiUxuJg8G9EAaRVgd+EOEQqpd9TXdwtThiOITtTrc7xgbW/c/rosOUnT0
5XiF6Lwxsec2LWXkfDnmYKkNHz1E0JZ0XWeFvB5yE5mpzDzU3WO/xKjPOjSZBc0c
j93BuosnnHEqqX+X7xfEHsYQw9nXxrxEUaGcWP4U48twPx6T0OidtfGDsefJFYrx
kINNxeXFRVtgYUBjsBFSxN/6YA8uKf0rATOXGo601KzbjUYRVmuGkuw=
-----END CERTIFICATE-----