Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/0FfyJmN2EbnynffMxPrbFs3Kl2o.roa
File:                     0FfyJmN2EbnynffMxPrbFs3Kl2o.roa (raw, json)
Hash identifier:          SR9xAPs2ztA+mCPZ80CiyeJzbK42NiNkqWdD4hSu4LM=
Subject key identifier:   D0:57:F2:26:63:76:11:B9:F2:9D:F7:CC:C4:FA:DB:16:CD:CA:97:6A
Certificate issuer:       /CN=ff698eeb2e49fcb5f9c65a99857af29ce06641d9
Certificate serial:       018CC6499B3E5275F04815D36663040780DC
Authority key identifier: FF:69:8E:EB:2E:49:FC:B5:F9:C6:5A:99:85:7A:F2:9C:E0:66:41:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/0FfyJmN2EbnynffMxPrbFs3Kl2o.roa
Signing time:             Mon 01 Jan 2024 18:29:21 +0000
ROA not before:           Mon 01 Jan 2024 18:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41726
IP address blocks:        212.70.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:9b:3e:52:75:f0:48:15:d3:66:63:04:07:80:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff698eeb2e49fcb5f9c65a99857af29ce06641d9
        Validity
            Not Before: Jan  1 18:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d057f226637611b9f29df7ccc4fadb16cdca976a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:46:d3:3d:02:13:59:90:dd:4c:be:d5:b3:26:
                    32:e7:42:d4:78:bd:3b:fa:b0:7d:43:43:2c:cd:5c:
                    52:29:7a:73:30:da:60:b7:4c:27:29:89:5b:83:89:
                    d9:a1:43:42:d6:e5:e8:91:96:7b:61:38:85:fa:0e:
                    65:5d:15:43:b0:43:bc:fa:d7:e8:bc:12:b7:26:8b:
                    9e:6d:dc:a5:22:16:3b:2e:2e:3a:e9:b7:1a:dd:c8:
                    46:0b:7c:95:14:fc:71:a3:f0:3c:7f:61:d0:8e:0c:
                    75:89:3c:58:3a:d2:31:67:a7:41:26:58:8c:70:d1:
                    fe:d5:2c:d5:f6:0e:24:8e:39:88:55:96:1f:21:fc:
                    40:c0:e8:9c:1b:a8:33:02:c8:09:35:de:c8:82:5f:
                    5e:af:20:2c:ff:cc:7d:c1:3e:af:cb:fa:8e:d7:dd:
                    0b:47:1f:33:17:40:55:4f:8c:3e:50:1c:10:c6:d9:
                    05:c4:78:a5:79:a7:22:a4:20:ad:da:a2:c6:24:5b:
                    53:8b:3a:ac:9f:5d:37:ce:f4:02:ab:7b:56:bf:1e:
                    d6:35:af:d0:4b:0d:3e:84:cb:e1:dd:c4:a8:f5:ce:
                    79:06:d6:23:6a:8a:3d:02:fb:42:e6:4c:2b:67:9d:
                    02:84:06:46:55:77:70:b3:a0:cc:ac:ff:bf:49:78:
                    ac:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:57:F2:26:63:76:11:B9:F2:9D:F7:CC:C4:FA:DB:16:CD:CA:97:6A
            X509v3 Authority Key Identifier:
                keyid:FF:69:8E:EB:2E:49:FC:B5:F9:C6:5A:99:85:7A:F2:9C:E0:66:41:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/0FfyJmN2EbnynffMxPrbFs3Kl2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.70.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:27:25:cb:1f:30:88:24:7f:63:2b:74:a3:68:19:fc:e6:8d:
         99:9e:0c:61:53:e1:b9:97:d9:52:8e:16:e4:51:be:61:cb:93:
         73:a1:89:d0:72:8e:8e:06:be:5c:81:7e:9e:4d:d5:c0:5c:eb:
         62:8f:3b:16:f0:27:d3:04:9a:47:85:00:e0:de:d5:a2:c5:77:
         f6:bb:ee:32:c0:44:db:11:87:d4:21:a9:44:57:56:45:06:ef:
         3d:59:4c:4a:a6:c2:1a:0e:51:72:62:1b:bf:ff:37:1d:e7:78:
         ef:bb:a3:66:9c:b5:17:25:ec:41:b6:f5:e5:21:3d:39:fa:cd:
         c9:2b:e0:6f:a2:18:53:d2:4f:f7:06:e0:16:a5:c0:80:80:26:
         d6:f0:31:0b:63:ae:ad:2e:cb:c6:b8:97:e8:56:05:f9:2c:7c:
         5c:43:0e:7f:c1:93:1f:d7:e9:33:a3:4d:c5:a7:57:56:b6:ac:
         67:1c:5d:64:fa:6f:ec:12:2d:9d:63:29:9b:7c:99:02:96:93:
         9b:f4:bd:5b:54:5c:db:71:e0:41:05:de:38:97:f5:28:b1:45:
         94:fd:ce:d5:16:97:cd:a6:74:ac:f7:56:a7:5a:68:3d:56:d4:
         ad:62:7a:40:42:81:dc:ac:b6:0f:6e:38:74:8a:66:50:5e:e6:
         bc:8e:9d:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSZs+UnXwSBXTZmMEB4DcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNjk4ZWViMmU0OWZjYjVmOWM2NWE5OTg1N2FmMjljZTA2
NjQxZDkwHhcNMjQwMTAxMTgyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDU3ZjIyNjYzNzYxMWI5ZjI5ZGY3Y2NjNGZhZGIxNmNkY2E5NzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUbTPQITWZDdTL7VsyYy50LUeL07
+rB9Q0MszVxSKXpzMNpgt0wnKYlbg4nZoUNC1uXokZZ7YTiF+g5lXRVDsEO8+tfo
vBK3JouebdylIhY7Li466bca3chGC3yVFPxxo/A8f2HQjgx1iTxYOtIxZ6dBJliM
cNH+1SzV9g4kjjmIVZYfIfxAwOicG6gzAsgJNd7Igl9eryAs/8x9wT6vy/qO190L
Rx8zF0BVT4w+UBwQxtkFxHileacipCCt2qLGJFtTizqsn103zvQCq3tWvx7WNa/Q
Sw0+hMvh3cSo9c55BtYjaoo9AvtC5kwrZ50ChAZGVXdws6DMrP+/SXisLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBX8iZjdhG58p33zMT62xbNypdqMB8GA1UdIwQY
MBaAFP9pjusuSfy1+cZamYV68pzgZkHZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzJtTzZ5NUpfTFg1eGxxWmhYcnluT0JtUWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNGQ3NWQtOTUzYS00MDM2LTk4Mzkt
NTdjZDY4ZDljYjRlLzEvMEZmeUptTjJFYm55bmZmTXhQcmJGczNLbDJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNGQ3NWQtOTUzYS00MDM2LTk4MzktNTdjZDY4ZDljYjRl
LzEvXzJtTzZ5NUpfTFg1eGxxWmhYcnluT0JtUWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Ea4MA0G
CSqGSIb3DQEBCwUAA4IBAQBkJyXLHzCIJH9jK3SjaBn85o2ZngxhU+G5l9lSjhbk
Ub5hy5NzoYnQco6OBr5cgX6eTdXAXOtijzsW8CfTBJpHhQDg3tWixXf2u+4ywETb
EYfUIalEV1ZFBu89WUxKpsIaDlFyYhu//zcd53jvu6NmnLUXJexBtvXlIT05+s3J
K+BvohhT0k/3BuAWpcCAgCbW8DELY66tLsvGuJfoVgX5LHxcQw5/wZMf1+kzo03F
p1dWtqxnHF1k+m/sEi2dYymbfJkClpOb9L1bVFzbceBBBd44l/UosUWU/c7VFpfN
pnSs91anWmg9VtStYnpAQoHcrLYPbjh0imZQXua8jp1j
-----END CERTIFICATE-----