Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/7KkW14ahMzeaT8EoEQ23HB7RNXo.roa
File:                     7KkW14ahMzeaT8EoEQ23HB7RNXo.roa (raw, json)
Hash identifier:          o5D0+Zq1jCZzwXVpNDpv1ot0oIEGzoIraQrW/aJdrVk=
Subject key identifier:   EC:A9:16:D7:86:A1:33:37:9A:4F:C1:28:11:0D:B7:1C:1E:D1:35:7A
Certificate issuer:       /CN=ff698eeb2e49fcb5f9c65a99857af29ce06641d9
Certificate serial:       018CC6499C60749009FC1D39C4C7D02C8C8A
Authority key identifier: FF:69:8E:EB:2E:49:FC:B5:F9:C6:5A:99:85:7A:F2:9C:E0:66:41:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/7KkW14ahMzeaT8EoEQ23HB7RNXo.roa
Signing time:             Mon 01 Jan 2024 18:29:22 +0000
ROA not before:           Mon 01 Jan 2024 18:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208284
IP address blocks:        212.70.172.0/24 maxlen: 24
                          212.70.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:9c:60:74:90:09:fc:1d:39:c4:c7:d0:2c:8c:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff698eeb2e49fcb5f9c65a99857af29ce06641d9
        Validity
            Not Before: Jan  1 18:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eca916d786a133379a4fc128110db71c1ed1357a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:d8:e0:53:20:cc:88:b7:bd:a2:7c:a9:3c:06:
                    e2:e1:d3:80:3a:e3:7d:f4:06:e5:fa:93:d4:47:5a:
                    f1:47:68:56:e8:6b:60:73:2e:30:8e:9a:39:23:a1:
                    25:8e:24:34:a1:82:39:ac:df:72:4c:e5:aa:81:11:
                    e0:c4:ab:4c:b3:07:37:61:d1:75:1a:de:8d:2b:45:
                    af:7e:d6:8c:d0:e6:11:3d:7b:25:14:8f:f2:0d:dc:
                    5e:cc:c4:4d:28:f9:e0:41:63:57:57:b8:f8:c4:59:
                    bd:a6:5a:89:86:f9:5e:02:55:3c:bc:3c:99:16:6d:
                    42:ee:7b:24:7b:44:d4:d4:8b:ee:59:66:fe:ae:9b:
                    ff:7b:a6:c6:47:fa:86:15:2a:94:30:c0:47:18:bc:
                    ff:64:7d:17:f6:63:1b:16:c5:04:51:15:45:75:32:
                    fc:67:6a:85:32:e3:c8:f9:6c:0d:0f:3b:3a:54:67:
                    a3:b4:a7:9f:4a:59:19:61:b4:e7:e2:7e:80:66:b2:
                    81:91:ec:2f:20:9c:4b:4e:df:b5:7e:3d:00:f2:c1:
                    1a:83:b4:32:d6:c9:95:7e:cf:04:ea:fd:d2:ca:60:
                    bc:48:49:e4:5b:95:42:de:4f:6d:97:ec:fd:f0:f9:
                    34:7c:0d:36:c3:63:49:e7:dd:61:13:3b:1b:05:47:
                    61:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:A9:16:D7:86:A1:33:37:9A:4F:C1:28:11:0D:B7:1C:1E:D1:35:7A
            X509v3 Authority Key Identifier:
                keyid:FF:69:8E:EB:2E:49:FC:B5:F9:C6:5A:99:85:7A:F2:9C:E0:66:41:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/7KkW14ahMzeaT8EoEQ23HB7RNXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.70.172.0/24
                  212.70.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:1c:06:9a:a7:13:70:4a:e0:84:05:73:02:4b:6a:ca:21:81:
         63:5c:7b:e6:05:8e:28:c7:8b:3f:44:d1:2d:e5:c9:5b:77:a4:
         ba:5c:f0:7e:b8:6d:02:dc:15:e7:cf:70:f5:37:e6:df:11:4c:
         16:a0:4a:a8:c6:a0:45:11:a0:2b:2e:10:ec:5b:1c:2d:bf:f5:
         38:b2:f9:06:4a:5d:4f:7e:fa:13:4f:ed:42:12:1d:48:7e:49:
         ba:d1:3c:51:c3:b2:57:b0:ac:7d:f5:52:22:c8:15:c7:23:19:
         98:5d:64:62:48:08:04:d6:e5:96:59:9e:8a:ae:85:4b:69:04:
         bc:bd:1e:db:22:13:4e:38:96:aa:93:8d:44:87:65:81:23:63:
         49:2b:b2:c6:ab:c3:bd:6e:a0:cc:f3:3c:0c:56:0d:87:c5:26:
         42:91:8b:39:50:98:ab:ae:09:be:b2:cb:cd:44:0f:58:0c:7c:
         a8:06:c7:5b:47:dc:44:ac:ed:5c:53:3a:2e:93:f5:9f:43:d4:
         19:b3:56:93:d1:1e:19:d5:69:28:cd:1e:75:70:14:fd:13:90:
         8a:f0:57:43:63:ef:52:dc:87:21:11:08:23:e4:6f:73:93:61:
         6a:e4:e7:de:88:f6:ce:c4:08:e8:ec:99:13:a5:c7:02:58:c0:
         e1:64:91:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSZxgdJAJ/B05xMfQLIyKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNjk4ZWViMmU0OWZjYjVmOWM2NWE5OTg1N2FmMjljZTA2
NjQxZDkwHhcNMjQwMTAxMTgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2E5MTZkNzg2YTEzMzM3OWE0ZmMxMjgxMTBkYjcxYzFlZDEzNTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNjgUyDMiLe9onypPAbi4dOAOuN9
9Abl+pPUR1rxR2hW6Gtgcy4wjpo5I6EljiQ0oYI5rN9yTOWqgRHgxKtMswc3YdF1
Gt6NK0WvftaM0OYRPXslFI/yDdxezMRNKPngQWNXV7j4xFm9plqJhvleAlU8vDyZ
Fm1C7nske0TU1IvuWWb+rpv/e6bGR/qGFSqUMMBHGLz/ZH0X9mMbFsUEURVFdTL8
Z2qFMuPI+WwNDzs6VGejtKefSlkZYbTn4n6AZrKBkewvIJxLTt+1fj0A8sEag7Qy
1smVfs8E6v3SymC8SEnkW5VC3k9tl+z98Pk0fA02w2NJ591hEzsbBUdhpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOypFteGoTM3mk/BKBENtxwe0TV6MB8GA1UdIwQY
MBaAFP9pjusuSfy1+cZamYV68pzgZkHZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzJtTzZ5NUpfTFg1eGxxWmhYcnluT0JtUWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNGQ3NWQtOTUzYS00MDM2LTk4Mzkt
NTdjZDY4ZDljYjRlLzEvN0trVzE0YWhNemVhVDhFb0VRMjNIQjdSTlhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNGQ3NWQtOTUzYS00MDM2LTk4MzktNTdjZDY4ZDljYjRl
LzEvXzJtTzZ5NUpfTFg1eGxxWmhYcnluT0JtUWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1EasAwQA
1EauMA0GCSqGSIb3DQEBCwUAA4IBAQCEHAaapxNwSuCEBXMCS2rKIYFjXHvmBY4o
x4s/RNEt5clbd6S6XPB+uG0C3BXnz3D1N+bfEUwWoEqoxqBFEaArLhDsWxwtv/U4
svkGSl1PfvoTT+1CEh1Ifkm60TxRw7JXsKx99VIiyBXHIxmYXWRiSAgE1uWWWZ6K
roVLaQS8vR7bIhNOOJaqk41Eh2WBI2NJK7LGq8O9bqDM8zwMVg2HxSZCkYs5UJir
rgm+ssvNRA9YDHyoBsdbR9xErO1cUzouk/WfQ9QZs1aT0R4Z1WkozR51cBT9E5CK
8FdDY+9S3IchEQgj5G9zk2Fq5OfeiPbOxAjo7JkTpccCWMDhZJF2
-----END CERTIFICATE-----