Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/pkJ995NiuUP8QD6ER4F1xxvcBu0.roa
File:                     pkJ995NiuUP8QD6ER4F1xxvcBu0.roa (raw, json)
Hash identifier:          r+6yDPX3HDEpLU9NuQfre/ZR6BWuiF/+21B1j1xMWdo=
Subject key identifier:   A6:42:7D:F7:93:62:B9:43:FC:40:3E:84:47:81:75:C7:1B:DC:06:ED
Certificate issuer:       /CN=ff698eeb2e49fcb5f9c65a99857af29ce06641d9
Certificate serial:       018CC6499C263FB543D8EE44D2EC52811F98
Authority key identifier: FF:69:8E:EB:2E:49:FC:B5:F9:C6:5A:99:85:7A:F2:9C:E0:66:41:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/pkJ995NiuUP8QD6ER4F1xxvcBu0.roa
Signing time:             Mon 01 Jan 2024 18:29:22 +0000
ROA not before:           Mon 01 Jan 2024 18:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206600
IP address blocks:        212.70.164.0/24 maxlen: 24
                          195.244.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:9c:26:3f:b5:43:d8:ee:44:d2:ec:52:81:1f:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff698eeb2e49fcb5f9c65a99857af29ce06641d9
        Validity
            Not Before: Jan  1 18:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6427df79362b943fc403e84478175c71bdc06ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d2:69:9c:2e:5b:f2:74:88:13:49:7a:72:df:
                    64:8d:a5:f7:b7:03:38:f2:42:fb:bf:ed:98:fc:0f:
                    10:57:69:a9:f7:30:3a:6e:f9:b4:1d:50:53:b2:e6:
                    2f:29:1b:29:31:b2:e5:30:b6:fe:f4:70:db:e2:5b:
                    d0:30:29:38:32:cd:ef:01:af:ce:bd:f0:24:35:d7:
                    53:ac:e2:25:d7:ea:ff:bd:c4:1b:d8:33:52:a8:af:
                    fb:66:b4:3e:02:82:ea:15:78:90:d3:45:23:6e:0e:
                    fa:45:ae:fa:b6:8b:19:29:e0:42:65:c8:ad:c3:be:
                    96:b9:cb:22:3a:57:3e:29:31:bb:9f:46:a6:dc:47:
                    d7:81:5f:60:53:9e:6f:c2:94:a0:10:09:3f:38:cc:
                    0d:4c:76:d3:3c:ed:c2:63:6f:69:e4:8d:7b:ff:1a:
                    98:06:50:88:7e:a0:fe:f7:4a:65:4f:10:6c:ea:7c:
                    a7:bc:32:21:ba:78:5e:87:3d:31:f7:23:f1:13:95:
                    88:f6:0e:4c:a9:0c:fc:2c:8c:6f:3d:72:03:9d:a4:
                    d0:ad:81:7a:da:1c:66:b5:1f:5b:31:0e:70:05:a9:
                    e6:92:9c:9c:f0:3e:96:0c:da:54:4f:0e:ce:4e:d3:
                    c0:fc:6e:a7:76:9d:cd:54:d1:14:05:63:35:a3:4b:
                    3a:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:42:7D:F7:93:62:B9:43:FC:40:3E:84:47:81:75:C7:1B:DC:06:ED
            X509v3 Authority Key Identifier:
                keyid:FF:69:8E:EB:2E:49:FC:B5:F9:C6:5A:99:85:7A:F2:9C:E0:66:41:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/pkJ995NiuUP8QD6ER4F1xxvcBu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.244.159.0/24
                  212.70.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:6a:e4:57:b9:d6:59:c2:45:45:43:66:51:9a:0f:83:08:c3:
         f4:9f:68:8d:aa:07:bb:62:82:a8:eb:ca:6d:25:05:ef:b6:5d:
         08:84:9e:a8:35:f2:63:c4:de:6c:46:f1:9f:14:96:3f:0c:16:
         cf:83:90:de:67:37:25:fe:71:df:5f:90:7f:5c:c6:9b:9b:2c:
         81:80:d8:5c:d5:b0:13:c1:4c:ba:56:a0:dd:cb:77:fd:2f:dc:
         33:7a:27:16:8d:21:93:0a:0a:65:8b:cb:a4:2a:21:21:e7:57:
         b5:c7:7d:86:0e:7f:0d:60:e7:25:4b:c8:e3:5a:ab:be:39:b5:
         49:03:ad:06:96:b4:84:66:76:cc:fa:05:d0:cc:f8:3d:e2:40:
         34:2d:e7:fd:49:52:3c:84:ea:9f:31:0c:f6:81:3d:80:8f:c5:
         52:f4:69:d5:6f:15:45:50:ab:55:97:c9:43:5b:a4:a3:93:e6:
         93:bd:2b:2b:28:2b:9f:46:da:a6:5e:87:67:b5:c0:d2:55:1b:
         1d:86:ac:df:87:e2:db:79:ad:1a:cc:fd:8b:e9:13:a5:50:a8:
         16:93:a5:d4:72:7d:f9:86:d4:35:3e:6e:3e:cd:ad:40:91:56:
         73:ab:1f:4b:d0:a6:0a:3e:6d:f8:72:af:d4:f7:a1:1f:b3:58:
         a3:16:ab:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSZwmP7VD2O5E0uxSgR+YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNjk4ZWViMmU0OWZjYjVmOWM2NWE5OTg1N2FmMjljZTA2
NjQxZDkwHhcNMjQwMTAxMTgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjQyN2RmNzkzNjJiOTQzZmM0MDNlODQ0NzgxNzVjNzFiZGMwNmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0tJpnC5b8nSIE0l6ct9kjaX3twM4
8kL7v+2Y/A8QV2mp9zA6bvm0HVBTsuYvKRspMbLlMLb+9HDb4lvQMCk4Ms3vAa/O
vfAkNddTrOIl1+r/vcQb2DNSqK/7ZrQ+AoLqFXiQ00Ujbg76Ra76tosZKeBCZcit
w76WucsiOlc+KTG7n0am3EfXgV9gU55vwpSgEAk/OMwNTHbTPO3CY29p5I17/xqY
BlCIfqD+90plTxBs6nynvDIhunhehz0x9yPxE5WI9g5MqQz8LIxvPXIDnaTQrYF6
2hxmtR9bMQ5wBanmkpyc8D6WDNpUTw7OTtPA/G6ndp3NVNEUBWM1o0s6iwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKZCffeTYrlD/EA+hEeBdccb3AbtMB8GA1UdIwQY
MBaAFP9pjusuSfy1+cZamYV68pzgZkHZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzJtTzZ5NUpfTFg1eGxxWmhYcnluT0JtUWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNGQ3NWQtOTUzYS00MDM2LTk4Mzkt
NTdjZDY4ZDljYjRlLzEvcGtKOTk1Tml1VVA4UUQ2RVI0RjF4eHZjQnUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNGQ3NWQtOTUzYS00MDM2LTk4MzktNTdjZDY4ZDljYjRl
LzEvXzJtTzZ5NUpfTFg1eGxxWmhYcnluT0JtUWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw/SfAwQA
1EakMA0GCSqGSIb3DQEBCwUAA4IBAQBCauRXudZZwkVFQ2ZRmg+DCMP0n2iNqge7
YoKo68ptJQXvtl0IhJ6oNfJjxN5sRvGfFJY/DBbPg5DeZzcl/nHfX5B/XMabmyyB
gNhc1bATwUy6VqDdy3f9L9wzeicWjSGTCgpli8ukKiEh51e1x32GDn8NYOclS8jj
Wqu+ObVJA60GlrSEZnbM+gXQzPg94kA0Lef9SVI8hOqfMQz2gT2Aj8VS9GnVbxVF
UKtVl8lDW6Sjk+aTvSsrKCufRtqmXodntcDSVRsdhqzfh+Lbea0azP2L6ROlUKgW
k6XUcn35htQ1Pm4+za1AkVZzqx9L0KYKPm34cq/U96Efs1ijFqtD
-----END CERTIFICATE-----