Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/161daf-248f-4e3a-8beb-77efbc362503/1/DdB9Qhn4EYI41S3iKzilnZ5fOWo.roa
File:                     DdB9Qhn4EYI41S3iKzilnZ5fOWo.roa (raw, json)
Hash identifier:          kTuM8tXGjDXAEO5krla9vCMyLMIh0HsvB3TD6fdsaxU=
Subject key identifier:   0D:D0:7D:42:19:F8:11:82:38:D5:2D:E2:2B:38:A5:9D:9E:5F:39:6A
Certificate issuer:       /CN=19ca39890f97f728152bcd85c236d8e5ff460429
Certificate serial:       018CC8016F193FE85C01A54DB7EA28D2AB55
Authority key identifier: 19:CA:39:89:0F:97:F7:28:15:2B:CD:85:C2:36:D8:E5:FF:46:04:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gco5iQ-X9ygVK82FwjbY5f9GBCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/161daf-248f-4e3a-8beb-77efbc362503/1/DdB9Qhn4EYI41S3iKzilnZ5fOWo.roa
Signing time:             Tue 02 Jan 2024 02:29:46 +0000
ROA not before:           Tue 02 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     559
IP address blocks:        141.249.0.0/16 maxlen: 24
                          2001:67c:13c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/161daf-248f-4e3a-8beb-77efbc362503/1/Gco5iQ-X9ygVK82FwjbY5f9GBCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/161daf-248f-4e3a-8beb-77efbc362503/1/Gco5iQ-X9ygVK82FwjbY5f9GBCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gco5iQ-X9ygVK82FwjbY5f9GBCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6f:19:3f:e8:5c:01:a5:4d:b7:ea:28:d2:ab:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19ca39890f97f728152bcd85c236d8e5ff460429
        Validity
            Not Before: Jan  2 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dd07d4219f8118238d52de22b38a59d9e5f396a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f1:11:bf:be:0c:cc:1b:5a:d3:f9:64:20:ec:
                    3f:2c:36:d1:a8:92:a1:e2:e0:9a:48:9a:2e:bb:50:
                    26:f9:4d:0c:0f:ee:bd:70:3a:40:83:9a:9f:24:4a:
                    d8:94:45:51:4f:ac:67:a4:66:15:26:bb:e7:db:30:
                    d4:b7:08:0d:5a:ca:7d:b9:bd:28:16:1e:ef:eb:6e:
                    80:55:2e:f9:07:a2:a4:19:9e:18:a2:eb:34:ae:ec:
                    10:35:d1:1c:11:ab:02:bf:0e:98:de:d2:89:71:8f:
                    f7:46:ff:0b:b9:c1:1d:1c:9e:d6:24:1f:ab:d8:01:
                    79:ec:c9:94:e8:8b:f8:00:9d:0a:e1:45:21:bd:47:
                    2e:e2:c2:38:9b:7a:26:a1:42:53:98:a5:b9:48:c9:
                    31:75:c3:58:51:39:1c:fc:48:54:c3:b2:b4:f6:08:
                    4e:f4:94:17:c5:60:54:c4:a8:ea:08:19:ef:28:90:
                    ce:7b:57:77:26:a0:2d:3c:e1:e0:cf:e0:77:fa:9a:
                    3b:76:77:ed:4f:f1:01:82:b6:94:80:bf:a6:16:d7:
                    3a:fb:d6:ba:2b:7c:58:60:97:e6:ee:09:2b:cd:f2:
                    e2:c5:0b:bc:9a:d7:3d:1e:bc:5d:ce:ac:3e:77:da:
                    34:35:fe:83:a6:62:b3:91:04:61:d0:02:b9:6a:23:
                    4d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:D0:7D:42:19:F8:11:82:38:D5:2D:E2:2B:38:A5:9D:9E:5F:39:6A
            X509v3 Authority Key Identifier:
                keyid:19:CA:39:89:0F:97:F7:28:15:2B:CD:85:C2:36:D8:E5:FF:46:04:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gco5iQ-X9ygVK82FwjbY5f9GBCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/161daf-248f-4e3a-8beb-77efbc362503/1/DdB9Qhn4EYI41S3iKzilnZ5fOWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/161daf-248f-4e3a-8beb-77efbc362503/1/Gco5iQ-X9ygVK82FwjbY5f9GBCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.249.0.0/16
                IPv6:
                  2001:67c:13c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:95:0a:e1:6f:1a:4c:44:66:4e:13:f7:a8:93:12:33:f7:46:
         e7:2c:ad:38:7b:6d:8d:36:90:93:ab:78:ac:41:0c:2e:15:2e:
         2a:28:b7:ec:03:93:72:7e:57:11:62:ed:44:c2:76:19:a1:34:
         e4:69:7c:23:bb:1b:f0:5d:3c:d0:04:fc:12:1f:9c:38:dd:59:
         eb:e6:23:37:94:38:7a:c1:b0:42:74:69:b2:d0:4d:a2:03:75:
         fc:a8:a7:ea:20:c2:b4:fe:3f:53:f5:bc:5d:d7:53:52:59:3a:
         82:09:7f:62:0d:c1:75:3d:31:b1:f0:f1:27:03:9e:26:26:14:
         53:d5:13:d6:60:78:6a:5f:99:a5:3b:0b:fa:66:75:8c:8e:c3:
         b6:f0:c4:9d:73:de:f4:3e:3a:d1:28:ef:5f:ef:b7:be:4e:ae:
         da:99:4a:95:a7:84:34:cf:5e:19:d7:c9:57:db:2f:19:9e:8d:
         40:ff:ae:48:2c:0e:5a:00:d4:18:75:d3:8e:a9:14:48:0a:4e:
         1c:55:41:51:c1:c9:17:1e:b7:85:0b:52:04:df:b9:ae:f1:a6:
         b0:bf:ad:02:a0:ae:a8:9a:2e:67:75:10:f5:28:98:d9:7f:05:
         b4:bd:af:fe:77:88:eb:69:9a:00:13:db:10:e1:47:70:58:c2:
         d2:62:8b:2a
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzIAW8ZP+hcAaVNt+oo0qtVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5Y2EzOTg5MGY5N2Y3MjgxNTJiY2Q4NWMyMzZkOGU1ZmY0
NjA0MjkwHhcNMjQwMTAyMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGQwN2Q0MjE5ZjgxMTgyMzhkNTJkZTIyYjM4YTU5ZDllNWYzOTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/ERv74MzBta0/lkIOw/LDbRqJKh
4uCaSJouu1Am+U0MD+69cDpAg5qfJErYlEVRT6xnpGYVJrvn2zDUtwgNWsp9ub0o
Fh7v626AVS75B6KkGZ4Yous0ruwQNdEcEasCvw6Y3tKJcY/3Rv8LucEdHJ7WJB+r
2AF57MmU6Iv4AJ0K4UUhvUcu4sI4m3omoUJTmKW5SMkxdcNYUTkc/EhUw7K09ghO
9JQXxWBUxKjqCBnvKJDOe1d3JqAtPOHgz+B3+po7dnftT/EBgraUgL+mFtc6+9a6
K3xYYJfm7gkrzfLixQu8mtc9Hrxdzqw+d9o0Nf6DpmKzkQRh0AK5aiNNBwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFA3QfUIZ+BGCONUt4is4pZ2eXzlqMB8GA1UdIwQY
MBaAFBnKOYkPl/coFSvNhcI22OX/RgQpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2NvNWlRLVg5eWdWSzgyRndqYlk1ZjlHQkNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8xNjFkYWYtMjQ4Zi00ZTNhLThiZWIt
NzdlZmJjMzYyNTAzLzEvRGRCOVFobjRFWUk0MVMzaUt6aWxuWjVmT1dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8xNjFkYWYtMjQ4Zi00ZTNhLThiZWItNzdlZmJjMzYyNTAz
LzEvR2NvNWlRLVg5eWdWSzgyRndqYlk1ZjlHQkNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjALBAIAATAFAwMAjfkwDwQC
AAIwCQMHACABBnwTwDANBgkqhkiG9w0BAQsFAAOCAQEAT5UK4W8aTERmThP3qJMS
M/dG5yytOHttjTaQk6t4rEEMLhUuKii37AOTcn5XEWLtRMJ2GaE05Gl8I7sb8F08
0AT8Eh+cON1Z6+YjN5Q4esGwQnRpstBNogN1/Kin6iDCtP4/U/W8XddTUlk6ggl/
Yg3BdT0xsfDxJwOeJiYUU9UT1mB4al+ZpTsL+mZ1jI7DtvDEnXPe9D460SjvX++3
vk6u2plKlaeENM9eGdfJV9svGZ6NQP+uSCwOWgDUGHXTjqkUSApOHFVBUcHJFx63
hQtSBN+5rvGmsL+tAqCuqJouZ3UQ9SiY2X8FtL2v/neI62maABPbEOFHcFjC0mKL
Kg==
-----END CERTIFICATE-----