Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/5fJJuelpSquZmOBRWsDNkipMohc.roa
File:                     5fJJuelpSquZmOBRWsDNkipMohc.roa (raw, json)
Hash identifier:          poFPD7f6fT85sw5L3r2NL8z6U/J4n2y0NWNJvRqQuq4=
Subject key identifier:   E5:F2:49:B9:E9:69:4A:AB:99:98:E0:51:5A:C0:CD:92:2A:4C:A2:17
Certificate issuer:       /CN=44af4b76312680e9d40a23b3ca2f19abf2f6c73b
Certificate serial:       01918E1800942D8F4B1AA35D84DE4121711B
Authority key identifier: 44:AF:4B:76:31:26:80:E9:D4:0A:23:B3:CA:2F:19:AB:F2:F6:C7:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/5fJJuelpSquZmOBRWsDNkipMohc.roa
Signing time:             Mon 26 Aug 2024 09:50:23 +0000
ROA not before:           Mon 26 Aug 2024 09:50:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57152
IP address blocks:        185.70.97.0/24 maxlen: 24
                          185.70.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8e:18:00:94:2d:8f:4b:1a:a3:5d:84:de:41:21:71:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44af4b76312680e9d40a23b3ca2f19abf2f6c73b
        Validity
            Not Before: Aug 26 09:50:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5f249b9e9694aab9998e0515ac0cd922a4ca217
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a4:97:95:61:b1:e3:f2:d1:ed:0a:47:f9:6a:
                    72:93:4c:23:8c:db:75:a1:02:d7:a4:19:f8:7f:00:
                    4f:a0:31:a9:e5:15:c6:86:6d:da:6a:29:fe:f6:8b:
                    58:39:d6:95:d5:c6:24:09:8a:3d:07:b5:5a:23:0d:
                    db:9a:2c:9e:2a:a1:25:5d:25:cb:de:3a:a5:ee:2f:
                    74:86:65:55:e7:72:af:c1:18:6f:c2:cb:2a:41:2f:
                    fb:1f:05:58:47:f6:fe:c4:b8:28:13:70:46:ce:0b:
                    fd:aa:f1:c1:63:35:97:f7:23:0f:84:40:bd:ee:c1:
                    6c:59:47:47:e1:8d:0d:40:a2:04:c7:44:06:da:f2:
                    20:7a:93:7b:c0:88:d2:17:dd:1e:bf:6b:f6:cb:9c:
                    ec:e1:4d:e0:30:4c:49:bb:ba:15:95:91:a8:69:f5:
                    a2:97:c9:9b:bf:89:f5:3c:dc:76:99:7a:df:48:73:
                    33:03:eb:a2:48:fc:bf:04:0a:1f:79:6f:b3:f7:c8:
                    4a:cd:a4:3c:8f:30:f7:3f:b0:52:fa:5a:41:e9:96:
                    c1:eb:e0:bf:db:fa:ba:86:ca:11:c7:cf:6a:be:12:
                    ec:57:1a:46:b1:e5:b5:c5:ea:b4:6d:3c:bd:b7:2a:
                    19:17:53:9a:91:34:b4:67:12:af:80:5f:96:83:76:
                    dd:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:F2:49:B9:E9:69:4A:AB:99:98:E0:51:5A:C0:CD:92:2A:4C:A2:17
            X509v3 Authority Key Identifier:
                keyid:44:AF:4B:76:31:26:80:E9:D4:0A:23:B3:CA:2F:19:AB:F2:F6:C7:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/5fJJuelpSquZmOBRWsDNkipMohc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.97.0/24
                  185.70.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:e6:b4:8d:16:11:ab:1f:f5:39:42:c2:31:d6:24:6a:7c:79:
         4b:69:de:95:aa:a8:d7:b3:31:7b:f2:13:74:a3:07:43:47:c1:
         60:52:82:60:a3:60:e4:df:10:61:0a:bd:b0:bc:67:41:67:df:
         47:92:b0:d2:e9:0f:c9:2f:ec:f9:de:79:f4:b2:a8:9e:eb:c4:
         ee:8e:6e:5c:a4:7e:29:3b:e4:60:77:59:9e:22:4a:f4:86:3a:
         e0:be:d4:31:16:d5:6a:04:e1:aa:40:15:6d:ec:84:bb:ce:61:
         93:ad:61:58:c1:85:e8:d3:2f:b8:53:f4:87:be:2c:ff:1c:35:
         0c:53:28:53:a2:f3:0c:e2:24:9b:75:ec:cc:c2:b5:6a:3c:ae:
         13:3b:40:e5:c0:ac:78:63:19:bc:b2:71:03:da:a2:bb:2c:61:
         a6:72:dd:d9:c6:59:16:77:f7:07:b6:da:1d:b5:49:c8:ee:bb:
         71:17:5c:92:9e:34:a7:25:9a:da:9c:75:01:08:bb:a1:5c:21:
         69:ae:b0:6c:93:3b:62:aa:48:1a:c8:58:60:f3:56:d2:d4:a3:
         5a:07:fb:b1:86:92:af:13:d2:61:ea:ca:99:a3:cc:c5:28:f5:
         ae:5e:26:56:a8:ad:3d:78:56:33:b8:d3:56:c9:33:59:14:15:
         4c:23:2b:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGOGACULY9LGqNdhN5BIXEbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0YWY0Yjc2MzEyNjgwZTlkNDBhMjNiM2NhMmYxOWFiZjJm
NmM3M2IwHhcNMjQwODI2MDk1MDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWYyNDliOWU5Njk0YWFiOTk5OGUwNTE1YWMwY2Q5MjJhNGNhMjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKSXlWGx4/LR7QpH+Wpyk0wjjNt1
oQLXpBn4fwBPoDGp5RXGhm3aain+9otYOdaV1cYkCYo9B7VaIw3bmiyeKqElXSXL
3jql7i90hmVV53KvwRhvwssqQS/7HwVYR/b+xLgoE3BGzgv9qvHBYzWX9yMPhEC9
7sFsWUdH4Y0NQKIEx0QG2vIgepN7wIjSF90ev2v2y5zs4U3gMExJu7oVlZGoafWi
l8mbv4n1PNx2mXrfSHMzA+uiSPy/BAofeW+z98hKzaQ8jzD3P7BS+lpB6ZbB6+C/
2/q6hsoRx89qvhLsVxpGseW1xeq0bTy9tyoZF1OakTS0ZxKvgF+Wg3bdVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOXySbnpaUqrmZjgUVrAzZIqTKIXMB8GA1UdIwQY
MBaAFESvS3YxJoDp1Aojs8ovGavy9sc7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUks5TGRqRW1nT25VQ2lPenlpOFpxX0wyeHpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi82ODVhYTEtZWYyMi00OGE1LWI3MGEt
NWVhOGY1M2FiNDkxLzEvNWZKSnVlbHBTcXVabU9CUldzRE5raXBNb2hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi82ODVhYTEtZWYyMi00OGE1LWI3MGEtNWVhOGY1M2FiNDkx
LzEvUks5TGRqRW1nT25VQ2lPenlpOFpxX0wyeHpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuUZhAwQA
uUZjMA0GCSqGSIb3DQEBCwUAA4IBAQBV5rSNFhGrH/U5QsIx1iRqfHlLad6VqqjX
szF78hN0owdDR8FgUoJgo2Dk3xBhCr2wvGdBZ99HkrDS6Q/JL+z53nn0sqie68Tu
jm5cpH4pO+Rgd1meIkr0hjrgvtQxFtVqBOGqQBVt7IS7zmGTrWFYwYXo0y+4U/SH
viz/HDUMUyhTovMM4iSbdezMwrVqPK4TO0DlwKx4Yxm8snED2qK7LGGmct3ZxlkW
d/cHttodtUnI7rtxF1ySnjSnJZranHUBCLuhXCFprrBskztiqkgayFhg81bS1KNa
B/uxhpKvE9Jh6sqZo8zFKPWuXiZWqK09eFYzuNNWyTNZFBVMIyv4
-----END CERTIFICATE-----