Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/FxOFnIJj72dLCCM7bwXDQ_-8sbo.roa
File:                     FxOFnIJj72dLCCM7bwXDQ_-8sbo.roa (raw, json)
Hash identifier:          6VByoXEVRG1vDUi8zLRamkNG5NFypwd5VPiQ4QpJXJQ=
Subject key identifier:   17:13:85:9C:82:63:EF:67:4B:08:23:3B:6F:05:C3:43:FF:BC:B1:BA
Certificate issuer:       /CN=44af4b76312680e9d40a23b3ca2f19abf2f6c73b
Certificate serial:       018CC501199D34154B5BB33E537FA27CF70F
Authority key identifier: 44:AF:4B:76:31:26:80:E9:D4:0A:23:B3:CA:2F:19:AB:F2:F6:C7:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/FxOFnIJj72dLCCM7bwXDQ_-8sbo.roa
Signing time:             Mon 01 Jan 2024 12:30:32 +0000
ROA not before:           Mon 01 Jan 2024 12:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42910
IP address blocks:        185.70.96.0/24 maxlen: 24
                          185.70.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:19:9d:34:15:4b:5b:b3:3e:53:7f:a2:7c:f7:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44af4b76312680e9d40a23b3ca2f19abf2f6c73b
        Validity
            Not Before: Jan  1 12:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1713859c8263ef674b08233b6f05c343ffbcb1ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:27:1d:32:c5:13:74:cd:7f:a4:7e:a7:5c:25:
                    a9:54:f8:b6:d7:f1:8f:cd:2f:f2:b5:43:17:dd:8c:
                    53:89:ea:c9:ea:4f:83:15:88:ea:8e:70:24:1b:c6:
                    4b:f2:41:af:b9:63:e2:1d:0e:3a:58:f7:dd:21:00:
                    46:f5:4d:88:90:0c:2a:e9:f4:95:e3:b0:51:2a:16:
                    96:cf:31:61:e1:69:49:e1:b4:84:6c:bf:13:cf:7f:
                    2d:49:1d:b0:f2:0f:a6:b1:bf:1d:7f:10:ab:da:92:
                    f9:4e:65:72:76:5c:a0:8b:01:9e:df:4c:4d:d0:1e:
                    b9:f6:9a:96:34:de:2a:da:46:2f:79:4f:fa:25:2d:
                    57:5c:6a:c3:66:7d:9e:6b:d3:5a:30:81:51:5c:87:
                    4a:d0:32:64:6b:ef:64:e4:5a:e5:81:6d:86:dc:54:
                    c4:14:61:33:82:ea:02:aa:7e:88:19:bd:3c:2d:e0:
                    43:59:27:3d:0e:ec:b1:8d:f4:e8:7c:07:c1:cb:aa:
                    3c:d3:f5:d6:ac:b2:ed:78:a6:f0:b2:00:00:65:83:
                    47:70:66:00:43:0a:2c:02:ba:55:95:2b:b8:21:8b:
                    87:b9:54:49:61:b4:d6:b0:e0:12:e3:be:cb:f9:35:
                    4e:c5:8a:08:38:9a:52:26:45:69:b6:f5:36:41:17:
                    6c:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:13:85:9C:82:63:EF:67:4B:08:23:3B:6F:05:C3:43:FF:BC:B1:BA
            X509v3 Authority Key Identifier:
                keyid:44:AF:4B:76:31:26:80:E9:D4:0A:23:B3:CA:2F:19:AB:F2:F6:C7:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/FxOFnIJj72dLCCM7bwXDQ_-8sbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.96.0/24
                  185.70.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:32:9f:16:2e:a8:98:09:90:28:55:c1:ec:6c:a5:9b:63:fa:
         9d:ca:b4:3d:9b:25:85:a2:a4:63:38:9d:d2:79:dc:5d:16:3c:
         db:4a:b3:39:ef:4b:9a:76:6d:0f:2c:66:58:cf:78:d0:e0:c2:
         ca:a0:2a:db:f0:46:e1:59:ac:a9:48:af:9a:f7:1f:19:41:8f:
         d5:a5:c4:d3:c7:74:dd:3f:32:98:a6:d6:7d:f2:9c:57:0a:c0:
         a8:fc:c7:4b:fb:e1:12:7f:9e:27:96:c4:e2:af:aa:a1:9a:02:
         8e:ae:62:78:38:48:c7:a3:2e:29:e7:53:2d:52:f2:71:99:af:
         2f:5e:89:bf:21:30:41:a9:15:f8:53:84:60:0a:0a:94:b9:48:
         49:62:73:56:28:9c:e5:bb:a8:5a:91:f6:01:a7:f4:da:09:7c:
         1d:30:2d:9d:5a:bb:a5:21:75:c0:66:df:66:4b:77:1f:25:2e:
         65:50:07:40:dd:5f:70:87:ee:02:9d:d8:78:6d:bf:fe:0d:f1:
         db:a1:5d:36:56:c1:a4:cd:2c:d9:ab:7c:50:d9:4d:41:4c:fb:
         82:ef:5e:2e:9c:b1:9e:ef:8d:05:42:d2:44:21:9d:18:72:81:
         fd:f7:d6:91:67:2a:cf:be:a7:d5:6e:e5:8c:35:33:de:9a:cb:
         e8:20:46:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFARmdNBVLW7M+U3+ifPcPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0YWY0Yjc2MzEyNjgwZTlkNDBhMjNiM2NhMmYxOWFiZjJm
NmM3M2IwHhcNMjQwMTAxMTIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzEzODU5YzgyNjNlZjY3NGIwODIzM2I2ZjA1YzM0M2ZmYmNiMWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtScdMsUTdM1/pH6nXCWpVPi21/GP
zS/ytUMX3YxTierJ6k+DFYjqjnAkG8ZL8kGvuWPiHQ46WPfdIQBG9U2IkAwq6fSV
47BRKhaWzzFh4WlJ4bSEbL8Tz38tSR2w8g+msb8dfxCr2pL5TmVydlygiwGe30xN
0B659pqWNN4q2kYveU/6JS1XXGrDZn2ea9NaMIFRXIdK0DJka+9k5FrlgW2G3FTE
FGEzguoCqn6IGb08LeBDWSc9DuyxjfTofAfBy6o80/XWrLLteKbwsgAAZYNHcGYA
QwosArpVlSu4IYuHuVRJYbTWsOAS477L+TVOxYoIOJpSJkVptvU2QRdsgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBcThZyCY+9nSwgjO28Fw0P/vLG6MB8GA1UdIwQY
MBaAFESvS3YxJoDp1Aojs8ovGavy9sc7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUks5TGRqRW1nT25VQ2lPenlpOFpxX0wyeHpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi82ODVhYTEtZWYyMi00OGE1LWI3MGEt
NWVhOGY1M2FiNDkxLzEvRnhPRm5JSmo3MmRMQ0NNN2J3WERRXy04c2JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi82ODVhYTEtZWYyMi00OGE1LWI3MGEtNWVhOGY1M2FiNDkx
LzEvUks5TGRqRW1nT25VQ2lPenlpOFpxX0wyeHpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuUZgAwQA
uUZjMA0GCSqGSIb3DQEBCwUAA4IBAQBxMp8WLqiYCZAoVcHsbKWbY/qdyrQ9myWF
oqRjOJ3SedxdFjzbSrM570uadm0PLGZYz3jQ4MLKoCrb8EbhWaypSK+a9x8ZQY/V
pcTTx3TdPzKYptZ98pxXCsCo/MdL++ESf54nlsTir6qhmgKOrmJ4OEjHoy4p51Mt
UvJxma8vXom/ITBBqRX4U4RgCgqUuUhJYnNWKJzlu6hakfYBp/TaCXwdMC2dWrul
IXXAZt9mS3cfJS5lUAdA3V9wh+4Cndh4bb/+DfHboV02VsGkzSzZq3xQ2U1BTPuC
714unLGe740FQtJEIZ0YcoH999aRZyrPvqfVbuWMNTPemsvoIEa2
-----END CERTIFICATE-----