Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/KJWq6uAgmwjWTi-Yuo3hX-MTztY.roa
File:                     KJWq6uAgmwjWTi-Yuo3hX-MTztY.roa (raw, json)
Hash identifier:          V69g+gqbi3iNqeZ1mFiIywv3IebmaWMv+tuU6adFUvc=
Subject key identifier:   28:95:AA:EA:E0:20:9B:08:D6:4E:2F:98:BA:8D:E1:5F:E3:13:CE:D6
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       01966B3D21001333359840212CF89FFDE746
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/KJWq6uAgmwjWTi-Yuo3hX-MTztY.roa
Signing time:             Fri 25 Apr 2025 04:38:10 +0000
ROA not before:           Fri 25 Apr 2025 04:38:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        141.226.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6b:3d:21:00:13:33:35:98:40:21:2c:f8:9f:fd:e7:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Apr 25 04:38:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2895aaeae0209b08d64e2f98ba8de15fe313ced6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:6c:62:1b:4b:8e:4b:fc:52:10:ba:da:f7:8e:
                    ce:2f:4f:fd:93:49:b1:0e:b0:73:15:dd:01:cc:cf:
                    73:63:cb:b9:5d:bf:46:e1:f1:ab:3b:c8:d5:3c:7d:
                    8e:37:ca:13:40:54:17:9d:df:5d:3a:cf:fb:26:02:
                    89:31:10:29:84:84:14:5c:a5:c3:fd:a3:40:1a:7d:
                    3c:3d:08:66:e4:3d:c7:e6:89:8d:bb:51:14:d5:b6:
                    68:83:8c:13:d8:84:f1:22:0b:86:b8:ef:11:94:57:
                    a0:22:97:6f:39:b8:99:bf:bb:77:04:9a:86:3f:cd:
                    1e:20:88:74:aa:26:a3:b7:29:ec:0f:39:b8:14:cc:
                    be:53:7d:02:5a:6c:20:a6:7b:42:22:39:39:ee:41:
                    0a:a9:1c:53:c4:5f:10:02:0f:4b:f7:a9:d2:70:f2:
                    64:2c:3c:36:f9:1f:a2:b6:ee:b6:4c:9c:dd:4b:95:
                    85:19:bc:41:fe:8d:ad:6f:d7:db:06:ae:f9:0a:23:
                    8f:7f:8c:c7:73:ed:51:e0:62:dd:8b:88:ee:22:b5:
                    99:9a:3d:2c:3d:2f:d5:bb:83:2f:bf:07:85:13:eb:
                    e9:63:11:56:1b:ef:41:b7:1c:ca:8c:2f:40:4f:e9:
                    ec:b6:17:f1:1f:b2:0f:42:56:e3:09:5b:52:3e:33:
                    12:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:95:AA:EA:E0:20:9B:08:D6:4E:2F:98:BA:8D:E1:5F:E3:13:CE:D6
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/KJWq6uAgmwjWTi-Yuo3hX-MTztY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.226.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:a3:0f:4e:d3:f5:1f:7d:a4:10:85:93:59:43:b4:17:1f:41:
         db:30:5a:a2:8c:f2:09:ed:72:cd:ab:a1:22:26:71:5a:37:61:
         d8:fd:b2:ff:c1:09:7f:e9:3c:ff:30:d6:c1:31:25:1c:de:89:
         2d:75:7a:61:86:bd:c6:dc:00:d9:ac:bb:06:a6:3e:26:53:dd:
         ba:b1:b4:6d:b9:e5:59:5d:30:2b:04:05:10:8b:c9:d0:38:e9:
         c5:55:6e:46:b9:61:ff:cf:58:f4:a3:41:02:34:45:43:50:bb:
         c2:ed:b5:a3:17:5d:65:dd:44:12:f9:32:69:7b:3b:0c:cf:41:
         21:a8:5f:37:67:b7:4a:ca:2a:2f:03:80:17:24:bf:89:65:86:
         cf:64:57:54:00:a0:dc:8d:33:fa:48:a1:2e:74:dd:37:09:92:
         3e:62:6f:a9:86:31:20:fa:10:82:df:c2:05:1b:ea:34:bd:89:
         cc:54:28:4f:37:f2:08:2f:a5:68:87:62:43:84:4f:9a:c3:40:
         a2:f7:5b:2e:17:59:df:9d:69:b3:a9:05:e0:da:7b:2e:b3:57:
         4e:29:2a:2b:10:53:35:47:7e:e6:c4:c2:ca:11:4a:f0:49:9a:
         e0:51:64:aa:1e:a6:a6:82:87:55:55:8c:e3:e4:d2:78:e8:bb:
         0f:b7:b8:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZrPSEAEzM1mEAhLPif/edGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjUwNDI1MDQzODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODk1YWFlYWUwMjA5YjA4ZDY0ZTJmOThiYThkZTE1ZmUzMTNjZWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGxiG0uOS/xSELra947OL0/9k0mx
DrBzFd0BzM9zY8u5Xb9G4fGrO8jVPH2ON8oTQFQXnd9dOs/7JgKJMRAphIQUXKXD
/aNAGn08PQhm5D3H5omNu1EU1bZog4wT2ITxIguGuO8RlFegIpdvObiZv7t3BJqG
P80eIIh0qiajtynsDzm4FMy+U30CWmwgpntCIjk57kEKqRxTxF8QAg9L96nScPJk
LDw2+R+itu62TJzdS5WFGbxB/o2tb9fbBq75CiOPf4zHc+1R4GLdi4juIrWZmj0s
PS/Vu4MvvweFE+vpYxFWG+9BtxzKjC9AT+nsthfxH7IPQlbjCVtSPjMSDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCiVqurgIJsI1k4vmLqN4V/jE87WMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvS0pXcTZ1QWdtd2pXVGktWXVvM2hYLU1UenRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjeL1MA0G
CSqGSIb3DQEBCwUAA4IBAQBBow9O0/UffaQQhZNZQ7QXH0HbMFqijPIJ7XLNq6Ei
JnFaN2HY/bL/wQl/6Tz/MNbBMSUc3oktdXphhr3G3ADZrLsGpj4mU926sbRtueVZ
XTArBAUQi8nQOOnFVW5GuWH/z1j0o0ECNEVDULvC7bWjF11l3UQS+TJpezsMz0Eh
qF83Z7dKyiovA4AXJL+JZYbPZFdUAKDcjTP6SKEudN03CZI+Ym+phjEg+hCC38IF
G+o0vYnMVChPN/IIL6Voh2JDhE+aw0Ci91suF1nfnWmzqQXg2nsus1dOKSorEFM1
R37mxMLKEUrwSZrgUWSqHqamgodVVYzj5NJ46LsPt7hO
-----END CERTIFICATE-----