Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/oRkSggV9QKx0oJ3OFOU3lTUbpJA.roa
File:                     oRkSggV9QKx0oJ3OFOU3lTUbpJA.roa (raw, json)
Hash identifier:          dsFJ+p7cSuuD/yRs6tiO6cmJEQV8X+kp74SQnDt2xcY=
Subject key identifier:   A1:19:12:82:05:7D:40:AC:74:A0:9D:CE:14:E5:37:95:35:1B:A4:90
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       01966198E0F3AA67AE88F030142010394E22
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/oRkSggV9QKx0oJ3OFOU3lTUbpJA.roa
Signing time:             Wed 23 Apr 2025 07:42:11 +0000
ROA not before:           Wed 23 Apr 2025 07:42:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44213
IP address blocks:        213.137.82.0/24 maxlen: 24
                          213.137.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 22:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:61:98:e0:f3:aa:67:ae:88:f0:30:14:20:10:39:4e:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Apr 23 07:42:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1191282057d40ac74a09dce14e53795351ba490
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:6f:db:38:34:f3:f6:0b:c4:d8:44:1a:6a:66:
                    1a:af:de:e9:52:3a:7a:55:ff:98:77:bc:79:2e:c4:
                    26:2b:d3:ae:8e:46:b0:7c:85:25:e1:fe:3f:69:42:
                    15:5e:3b:b3:67:09:58:b2:70:c5:c5:16:76:9b:a8:
                    7d:6c:67:57:42:04:bd:82:af:9b:dd:81:cd:31:98:
                    75:5a:10:31:f2:a4:8a:15:34:dd:e9:04:14:b9:4b:
                    8b:b2:43:75:70:17:d2:ce:b1:86:c2:5c:ca:e0:72:
                    86:d9:92:e3:f3:49:89:e6:b7:f2:e5:98:27:55:c6:
                    13:ce:bc:e5:56:f3:7f:45:2b:eb:0b:79:a5:5b:82:
                    18:cf:18:17:0c:0b:38:b5:d7:9e:22:e4:f9:9f:ca:
                    d6:bf:47:a1:9a:c0:a7:dc:d9:3a:42:b9:67:2c:f5:
                    7d:a4:ef:79:2b:3b:6c:03:f8:38:a7:07:09:b3:e3:
                    28:7e:f8:fa:62:5c:1f:8d:4d:00:d6:40:c9:fb:cb:
                    8b:1e:b0:82:8f:15:d6:41:02:b2:21:b9:56:a7:7c:
                    05:c9:10:20:22:0d:ae:65:09:d9:0d:b9:e8:66:9b:
                    75:22:cb:08:8f:8b:c9:70:90:f1:64:05:a2:0b:79:
                    c4:9d:42:0b:40:ba:b5:73:b0:fe:57:91:a5:34:e7:
                    35:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:19:12:82:05:7D:40:AC:74:A0:9D:CE:14:E5:37:95:35:1B:A4:90
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/oRkSggV9QKx0oJ3OFOU3lTUbpJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.137.82.0/24
                  213.137.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:f3:26:88:26:a6:fa:74:21:c4:c2:6e:b1:39:23:00:63:df:
         db:d5:f0:b2:c9:ea:1d:24:7f:99:66:27:92:67:ab:5d:38:f1:
         54:a5:9d:52:53:dc:b8:87:19:90:e0:a1:0e:0a:a5:d9:0e:9f:
         f6:b5:00:00:57:8a:95:4a:4c:4f:ec:4f:e3:12:bb:8e:c1:33:
         4b:d7:90:d2:71:6c:f8:37:b5:9a:8c:70:67:90:af:92:08:e3:
         46:b3:b3:25:c2:73:d7:bd:6d:67:c1:d4:4b:9b:c2:fd:ab:ef:
         c6:c2:44:58:f3:e2:c9:4c:02:9e:d8:ba:24:80:ab:7f:73:34:
         d3:b8:c0:58:1a:ef:bc:e6:f2:71:ae:51:09:45:53:d9:d2:b3:
         50:8e:d8:e1:77:67:c5:b0:be:84:55:5a:8a:16:27:10:59:a8:
         a0:fa:ed:ad:a4:38:72:8c:7b:5a:bd:3b:17:f5:34:f0:88:f6:
         c1:96:71:56:1e:1d:8c:42:35:a9:6c:c5:48:f1:8a:43:21:23:
         21:32:1d:a9:2c:e6:ef:b6:80:6f:ee:dc:c6:fd:e7:ba:a0:a4:
         46:04:ff:05:98:f4:15:33:77:15:51:14:86:9e:9a:44:f7:07:
         1c:28:34:ca:a5:91:49:e1:4e:b7:24:a7:da:fd:5b:e4:2d:14:
         ae:8e:65:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZhmODzqmeuiPAwFCAQOU4iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjUwNDIzMDc0MjExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTE5MTI4MjA1N2Q0MGFjNzRhMDlkY2UxNGU1Mzc5NTM1MWJhNDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2G/bODTz9gvE2EQaamYar97pUjp6
Vf+Yd7x5LsQmK9OujkawfIUl4f4/aUIVXjuzZwlYsnDFxRZ2m6h9bGdXQgS9gq+b
3YHNMZh1WhAx8qSKFTTd6QQUuUuLskN1cBfSzrGGwlzK4HKG2ZLj80mJ5rfy5Zgn
VcYTzrzlVvN/RSvrC3mlW4IYzxgXDAs4tdeeIuT5n8rWv0ehmsCn3Nk6QrlnLPV9
pO95KztsA/g4pwcJs+Mofvj6YlwfjU0A1kDJ+8uLHrCCjxXWQQKyIblWp3wFyRAg
Ig2uZQnZDbnoZpt1IssIj4vJcJDxZAWiC3nEnUILQLq1c7D+V5GlNOc1EQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKEZEoIFfUCsdKCdzhTlN5U1G6SQMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvb1JrU2dnVjlRS3gwb0ozT0ZPVTNsVFVicEpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1YlSAwQA
1YlcMA0GCSqGSIb3DQEBCwUAA4IBAQBG8yaIJqb6dCHEwm6xOSMAY9/b1fCyyeod
JH+ZZieSZ6tdOPFUpZ1SU9y4hxmQ4KEOCqXZDp/2tQAAV4qVSkxP7E/jEruOwTNL
15DScWz4N7WajHBnkK+SCONGs7MlwnPXvW1nwdRLm8L9q+/GwkRY8+LJTAKe2Lok
gKt/czTTuMBYGu+85vJxrlEJRVPZ0rNQjtjhd2fFsL6EVVqKFicQWaig+u2tpDhy
jHtavTsX9TTwiPbBlnFWHh2MQjWpbMVI8YpDISMhMh2pLObvtoBv7tzG/ee6oKRG
BP8FmPQVM3cVURSGnppE9wccKDTKpZFJ4U63JKfa/VvkLRSujmUH
-----END CERTIFICATE-----