Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/iZJCyADvsiWXuFZx5oSXg7n-qmk.roa
File:                     iZJCyADvsiWXuFZx5oSXg7n-qmk.roa (raw, json)
Hash identifier:          3aX1LAu6TP4WjUbtoIvqNHLI1NNmP2/I2lYKWgYe0TU=
Subject key identifier:   89:92:42:C8:00:EF:B2:25:97:B8:56:71:E6:84:97:83:B9:FE:AA:69
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018F3C413284D81FEFEB109CE1D2C4BF6608
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/iZJCyADvsiWXuFZx5oSXg7n-qmk.roa
Signing time:             Fri 03 May 2024 02:20:56 +0000
ROA not before:           Fri 03 May 2024 02:20:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14315
IP address blocks:        82.115.1.0/24 maxlen: 24
                          82.115.2.0/23 maxlen: 24
                          82.115.10.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3c:41:32:84:d8:1f:ef:eb:10:9c:e1:d2:c4:bf:66:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: May  3 02:20:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=899242c800efb22597b85671e6849783b9feaa69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f0:85:80:49:b3:9e:1a:29:1d:3f:05:e9:04:
                    75:c1:d0:6b:62:bd:9c:07:cf:08:70:b6:da:3a:ea:
                    d9:93:62:a7:71:0e:36:d9:91:66:e6:65:62:df:8e:
                    fe:07:37:59:ec:c7:dc:82:6a:db:e1:87:11:b8:61:
                    a9:14:ed:70:07:03:60:76:40:5b:03:c1:f8:4b:2d:
                    c8:75:a6:d6:e0:ec:3c:a5:7c:e3:7c:ed:ab:e6:60:
                    22:43:44:6d:3b:7f:e4:dd:13:94:bc:06:95:e6:a7:
                    e7:02:9c:1e:79:7d:09:c6:b1:71:48:e4:1e:17:a2:
                    65:c0:ff:57:84:82:4e:30:23:c6:5e:45:38:0f:48:
                    06:ff:c1:c6:b8:29:df:3d:88:15:d0:48:1d:b8:8c:
                    4c:18:6b:2a:36:09:11:ef:e2:d1:2b:ef:8f:01:60:
                    6f:bf:4b:42:ae:56:0b:09:66:50:61:e2:b5:33:af:
                    93:5f:34:9e:51:a7:28:d5:15:3b:42:d0:fa:3d:69:
                    df:6c:c0:45:12:50:16:2a:51:0e:97:04:f2:a3:f4:
                    f3:63:3c:6b:0e:8e:c3:a6:a2:07:66:d2:b7:12:9c:
                    e8:ea:f8:af:75:dd:21:bf:97:6e:96:6d:0f:26:fc:
                    c6:a0:25:2f:5d:d5:ee:7e:86:06:82:25:1e:ac:37:
                    35:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:92:42:C8:00:EF:B2:25:97:B8:56:71:E6:84:97:83:B9:FE:AA:69
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/iZJCyADvsiWXuFZx5oSXg7n-qmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.1.0-82.115.3.255
                  82.115.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:c6:59:5a:62:ac:dc:49:7f:28:5e:24:0f:b8:0f:c7:b2:07:
         72:ca:d9:8c:dd:8e:c4:78:06:38:34:a8:a3:20:9c:ea:d4:f9:
         ab:58:d0:8f:23:02:6a:c8:62:84:5a:2e:98:47:46:ad:b1:ed:
         ea:db:d1:03:8b:07:89:8d:f9:2e:d2:ed:8c:36:ff:fe:1d:42:
         f5:74:0c:01:62:c1:4f:d3:96:62:f6:34:bf:47:a5:ca:33:d8:
         dc:b3:41:0b:c9:bf:b4:11:c1:72:07:70:50:b1:40:6f:34:b4:
         6f:b4:45:22:40:18:08:fe:2b:5d:f4:68:bb:1b:d3:57:79:18:
         2d:6a:7f:93:21:cc:15:71:4e:b6:eb:26:46:0b:bf:6f:9f:2c:
         90:1f:e1:3a:45:a8:b0:a5:38:9f:15:9d:60:7c:b6:79:05:aa:
         09:f6:4d:8c:df:17:51:93:f4:b2:74:eb:d5:86:05:32:3f:77:
         f6:6d:7b:7f:fa:5c:b5:77:44:4f:16:2b:4a:64:a6:27:7b:9e:
         e7:dc:9f:84:4f:ca:60:b1:a0:02:09:ad:0f:30:5f:e4:28:ea:
         c3:08:80:a5:20:ac:73:59:de:3c:34:86:8a:66:0c:af:de:67:
         40:95:54:98:f9:81:0f:69:e8:9f:3d:ab:28:f7:77:9c:10:22:
         8e:7e:44:f7
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY88QTKE2B/v6xCc4dLEv2YIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwNTAzMDIyMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTkyNDJjODAwZWZiMjI1OTdiODU2NzFlNjg0OTc4M2I5ZmVhYTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/CFgEmznhopHT8F6QR1wdBrYr2c
B88IcLbaOurZk2KncQ422ZFm5mVi347+BzdZ7Mfcgmrb4YcRuGGpFO1wBwNgdkBb
A8H4Sy3IdabW4Ow8pXzjfO2r5mAiQ0RtO3/k3ROUvAaV5qfnApweeX0JxrFxSOQe
F6JlwP9XhIJOMCPGXkU4D0gG/8HGuCnfPYgV0EgduIxMGGsqNgkR7+LRK++PAWBv
v0tCrlYLCWZQYeK1M6+TXzSeUaco1RU7QtD6PWnfbMBFElAWKlEOlwTyo/TzYzxr
Do7DpqIHZtK3Epzo6vivdd0hv5dulm0PJvzGoCUvXdXufoYGgiUerDc18QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFImSQsgA77Ill7hWceaEl4O5/qppMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvaVpKQ3lBRHZzaVdYdUZaeDVvU1hnN24tcW1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABScwED
BAJScwADBAFScwowDQYJKoZIhvcNAQELBQADggEBAJTGWVpirNxJfyheJA+4D8ey
B3LK2YzdjsR4Bjg0qKMgnOrU+atY0I8jAmrIYoRaLphHRq2x7erb0QOLB4mN+S7S
7Yw2//4dQvV0DAFiwU/TlmL2NL9Hpcoz2NyzQQvJv7QRwXIHcFCxQG80tG+0RSJA
GAj+K130aLsb01d5GC1qf5MhzBVxTrbrJkYLv2+fLJAf4TpFqLClOJ8VnWB8tnkF
qgn2TYzfF1GT9LJ069WGBTI/d/Zte3/6XLV3RE8WK0pkpid7nufcn4RPymCxoAIJ
rQ8wX+Qo6sMIgKUgrHNZ3jw0hopmDK/eZ0CVVJj5gQ9p6J89qyj3d5wQIo5+RPc=
-----END CERTIFICATE-----