Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/iZCWeMLBXYDVMIoKxqswVkXw0YM.roa
File:                     iZCWeMLBXYDVMIoKxqswVkXw0YM.roa (raw, json)
Hash identifier:          nVRHhIOB9rggkuasxqGAS/1qT0QEAaolQeIaqN4lihc=
Subject key identifier:   89:90:96:78:C2:C1:5D:80:D5:30:8A:0A:C6:AB:30:56:45:F0:D1:83
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       01904FF85C7682760FBDEB05C40909BF3F5D
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/iZCWeMLBXYDVMIoKxqswVkXw0YM.roa
Signing time:             Tue 25 Jun 2024 15:16:34 +0000
ROA not before:           Tue 25 Jun 2024 15:16:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207415
IP address blocks:        146.120.234.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:f8:5c:76:82:76:0f:bd:eb:05:c4:09:09:bf:3f:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jun 25 15:16:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89909678c2c15d80d5308a0ac6ab305645f0d183
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7d:72:d7:de:43:63:7a:d4:a0:d4:28:64:64:
                    2d:a2:f3:d8:8f:84:37:b2:67:53:53:b0:80:03:65:
                    ee:ed:86:43:3c:00:7c:9f:44:af:93:18:bc:c7:c5:
                    58:76:66:8e:3d:3d:24:ec:f3:41:68:64:fe:36:b3:
                    20:74:ca:c1:bb:5b:a4:dc:6e:de:e2:e6:aa:b1:5a:
                    61:a3:65:7a:e5:a7:97:a2:9e:02:e2:c0:a1:f2:89:
                    d5:c6:94:a6:98:d0:f7:36:8f:36:77:79:a3:79:ab:
                    7a:9a:18:b8:e7:69:53:a6:8e:b3:8f:61:bb:63:d3:
                    2c:a1:bd:a2:b7:75:40:b1:03:ad:bb:af:ca:19:16:
                    cb:81:cb:aa:14:59:d5:ee:a7:f4:24:b8:6a:92:89:
                    c5:e6:09:57:05:61:eb:75:32:3b:c5:9e:42:e9:45:
                    62:79:69:63:9c:54:b6:7f:03:87:1f:97:b1:eb:8c:
                    88:78:3c:93:4d:7d:fd:4a:62:b5:05:b9:14:2c:74:
                    e0:13:05:d9:25:3a:33:7c:a2:8c:07:a4:89:6e:d2:
                    00:74:5c:12:3a:5b:ff:7b:2e:93:9c:17:0c:05:c8:
                    14:c1:71:9e:d8:46:b0:93:08:f9:e7:a2:50:48:80:
                    5d:a2:2f:2b:18:76:87:b2:7e:7c:99:2d:d8:a4:98:
                    d1:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:90:96:78:C2:C1:5D:80:D5:30:8A:0A:C6:AB:30:56:45:F0:D1:83
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/iZCWeMLBXYDVMIoKxqswVkXw0YM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:c4:15:3f:36:3d:d8:78:b2:f1:49:9d:94:bf:77:ad:87:ff:
         b3:40:63:9a:59:76:50:5a:3c:bb:ee:b8:3c:ef:50:d7:04:1c:
         01:1d:14:d0:29:54:e3:80:49:5d:9d:6d:a8:6d:0c:7e:99:dc:
         2d:2b:9d:e7:7b:af:7f:4f:3a:4b:f1:13:71:82:fe:d1:ee:2b:
         66:8e:ce:4c:e8:c9:a0:7f:01:2a:bd:ac:a9:ae:f3:44:5c:de:
         70:bd:05:e4:39:14:13:1e:c0:b5:a5:b0:df:ee:29:70:71:ff:
         ab:98:67:fc:46:39:ca:27:5a:90:d6:59:52:19:c1:b0:ec:dd:
         f8:ff:f5:72:86:f5:c4:2c:5a:66:fc:87:56:33:31:b8:44:2a:
         bf:f3:66:20:2f:a5:33:aa:77:28:0b:d8:d2:75:85:26:28:d6:
         31:c5:01:ec:09:c4:78:72:08:95:bf:63:49:ca:85:49:76:ea:
         57:26:f2:c4:aa:a2:ab:dc:a7:de:07:39:3a:fe:a1:01:4d:55:
         90:c0:cd:6b:a9:0e:a3:ab:20:32:6b:6f:ef:00:9b:8d:44:51:
         47:c1:55:f5:fd:ea:56:ee:b8:98:41:18:e9:85:63:fe:4b:0e:
         df:da:02:97:3b:df:fe:cb:91:11:61:6d:43:c2:84:37:6f:dd:
         7d:84:df:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBP+Fx2gnYPvesFxAkJvz9dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwNjI1MTUxNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTkwOTY3OGMyYzE1ZDgwZDUzMDhhMGFjNmFiMzA1NjQ1ZjBkMTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAun1y195DY3rUoNQoZGQtovPYj4Q3
smdTU7CAA2Xu7YZDPAB8n0Svkxi8x8VYdmaOPT0k7PNBaGT+NrMgdMrBu1uk3G7e
4uaqsVpho2V65aeXop4C4sCh8onVxpSmmND3No82d3mjeat6mhi452lTpo6zj2G7
Y9Msob2it3VAsQOtu6/KGRbLgcuqFFnV7qf0JLhqkonF5glXBWHrdTI7xZ5C6UVi
eWljnFS2fwOHH5ex64yIeDyTTX39SmK1BbkULHTgEwXZJTozfKKMB6SJbtIAdFwS
Olv/ey6TnBcMBcgUwXGe2Eawkwj556JQSIBdoi8rGHaHsn58mS3YpJjR6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImQlnjCwV2A1TCKCsarMFZF8NGDMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvaVpDV2VNTEJYWURWTUlvS3hxc3dWa1h3MFlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBknjqMA0G
CSqGSIb3DQEBCwUAA4IBAQBSxBU/Nj3YeLLxSZ2Uv3eth/+zQGOaWXZQWjy77rg8
71DXBBwBHRTQKVTjgEldnW2obQx+mdwtK53ne69/TzpL8RNxgv7R7itmjs5M6Mmg
fwEqvayprvNEXN5wvQXkORQTHsC1pbDf7ilwcf+rmGf8RjnKJ1qQ1llSGcGw7N34
//VyhvXELFpm/IdWMzG4RCq/82YgL6UzqncoC9jSdYUmKNYxxQHsCcR4cgiVv2NJ
yoVJdupXJvLEqqKr3KfeBzk6/qEBTVWQwM1rqQ6jqyAya2/vAJuNRFFHwVX1/epW
7riYQRjphWP+Sw7f2gKXO9/+y5ERYW1DwoQ3b919hN8T
-----END CERTIFICATE-----