Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/cPzzWEfI8uF5IvBSsreDretRq1w.roa
File:                     cPzzWEfI8uF5IvBSsreDretRq1w.roa (raw, json)
Hash identifier:          MSCsMFHc256kudoTT5f8pRofoBaJLKDxv2bPTTCYlbU=
Subject key identifier:   70:FC:F3:58:47:C8:F2:E1:79:22:F0:52:B2:B7:83:AD:EB:51:AB:5C
Certificate issuer:       /CN=14bee0ebd06b4b812f9e13716e25f1c3c3d14cc6
Certificate serial:       01917000BE9EFC6EA2C776E2EEB047F10546
Authority key identifier: 14:BE:E0:EB:D0:6B:4B:81:2F:9E:13:71:6E:25:F1:C3:C3:D1:4C:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/cPzzWEfI8uF5IvBSsreDretRq1w.roa
Signing time:             Tue 20 Aug 2024 13:36:22 +0000
ROA not before:           Tue 20 Aug 2024 13:36:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213035
IP address blocks:        85.202.170.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:70:00:be:9e:fc:6e:a2:c7:76:e2:ee:b0:47:f1:05:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14bee0ebd06b4b812f9e13716e25f1c3c3d14cc6
        Validity
            Not Before: Aug 20 13:36:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70fcf35847c8f2e17922f052b2b783adeb51ab5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:4d:84:ce:bb:62:03:e1:54:29:43:f6:e8:eb:
                    1a:01:50:e5:7b:08:98:11:f8:21:0e:2c:58:67:d4:
                    a8:87:5e:6f:2f:12:8c:a6:5a:09:62:68:b3:e3:23:
                    cd:17:34:95:51:67:68:7d:b5:74:dc:b4:8d:71:b8:
                    e7:0b:8a:e4:7a:74:bc:7f:37:a9:2b:5e:6b:46:81:
                    69:f8:6b:11:c5:de:41:c7:82:5f:78:3c:a1:4f:a6:
                    c3:51:1e:db:9f:bf:76:ee:3c:bf:8e:15:49:63:91:
                    d9:aa:d8:cf:0a:d1:3e:c8:ae:50:d5:11:63:fc:3b:
                    50:c2:46:2f:a3:d3:67:dc:fc:24:ee:88:ff:2d:e4:
                    17:31:b6:89:62:9e:ac:0f:90:2e:f0:c7:56:7c:ab:
                    51:00:9a:62:ce:b3:d4:5b:96:d5:93:df:20:cd:6a:
                    bd:3b:65:7e:81:b3:0d:f2:4a:a7:9c:14:42:6f:87:
                    30:a3:84:94:ce:c8:0e:d5:0b:8d:1f:a9:17:25:36:
                    08:ae:ac:e2:45:2d:e4:84:a5:eb:c8:25:5d:ae:e1:
                    25:f0:5b:6f:fa:ff:99:19:5a:6b:93:23:ea:bc:7f:
                    f5:7c:ff:44:e0:9d:13:b9:ef:ef:cd:a0:93:4d:af:
                    e9:7a:99:e1:a0:78:28:ea:d7:c7:4a:4f:be:00:6e:
                    30:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:FC:F3:58:47:C8:F2:E1:79:22:F0:52:B2:B7:83:AD:EB:51:AB:5C
            X509v3 Authority Key Identifier:
                keyid:14:BE:E0:EB:D0:6B:4B:81:2F:9E:13:71:6E:25:F1:C3:C3:D1:4C:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/cPzzWEfI8uF5IvBSsreDretRq1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:9a:a2:b9:f6:c1:32:23:f3:ed:de:52:47:6f:8e:53:a6:33:
         48:c1:9a:19:17:ab:d6:f1:3b:5b:3b:1a:1d:ba:33:3a:d1:14:
         0e:08:06:53:ba:a4:66:32:57:a5:4c:7e:9c:b6:ed:38:ed:95:
         bf:0a:26:c5:bb:31:26:75:c9:89:c9:d5:fe:41:ee:08:0a:41:
         cf:88:c7:b2:57:15:49:43:d2:bc:65:9a:b9:08:5d:7e:c0:62:
         c7:07:4a:15:ff:b2:d4:ce:e5:f6:49:af:86:6b:ba:27:80:6d:
         47:ad:39:d7:53:ce:f9:ea:c5:a8:97:22:87:84:09:de:11:2d:
         a5:cb:38:b1:8b:ee:cd:18:da:25:65:99:3f:19:fd:31:74:3a:
         4d:ff:03:ac:ff:5d:6c:aa:b8:3a:fa:40:6f:ca:62:73:af:0f:
         6e:7e:c7:d7:71:3c:4e:07:9f:84:d9:f0:c9:c3:f9:ab:8d:21:
         b3:e7:f9:eb:b3:7d:d7:de:d4:4b:47:b8:22:45:0e:e8:9b:8c:
         9c:0c:f8:70:f8:1e:0e:73:71:66:01:1b:d2:dc:f2:2d:23:5a:
         57:a4:2a:a8:b4:e2:bc:23:4b:0c:1b:18:6f:57:f3:da:54:e1:
         77:02:1f:d8:5c:01:a3:51:1d:38:b7:be:cf:24:b7:c9:54:31:
         c9:4f:7b:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFwAL6e/G6ix3bi7rBH8QVGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0YmVlMGViZDA2YjRiODEyZjllMTM3MTZlMjVmMWMzYzNk
MTRjYzYwHhcNMjQwODIwMTMzNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGZjZjM1ODQ3YzhmMmUxNzkyMmYwNTJiMmI3ODNhZGViNTFhYjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiE2EzrtiA+FUKUP26OsaAVDlewiY
EfghDixYZ9Soh15vLxKMploJYmiz4yPNFzSVUWdofbV03LSNcbjnC4rkenS8fzep
K15rRoFp+GsRxd5Bx4JfeDyhT6bDUR7bn7927jy/jhVJY5HZqtjPCtE+yK5Q1RFj
/DtQwkYvo9Nn3Pwk7oj/LeQXMbaJYp6sD5Au8MdWfKtRAJpizrPUW5bVk98gzWq9
O2V+gbMN8kqnnBRCb4cwo4SUzsgO1QuNH6kXJTYIrqziRS3khKXryCVdruEl8Ftv
+v+ZGVprkyPqvH/1fP9E4J0Tue/vzaCTTa/pepnhoHgo6tfHSk++AG4wGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHD881hHyPLheSLwUrK3g63rUatcMB8GA1UdIwQY
MBaAFBS+4OvQa0uBL54TcW4l8cPD0UzGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkw3ZzY5QnJTNEV2bmhOeGJpWHh3OFBSVE1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xNjFjM2YtYjgzZC00NWIxLWFhOGUt
ZDFiYjZiNGRkNzAxLzEvY1B6eldFZkk4dUY1SXZCU3NyZURyZXRScTF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xNjFjM2YtYjgzZC00NWIxLWFhOGUtZDFiYjZiNGRkNzAx
LzEvRkw3ZzY5QnJTNEV2bmhOeGJpWHh3OFBSVE1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVcqqMA0G
CSqGSIb3DQEBCwUAA4IBAQBEmqK59sEyI/Pt3lJHb45TpjNIwZoZF6vW8TtbOxod
ujM60RQOCAZTuqRmMlelTH6ctu047ZW/CibFuzEmdcmJydX+Qe4ICkHPiMeyVxVJ
Q9K8ZZq5CF1+wGLHB0oV/7LUzuX2Sa+Ga7ongG1HrTnXU8756sWolyKHhAneES2l
yzixi+7NGNolZZk/Gf0xdDpN/wOs/11sqrg6+kBvymJzrw9ufsfXcTxOB5+E2fDJ
w/mrjSGz5/nrs33X3tRLR7giRQ7om4ycDPhw+B4Oc3FmARvS3PItI1pXpCqotOK8
I0sMGxhvV/PaVOF3Ah/YXAGjUR04t77PJLfJVDHJT3un
-----END CERTIFICATE-----