Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/IO3N7QLeGzLMGjNFfhpYP1EvZqc.roa
File:                     IO3N7QLeGzLMGjNFfhpYP1EvZqc.roa (raw, json)
Hash identifier:          ENSnOMX3eY4Xq9MkaMUbZSHbemxxIc2erzgxJ1HbcTA=
Subject key identifier:   20:ED:CD:ED:02:DE:1B:32:CC:1A:33:45:7E:1A:58:3F:51:2F:66:A7
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018DD1AE29B02798369E1E42FC5FC6934DB8
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/IO3N7QLeGzLMGjNFfhpYP1EvZqc.roa
Signing time:             Thu 22 Feb 2024 16:37:48 +0000
ROA not before:           Thu 22 Feb 2024 16:37:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48314
IP address blocks:        86.107.100.0/24 maxlen: 24
                          89.34.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d1:ae:29:b0:27:98:36:9e:1e:42:fc:5f:c6:93:4d:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Feb 22 16:37:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20edcded02de1b32cc1a33457e1a583f512f66a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:51:4b:e0:02:d2:60:83:5f:7f:47:d4:c3:17:
                    d7:8e:92:59:5d:ad:84:44:0b:4b:a9:39:ac:1e:97:
                    a8:71:7a:51:07:81:1e:68:1f:3f:bd:4d:cd:3d:3f:
                    ac:59:e9:31:96:6c:0c:06:2c:1d:6e:e3:3f:3e:66:
                    22:3a:f4:44:b0:e6:83:2c:44:f2:62:93:72:d9:33:
                    e1:4a:db:1e:3e:e3:00:30:7f:b9:3a:b4:ca:22:50:
                    02:d8:d5:e7:42:a3:24:64:40:35:0e:c5:ae:f2:d5:
                    32:f0:db:81:20:f3:26:ef:c1:8d:8c:bf:2d:c8:87:
                    8a:60:b5:62:f0:cd:16:67:b3:5f:a9:fe:c9:a7:87:
                    ac:8e:67:89:46:6b:b1:6a:6a:cc:c0:b3:3d:0f:40:
                    14:8f:b1:69:e5:e0:8a:35:10:b1:bd:91:e2:fb:2c:
                    32:95:58:2f:fe:d2:aa:2c:70:94:34:bd:9e:a8:f2:
                    91:23:71:84:17:2c:e8:77:55:ff:d8:c0:2a:3b:1e:
                    c0:8f:7a:16:5b:ff:e3:b5:13:2a:10:dc:8d:dd:99:
                    ac:a4:c5:d5:ba:f9:45:60:58:d4:24:c7:18:b9:89:
                    bc:eb:a7:65:8b:4c:35:21:3c:50:04:9b:4a:8b:57:
                    01:4b:fd:ee:9a:cf:54:0f:be:29:09:6c:3f:a1:82:
                    7b:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:ED:CD:ED:02:DE:1B:32:CC:1A:33:45:7E:1A:58:3F:51:2F:66:A7
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/IO3N7QLeGzLMGjNFfhpYP1EvZqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.107.100.0/24
                  89.34.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:d0:ee:68:65:72:11:20:bf:fc:92:61:c5:f2:a3:8b:c5:81:
         f4:6c:f5:e9:93:2c:05:c1:53:4f:cc:d9:b9:c9:1a:72:dc:ec:
         32:06:c0:ba:15:c6:12:0e:58:e8:5d:de:90:4b:36:72:63:a4:
         38:84:07:bd:a9:ec:da:ba:ad:bd:bc:20:9d:bb:d0:0c:b1:9c:
         0d:ee:45:25:12:32:5c:6c:35:1a:30:70:a4:30:2a:d1:24:ff:
         b9:dd:1d:39:ab:eb:1b:c9:9a:57:0a:6f:6e:fd:48:83:67:3b:
         17:7f:bd:76:22:3b:60:55:18:ed:aa:63:82:4f:eb:f8:e1:7f:
         67:b9:0d:24:f2:6c:aa:ae:fc:7e:cd:59:7d:c9:2b:e2:7c:f6:
         b2:62:4f:e1:2c:0e:0a:c8:b0:51:16:63:49:63:ac:21:de:da:
         81:50:98:fe:bd:df:25:5f:c2:4e:3b:a1:cf:15:6a:b3:df:45:
         ab:91:0f:93:0f:44:a1:4c:09:91:79:b0:32:aa:bd:05:65:4a:
         d6:97:23:d9:a3:63:3a:3e:5b:0b:7c:d1:c9:e6:fe:1d:11:41:
         7a:88:92:ef:5f:62:cc:6f:d9:86:8f:0a:ad:01:e2:90:c1:aa:
         13:59:d9:19:1a:dd:89:ec:4d:c2:18:e3:43:0e:00:b6:e8:cc:
         16:3d:e3:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3RrimwJ5g2nh5C/F/Gk024MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwMjIyMTYzNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGVkY2RlZDAyZGUxYjMyY2MxYTMzNDU3ZTFhNTgzZjUxMmY2NmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFFL4ALSYINff0fUwxfXjpJZXa2E
RAtLqTmsHpeocXpRB4EeaB8/vU3NPT+sWekxlmwMBiwdbuM/PmYiOvREsOaDLETy
YpNy2TPhStsePuMAMH+5OrTKIlAC2NXnQqMkZEA1DsWu8tUy8NuBIPMm78GNjL8t
yIeKYLVi8M0WZ7Nfqf7Jp4esjmeJRmuxamrMwLM9D0AUj7Fp5eCKNRCxvZHi+ywy
lVgv/tKqLHCUNL2eqPKRI3GEFyzod1X/2MAqOx7Aj3oWW//jtRMqENyN3ZmspMXV
uvlFYFjUJMcYuYm866dli0w1ITxQBJtKi1cBS/3ums9UD74pCWw/oYJ76QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCDtze0C3hsyzBozRX4aWD9RL2anMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvSU8zTjdRTGVHekxNR2pORmZocFlQMUV2WnFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVmtkAwQA
WSLKMA0GCSqGSIb3DQEBCwUAA4IBAQCP0O5oZXIRIL/8kmHF8qOLxYH0bPXpkywF
wVNPzNm5yRpy3OwyBsC6FcYSDljoXd6QSzZyY6Q4hAe9qezauq29vCCdu9AMsZwN
7kUlEjJcbDUaMHCkMCrRJP+53R05q+sbyZpXCm9u/UiDZzsXf712IjtgVRjtqmOC
T+v44X9nuQ0k8myqrvx+zVl9ySvifPayYk/hLA4KyLBRFmNJY6wh3tqBUJj+vd8l
X8JOO6HPFWqz30WrkQ+TD0ShTAmRebAyqr0FZUrWlyPZo2M6PlsLfNHJ5v4dEUF6
iJLvX2LMb9mGjwqtAeKQwaoTWdkZGt2J7E3CGONDDgC26MwWPeO3
-----END CERTIFICATE-----