Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/IIWZMRQadMlDPwZL6d3Er5pdAfc.roa
File:                     IIWZMRQadMlDPwZL6d3Er5pdAfc.roa (raw, json)
Hash identifier:          2HzKuOFH5a74FiZlhhrRWAvlkxxJIVz7pGi/qtUBPvE=
Subject key identifier:   20:85:99:31:14:1A:74:C9:43:3F:06:4B:E9:DD:C4:AF:9A:5D:01:F7
Certificate issuer:       /CN=7ba289ebe93351236a5580eb5b70102cf3f11dfc
Certificate serial:       018CCA9A145E2FA59C0989684C5F15CB7B24
Authority key identifier: 7B:A2:89:EB:E9:33:51:23:6A:55:80:EB:5B:70:10:2C:F3:F1:1D:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/IIWZMRQadMlDPwZL6d3Er5pdAfc.roa
Signing time:             Tue 02 Jan 2024 14:35:44 +0000
ROA not before:           Tue 02 Jan 2024 14:35:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34309
IP address blocks:        185.181.116.0/22 maxlen: 24
                          91.197.228.0/22 maxlen: 24
                          2a0a:cb80::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:03:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:14:5e:2f:a5:9c:09:89:68:4c:5f:15:cb:7b:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ba289ebe93351236a5580eb5b70102cf3f11dfc
        Validity
            Not Before: Jan  2 14:35:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20859931141a74c9433f064be9ddc4af9a5d01f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:aa:ca:fa:dd:9a:ab:88:4b:d4:41:79:12:1e:
                    d5:96:76:b6:64:d2:95:41:90:46:8d:bc:12:0b:37:
                    aa:88:61:68:76:b8:21:d5:66:28:94:8d:7a:7e:68:
                    6d:59:03:fd:4b:9a:ea:19:86:c8:cc:02:17:f7:9d:
                    ab:16:4f:58:2d:b2:08:ee:d1:84:d1:64:38:97:65:
                    9e:66:3c:9b:0e:c3:e7:ba:fc:4b:63:5c:39:9b:35:
                    e3:31:ea:24:0d:76:b8:17:ca:61:a4:28:32:bf:aa:
                    f3:5d:77:3a:71:d9:4e:8a:39:25:3c:06:5c:83:86:
                    5e:ae:54:de:bf:8b:1d:44:37:6d:70:43:43:b2:5f:
                    ec:14:c8:b5:e6:66:d0:16:58:cd:f0:3b:08:62:1b:
                    c5:62:0b:d3:68:ae:4f:9c:1c:cd:de:ee:e9:12:6c:
                    77:fd:aa:92:2f:4e:13:df:a5:0f:ca:ef:16:fd:3a:
                    0c:1b:65:b2:72:8a:07:19:ab:ed:57:5a:60:1e:d3:
                    40:a6:89:2b:56:40:5f:3e:0c:d5:2e:e6:63:52:dd:
                    fb:52:0c:d5:65:e9:cd:df:97:9f:0c:db:27:66:3f:
                    1d:77:d7:c1:7a:75:af:fc:4f:c8:c0:3c:89:ae:0e:
                    ad:a6:09:9e:49:f6:79:f7:f8:de:08:ff:2b:13:41:
                    7c:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:85:99:31:14:1A:74:C9:43:3F:06:4B:E9:DD:C4:AF:9A:5D:01:F7
            X509v3 Authority Key Identifier:
                keyid:7B:A2:89:EB:E9:33:51:23:6A:55:80:EB:5B:70:10:2C:F3:F1:1D:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/IIWZMRQadMlDPwZL6d3Er5pdAfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.228.0/22
                  185.181.116.0/22
                IPv6:
                  2a0a:cb80::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:79:77:e8:1a:6e:9a:41:7f:9a:84:d9:3b:63:81:33:f5:fc:
         e9:52:23:5e:3d:65:13:17:e8:e0:4d:05:d4:c2:34:13:cd:f3:
         39:92:86:42:85:97:de:1f:8a:1e:4c:55:a0:cd:32:3d:3c:59:
         1c:9b:fd:64:86:2b:6e:1e:3f:ef:28:91:7b:d4:d7:a5:d6:13:
         e2:02:08:79:e8:50:84:86:29:f5:d8:e0:7a:5b:2b:95:f5:d1:
         d9:e9:aa:64:cd:c2:37:16:ff:6f:15:88:5e:d9:55:e7:d9:df:
         df:cb:1e:f2:f7:de:97:df:52:b7:14:e0:5b:65:1a:29:30:0e:
         7e:e9:33:e0:d5:a2:3c:16:50:b3:e5:5e:0f:98:67:c5:60:9f:
         a7:d0:b0:fb:01:1e:98:4c:e3:61:15:61:1e:59:bd:27:50:91:
         40:14:60:d7:9e:ba:5b:4f:76:e0:43:26:6e:d7:5f:6e:86:c3:
         f8:06:b1:07:3c:b2:85:51:c2:44:15:96:25:c3:d3:4d:5b:16:
         56:8c:b1:0a:c2:5b:b7:df:dd:72:15:0e:19:46:22:eb:1c:57:
         12:48:ce:fe:07:96:b0:3a:94:4b:2b:e0:9e:02:6d:51:97:77:
         49:ef:fc:c9:9d:db:6b:bd:6e:ae:73:8d:8d:18:96:47:38:2f:
         b0:83:e9:92
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKmhReL6WcCYloTF8Vy3skMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYTI4OWViZTkzMzUxMjM2YTU1ODBlYjViNzAxMDJjZjNm
MTFkZmMwHhcNMjQwMTAyMTQzNTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDg1OTkzMTE0MWE3NGM5NDMzZjA2NGJlOWRkYzRhZjlhNWQwMWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKrK+t2aq4hL1EF5Eh7Vlna2ZNKV
QZBGjbwSCzeqiGFodrgh1WYolI16fmhtWQP9S5rqGYbIzAIX952rFk9YLbII7tGE
0WQ4l2WeZjybDsPnuvxLY1w5mzXjMeokDXa4F8phpCgyv6rzXXc6cdlOijklPAZc
g4ZerlTev4sdRDdtcENDsl/sFMi15mbQFljN8DsIYhvFYgvTaK5PnBzN3u7pEmx3
/aqSL04T36UPyu8W/ToMG2WycooHGavtV1pgHtNApokrVkBfPgzVLuZjUt37UgzV
ZenN35efDNsnZj8dd9fBenWv/E/IwDyJrg6tpgmeSfZ59/jeCP8rE0F8DwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCCFmTEUGnTJQz8GS+ndxK+aXQH3MB8GA1UdIwQY
MBaAFHuiievpM1EjalWA61twECzz8R38MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZLSjYta3pVU05xVllEclczQVFMUFB4SGZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9kZTFlN2MtN2Q3NC00Y2NjLTljNmMt
ZDE2M2I1NDk5ZTY4LzEvSUlXWk1SUWFkTWxEUHdaTDZkM0VyNXBkQWZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9kZTFlN2MtN2Q3NC00Y2NjLTljNmMtZDE2M2I1NDk5ZTY4
LzEvZTZLSjYta3pVU05xVllEclczQVFMUFB4SGZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCW8XkAwQC
ubV0MA0EAgACMAcDBQAqCsuAMA0GCSqGSIb3DQEBCwUAA4IBAQBleXfoGm6aQX+a
hNk7Y4Ez9fzpUiNePWUTF+jgTQXUwjQTzfM5koZChZfeH4oeTFWgzTI9PFkcm/1k
hituHj/vKJF71Nel1hPiAgh56FCEhin12OB6WyuV9dHZ6apkzcI3Fv9vFYhe2VXn
2d/fyx7y996X31K3FOBbZRopMA5+6TPg1aI8FlCz5V4PmGfFYJ+n0LD7AR6YTONh
FWEeWb0nUJFAFGDXnrpbT3bgQyZu119uhsP4BrEHPLKFUcJEFZYlw9NNWxZWjLEK
wlu3391yFQ4ZRiLrHFcSSM7+B5awOpRLK+CeAm1Rl3dJ7/zJndtrvW6uc42NGJZH
OC+wg+mS
-----END CERTIFICATE-----