Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/9cb329-0fe9-4ffe-be5f-038a54e3912f/1/iiEwz3S7JzKIGSMmsYCytTIkLT4.roa
File:                     iiEwz3S7JzKIGSMmsYCytTIkLT4.roa (raw, json)
Hash identifier:          T9JqmAd6FjXryweIk/i1JZZvuwr0hFRaWI7+VrsXnf8=
Subject key identifier:   8A:21:30:CF:74:BB:27:32:88:19:23:26:B1:80:B2:B5:32:24:2D:3E
Certificate issuer:       /CN=c9633fa6fc66b43639c056d02174f80c2426614b
Certificate serial:       018CC64B25A4C110BEBC89776C65C8385607
Authority key identifier: C9:63:3F:A6:FC:66:B4:36:39:C0:56:D0:21:74:F8:0C:24:26:61:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yWM_pvxmtDY5wFbQIXT4DCQmYUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/9cb329-0fe9-4ffe-be5f-038a54e3912f/1/iiEwz3S7JzKIGSMmsYCytTIkLT4.roa
Signing time:             Mon 01 Jan 2024 18:31:02 +0000
ROA not before:           Mon 01 Jan 2024 18:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.166.142.0/24 maxlen: 24
                          185.166.143.0/24 maxlen: 24
                          185.166.140.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/9cb329-0fe9-4ffe-be5f-038a54e3912f/1/yWM_pvxmtDY5wFbQIXT4DCQmYUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/9cb329-0fe9-4ffe-be5f-038a54e3912f/1/yWM_pvxmtDY5wFbQIXT4DCQmYUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yWM_pvxmtDY5wFbQIXT4DCQmYUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:25:a4:c1:10:be:bc:89:77:6c:65:c8:38:56:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9633fa6fc66b43639c056d02174f80c2426614b
        Validity
            Not Before: Jan  1 18:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a2130cf74bb273288192326b180b2b532242d3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8c:b6:3a:db:7c:cd:01:33:47:7b:4b:0d:dd:
                    e6:37:0d:4b:97:5f:36:b6:64:6f:05:3c:52:0a:98:
                    3d:48:fd:23:b0:15:f1:68:81:9b:22:bd:9b:e8:57:
                    74:e9:6d:23:92:67:29:18:55:d7:ac:8a:8c:dc:77:
                    32:53:24:64:5c:37:73:31:79:59:52:87:2b:41:b5:
                    ab:9d:df:6b:de:bb:59:c9:bd:26:15:14:b9:2c:aa:
                    df:73:80:77:ac:fb:bb:12:b4:d4:b5:81:3d:14:94:
                    df:18:b9:20:c3:b9:3c:4a:b0:c9:be:99:21:da:a3:
                    ec:17:93:ff:0c:2a:b6:db:7d:a0:cb:3b:2f:a2:0b:
                    94:6a:3b:13:b8:f0:c7:26:28:b5:a3:60:14:a5:43:
                    02:57:ec:eb:6d:17:c8:0a:f7:a7:ce:7f:45:b9:1f:
                    b0:0a:aa:96:5f:17:ee:be:e4:27:f5:20:fb:32:b7:
                    6d:72:30:d5:bb:b5:d6:50:7f:6d:63:d2:5f:d4:4d:
                    88:d4:0e:31:06:dd:81:16:3e:61:b9:94:47:96:40:
                    2c:a0:21:63:d6:da:c5:86:40:9f:4c:e2:f1:19:17:
                    0b:5d:25:af:41:1d:1e:41:7e:98:05:0f:34:bd:83:
                    51:19:d1:05:69:95:0d:26:b8:d7:6a:3e:1f:4c:3f:
                    1c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:21:30:CF:74:BB:27:32:88:19:23:26:B1:80:B2:B5:32:24:2D:3E
            X509v3 Authority Key Identifier:
                keyid:C9:63:3F:A6:FC:66:B4:36:39:C0:56:D0:21:74:F8:0C:24:26:61:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yWM_pvxmtDY5wFbQIXT4DCQmYUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/9cb329-0fe9-4ffe-be5f-038a54e3912f/1/iiEwz3S7JzKIGSMmsYCytTIkLT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/9cb329-0fe9-4ffe-be5f-038a54e3912f/1/yWM_pvxmtDY5wFbQIXT4DCQmYUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:a1:b8:2f:93:e4:99:18:7d:8e:10:28:ca:4b:71:3d:db:b1:
         77:53:f2:24:40:61:23:99:c4:0c:98:a4:49:5e:4d:29:7a:e0:
         bf:89:6e:89:1a:c9:56:f1:42:98:fd:da:97:30:50:e1:16:9d:
         da:4b:33:93:a1:8a:79:e4:77:33:30:e4:2f:f1:b5:e4:08:93:
         8a:30:c8:94:c2:19:f2:3a:42:68:f9:48:22:5a:4b:bf:6a:0f:
         6d:d6:99:57:e5:aa:41:96:0a:f8:74:c4:dd:0f:2c:02:fe:50:
         8a:0a:8a:d7:54:bc:2c:01:4d:33:a4:d2:e5:8b:c1:e8:3f:33:
         71:c1:3f:23:7d:51:58:d9:5c:83:e9:5d:73:03:92:09:f5:41:
         fb:31:39:7a:bb:46:27:1c:bf:2a:37:00:fd:da:06:f4:e2:62:
         97:20:ea:43:3d:97:23:ee:d6:9b:4e:a7:7f:f1:c8:b3:6d:5d:
         9f:1e:79:0a:2c:34:8e:98:54:d8:fd:ee:75:47:53:33:d4:b1:
         82:c1:c2:96:ea:b7:51:e7:51:4a:4e:93:4e:04:35:42:28:f1:
         06:12:c5:ea:a2:5a:dc:3d:2c:cf:a5:7e:db:b5:60:e7:7d:ee:
         6d:8e:8a:e2:ef:ad:31:4c:f2:5c:60:4c:f4:68:fd:73:f9:22:
         27:6c:f2:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSyWkwRC+vIl3bGXIOFYHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NjMzZmE2ZmM2NmI0MzYzOWMwNTZkMDIxNzRmODBjMjQy
NjYxNGIwHhcNMjQwMTAxMTgzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTIxMzBjZjc0YmIyNzMyODgxOTIzMjZiMTgwYjJiNTMyMjQyZDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooy2Ott8zQEzR3tLDd3mNw1Ll182
tmRvBTxSCpg9SP0jsBXxaIGbIr2b6Fd06W0jkmcpGFXXrIqM3HcyUyRkXDdzMXlZ
UocrQbWrnd9r3rtZyb0mFRS5LKrfc4B3rPu7ErTUtYE9FJTfGLkgw7k8SrDJvpkh
2qPsF5P/DCq2232gyzsvoguUajsTuPDHJii1o2AUpUMCV+zrbRfICvenzn9FuR+w
CqqWXxfuvuQn9SD7MrdtcjDVu7XWUH9tY9Jf1E2I1A4xBt2BFj5huZRHlkAsoCFj
1trFhkCfTOLxGRcLXSWvQR0eQX6YBQ80vYNRGdEFaZUNJrjXaj4fTD8cOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIohMM90uycyiBkjJrGAsrUyJC0+MB8GA1UdIwQY
MBaAFMljP6b8ZrQ2OcBW0CF0+AwkJmFLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVdNX3B2eG10RFk1d0ZiUUlYVDREQ1FtWVVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi85Y2IzMjktMGZlOS00ZmZlLWJlNWYt
MDM4YTU0ZTM5MTJmLzEvaWlFd3ozUzdKektJR1NNbXNZQ3l0VElrTFQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi85Y2IzMjktMGZlOS00ZmZlLWJlNWYtMDM4YTU0ZTM5MTJm
LzEveVdNX3B2eG10RFk1d0ZiUUlYVDREQ1FtWVVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaaMMA0G
CSqGSIb3DQEBCwUAA4IBAQARobgvk+SZGH2OECjKS3E927F3U/IkQGEjmcQMmKRJ
Xk0peuC/iW6JGslW8UKY/dqXMFDhFp3aSzOToYp55HczMOQv8bXkCJOKMMiUwhny
OkJo+UgiWku/ag9t1plX5apBlgr4dMTdDywC/lCKCorXVLwsAU0zpNLli8HoPzNx
wT8jfVFY2VyD6V1zA5IJ9UH7MTl6u0YnHL8qNwD92gb04mKXIOpDPZcj7tabTqd/
8cizbV2fHnkKLDSOmFTY/e51R1Mz1LGCwcKW6rdR51FKTpNOBDVCKPEGEsXqolrc
PSzPpX7btWDnfe5tjori760xTPJcYEz0aP1z+SInbPJA
-----END CERTIFICATE-----