Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/IS87LO2FLY_eRcW5-8b7bd4mFQE.roa
File:                     IS87LO2FLY_eRcW5-8b7bd4mFQE.roa (raw, json)
Hash identifier:          oUHXQl6UmB9sdqXhE+LHeLdJ05lLPM4K0UR1vNNdlII=
Subject key identifier:   21:2F:3B:2C:ED:85:2D:8F:DE:45:C5:B9:FB:C6:FB:6D:DE:26:15:01
Certificate issuer:       /CN=4ddd0f9dcd88949b8f3a3771063562a057679290
Certificate serial:       018CC7265203B1DDEBFC5E1371F286A3767D
Authority key identifier: 4D:DD:0F:9D:CD:88:94:9B:8F:3A:37:71:06:35:62:A0:57:67:92:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Td0Pnc2IlJuPOjdxBjVioFdnkpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/IS87LO2FLY_eRcW5-8b7bd4mFQE.roa
Signing time:             Mon 01 Jan 2024 22:30:26 +0000
ROA not before:           Mon 01 Jan 2024 22:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197991
IP address blocks:        185.239.56.0/22 maxlen: 24
                          2a0c:4b80::/34 maxlen: 34

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/Td0Pnc2IlJuPOjdxBjVioFdnkpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/Td0Pnc2IlJuPOjdxBjVioFdnkpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Td0Pnc2IlJuPOjdxBjVioFdnkpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 01:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:52:03:b1:dd:eb:fc:5e:13:71:f2:86:a3:76:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ddd0f9dcd88949b8f3a3771063562a057679290
        Validity
            Not Before: Jan  1 22:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=212f3b2ced852d8fde45c5b9fbc6fb6dde261501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:78:34:1e:3c:5c:50:a4:7d:03:d4:4a:c6:2f:
                    67:02:b2:a1:ad:5e:a7:00:9c:c0:57:1c:7d:0c:0d:
                    90:58:4c:ab:d2:f1:8b:eb:86:93:fc:a0:40:9d:46:
                    21:cd:af:ba:87:83:ee:58:6a:eb:c5:87:60:f6:d4:
                    69:ad:f9:40:c4:02:a8:a6:d9:c7:8e:87:bb:01:fc:
                    4a:cf:4f:86:c3:d2:38:b1:be:48:24:bb:0c:7f:fb:
                    1b:93:52:58:b2:4f:64:1e:21:5a:fd:8e:8a:33:34:
                    f9:bc:34:aa:b0:43:3b:03:5e:b3:2a:c8:ee:41:8e:
                    1e:72:18:a6:1e:3d:a6:51:46:63:39:f7:11:40:bc:
                    96:6a:88:29:61:5d:dd:97:06:c6:0f:fb:03:a1:51:
                    ab:27:10:f2:f6:00:92:3d:33:76:fc:30:8e:7e:22:
                    d1:e7:1c:2f:f6:b6:b5:a7:07:21:5e:8d:e2:0b:f9:
                    3e:dc:83:dd:11:bd:e1:7e:c5:17:c3:36:e6:90:51:
                    34:1b:e5:23:d8:3e:d4:4e:cd:38:8e:5d:10:5f:77:
                    e1:29:b1:df:d1:16:a5:af:cd:fe:b5:93:48:bc:77:
                    09:52:5d:a9:74:db:eb:01:88:31:b3:4c:67:bf:60:
                    08:04:6e:54:a5:5f:1b:82:88:b3:26:dc:b9:4c:1b:
                    22:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:2F:3B:2C:ED:85:2D:8F:DE:45:C5:B9:FB:C6:FB:6D:DE:26:15:01
            X509v3 Authority Key Identifier:
                keyid:4D:DD:0F:9D:CD:88:94:9B:8F:3A:37:71:06:35:62:A0:57:67:92:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Td0Pnc2IlJuPOjdxBjVioFdnkpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/IS87LO2FLY_eRcW5-8b7bd4mFQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/Td0Pnc2IlJuPOjdxBjVioFdnkpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.56.0/22
                IPv6:
                  2a0c:4b80::/34

    Signature Algorithm: sha256WithRSAEncryption
         19:9e:e0:01:97:c5:c9:dc:12:90:97:47:ee:40:c5:2f:2a:5d:
         0b:51:57:1e:09:51:48:c8:48:75:09:79:56:32:0f:cc:50:54:
         71:88:72:99:b5:19:21:30:80:48:8d:11:8a:7f:4b:b5:cd:48:
         34:fd:6a:46:b5:81:c6:59:59:57:66:a0:8e:06:32:50:20:ab:
         f9:41:d3:85:44:55:45:7c:a9:d5:90:51:1a:cc:30:5b:d2:b8:
         a8:59:3d:97:b2:ac:02:16:51:30:90:f4:4e:4b:34:e7:0e:c6:
         a8:ea:7a:da:86:52:07:91:12:d6:07:7e:22:04:80:b9:26:00:
         50:90:1e:68:be:2b:13:23:1a:39:c6:d8:cf:b6:4c:79:83:53:
         78:41:ac:5a:56:1d:d3:91:7f:ba:4e:4c:b9:a2:4f:ed:06:0d:
         5b:98:05:e9:36:bb:d5:ec:d9:fc:82:74:cb:63:99:f0:34:a6:
         25:25:72:12:fb:13:1e:9f:e7:5d:4e:40:e1:b8:5f:ab:5b:79:
         dd:fa:55:98:1c:6b:c0:fd:c5:16:b7:4d:57:ee:a9:73:bb:41:
         c1:af:fa:b4:29:75:51:16:21:5f:42:d4:ed:4e:6e:88:c9:7c:
         11:8a:ec:16:af:06:0d:a6:90:e1:b1:eb:2b:1a:e8:b0:5f:eb:
         78:c0:4c:24
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzHJlIDsd3r/F4TcfKGo3Z9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZGQwZjlkY2Q4ODk0OWI4ZjNhMzc3MTA2MzU2MmEwNTc2
NzkyOTAwHhcNMjQwMTAxMjIzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTJmM2IyY2VkODUyZDhmZGU0NWM1YjlmYmM2ZmI2ZGRlMjYxNTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXg0HjxcUKR9A9RKxi9nArKhrV6n
AJzAVxx9DA2QWEyr0vGL64aT/KBAnUYhza+6h4PuWGrrxYdg9tRprflAxAKoptnH
joe7AfxKz0+Gw9I4sb5IJLsMf/sbk1JYsk9kHiFa/Y6KMzT5vDSqsEM7A16zKsju
QY4echimHj2mUUZjOfcRQLyWaogpYV3dlwbGD/sDoVGrJxDy9gCSPTN2/DCOfiLR
5xwv9ra1pwchXo3iC/k+3IPdEb3hfsUXwzbmkFE0G+Uj2D7UTs04jl0QX3fhKbHf
0Ralr83+tZNIvHcJUl2pdNvrAYgxs0xnv2AIBG5UpV8bgoizJty5TBsiGwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFCEvOyzthS2P3kXFufvG+23eJhUBMB8GA1UdIwQY
MBaAFE3dD53NiJSbjzo3cQY1YqBXZ5KQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGQwUG5jMklsSnVQT2pkeEJqVmlvRmRua3BBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8zYTdlNDktOWQyNy00ZTRlLWFhMzYt
NmY2Y2NiNmUyY2RhLzEvSVM4N0xPMkZMWV9lUmNXNS04YjdiZDRtRlFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8zYTdlNDktOWQyNy00ZTRlLWFhMzYtNmY2Y2NiNmUyY2Rh
LzEvVGQwUG5jMklsSnVQT2pkeEJqVmlvRmRua3BBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCue84MA4E
AgACMAgDBgYqDEuAADANBgkqhkiG9w0BAQsFAAOCAQEAGZ7gAZfFydwSkJdH7kDF
LypdC1FXHglRSMhIdQl5VjIPzFBUcYhymbUZITCASI0Rin9Ltc1INP1qRrWBxllZ
V2agjgYyUCCr+UHThURVRXyp1ZBRGswwW9K4qFk9l7KsAhZRMJD0Tks05w7GqOp6
2oZSB5ES1gd+IgSAuSYAUJAeaL4rEyMaOcbYz7ZMeYNTeEGsWlYd05F/uk5MuaJP
7QYNW5gF6Ta71ezZ/IJ0y2OZ8DSmJSVyEvsTHp/nXU5A4bhfq1t53fpVmBxrwP3F
FrdNV+6pc7tBwa/6tCl1URYhX0LU7U5uiMl8EYrsFq8GDaaQ4bHrKxrosF/reMBM
JA==
-----END CERTIFICATE-----