Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/4f0335-e860-4619-9380-e341b0f915d3/1/IqQlAgsSTMl6A2f6ljqbGC1VYSY.roa
File:                     IqQlAgsSTMl6A2f6ljqbGC1VYSY.roa (raw, json)
Hash identifier:          t5MeZ5vLq1wpdpveGwvPM8YTPFkMI8GRNZaF3JxotL4=
Subject key identifier:   22:A4:25:02:0B:12:4C:C9:7A:03:67:FA:96:3A:9B:18:2D:55:61:26
Certificate issuer:       /CN=4a63dc6753a8cbd74b74452c1536f37d9c4dc70c
Certificate serial:       018CFD34BB7C906EA36F820345C60BCF46A8
Authority key identifier: 4A:63:DC:67:53:A8:CB:D7:4B:74:45:2C:15:36:F3:7D:9C:4D:C7:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmPcZ1Ooy9dLdEUsFTbzfZxNxww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/4f0335-e860-4619-9380-e341b0f915d3/1/IqQlAgsSTMl6A2f6ljqbGC1VYSY.roa
Signing time:             Fri 12 Jan 2024 10:25:40 +0000
ROA not before:           Fri 12 Jan 2024 10:25:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201850
IP address blocks:        185.154.191.0/24 maxlen: 24
                          45.136.142.0/23 maxlen: 23
                          45.136.142.0/24 maxlen: 24
                          45.136.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/4f0335-e860-4619-9380-e341b0f915d3/1/SmPcZ1Ooy9dLdEUsFTbzfZxNxww.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/4f0335-e860-4619-9380-e341b0f915d3/1/SmPcZ1Ooy9dLdEUsFTbzfZxNxww.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmPcZ1Ooy9dLdEUsFTbzfZxNxww.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fd:34:bb:7c:90:6e:a3:6f:82:03:45:c6:0b:cf:46:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a63dc6753a8cbd74b74452c1536f37d9c4dc70c
        Validity
            Not Before: Jan 12 10:25:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22a425020b124cc97a0367fa963a9b182d556126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:43:5a:ad:c4:b1:ff:08:f8:db:00:90:b6:cb:
                    93:5e:a7:28:6c:dc:8e:9f:e7:f8:62:af:e6:ca:5c:
                    9f:c4:b5:b3:75:5d:52:63:22:ce:22:08:bb:98:34:
                    bf:eb:bb:21:34:84:b5:15:7e:32:b8:d9:db:0d:dc:
                    86:13:0e:e0:bd:1e:07:48:ec:6c:89:f5:91:1b:36:
                    3e:72:b3:a4:7d:60:8f:8c:94:56:9d:a5:74:eb:9f:
                    07:be:bc:0a:05:94:62:2f:ac:1a:cc:14:2d:5e:e8:
                    58:70:5b:37:cc:90:9c:bb:f0:f5:7c:9a:fe:fd:8b:
                    f2:8b:8d:6a:0c:f4:f5:c0:04:22:25:5a:ea:8b:78:
                    b7:4a:f1:ac:07:3b:b9:c2:f1:22:a9:fa:b7:87:23:
                    fc:57:0d:84:9e:ef:e0:2a:22:c5:c1:32:b6:ed:c0:
                    bb:43:dd:5a:bd:a2:9c:95:e8:56:e2:8a:e4:c2:b6:
                    bb:1d:d5:bd:5f:32:f5:d6:8d:39:ee:d5:38:4e:53:
                    77:28:03:26:d8:5c:5a:a0:20:c3:a9:91:26:f1:46:
                    2a:f0:e9:d3:38:09:15:14:89:73:e6:64:d7:f4:a2:
                    ff:e4:ce:50:32:62:9d:ef:1e:f9:d8:5c:c6:8e:cd:
                    cc:f3:f0:72:65:02:60:6b:ed:fb:8d:1f:18:1c:d0:
                    a6:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:A4:25:02:0B:12:4C:C9:7A:03:67:FA:96:3A:9B:18:2D:55:61:26
            X509v3 Authority Key Identifier:
                keyid:4A:63:DC:67:53:A8:CB:D7:4B:74:45:2C:15:36:F3:7D:9C:4D:C7:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmPcZ1Ooy9dLdEUsFTbzfZxNxww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/4f0335-e860-4619-9380-e341b0f915d3/1/IqQlAgsSTMl6A2f6ljqbGC1VYSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/4f0335-e860-4619-9380-e341b0f915d3/1/SmPcZ1Ooy9dLdEUsFTbzfZxNxww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.142.0/23
                  185.154.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:13:be:63:87:65:dc:ce:8c:07:7e:c6:f7:e6:12:81:6b:d9:
         30:9a:95:58:cd:ab:d2:df:24:94:60:5c:3b:47:18:64:40:f7:
         7f:9a:2d:49:05:e0:cd:81:79:e5:34:42:c1:4f:07:58:2b:0d:
         63:1a:7d:e9:f8:a8:29:2a:72:8c:ad:98:60:2b:ec:08:82:f2:
         9e:ad:a0:d8:07:68:d2:9c:0b:0a:d2:82:9e:52:3b:39:61:ad:
         89:84:27:13:1c:7c:af:b6:41:92:2e:75:31:87:94:3b:2c:7a:
         50:5f:9b:61:3a:45:22:7f:a6:02:72:a7:8a:06:6f:ec:00:7f:
         db:de:a8:81:56:0f:86:9d:74:af:b8:00:d2:4e:16:06:55:ac:
         a3:86:29:25:9c:a8:42:05:96:38:77:e3:ea:53:39:90:5f:50:
         53:bf:a6:df:80:38:9c:15:a1:33:d0:8e:7d:ec:0f:30:e4:93:
         51:11:93:ac:96:37:e0:cd:a5:c4:3f:dc:fe:84:46:b7:d5:61:
         71:30:54:97:d7:a1:4b:ce:c4:c0:39:14:72:9f:28:82:04:9c:
         93:14:6f:98:9f:bf:e4:6a:87:4c:60:b2:ca:45:a9:63:2f:3d:
         37:3f:d1:4e:02:f8:49:a2:be:01:49:32:d1:8e:0b:30:83:eb:
         0a:12:f9:23
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYz9NLt8kG6jb4IDRcYLz0aoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjNkYzY3NTNhOGNiZDc0Yjc0NDUyYzE1MzZmMzdkOWM0
ZGM3MGMwHhcNMjQwMTEyMTAyNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmE0MjUwMjBiMTI0Y2M5N2EwMzY3ZmE5NjNhOWIxODJkNTU2MTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuENarcSx/wj42wCQtsuTXqcobNyO
n+f4Yq/mylyfxLWzdV1SYyLOIgi7mDS/67shNIS1FX4yuNnbDdyGEw7gvR4HSOxs
ifWRGzY+crOkfWCPjJRWnaV0658HvrwKBZRiL6wazBQtXuhYcFs3zJCcu/D1fJr+
/Yvyi41qDPT1wAQiJVrqi3i3SvGsBzu5wvEiqfq3hyP8Vw2Enu/gKiLFwTK27cC7
Q91avaKclehW4orkwra7HdW9XzL11o057tU4TlN3KAMm2FxaoCDDqZEm8UYq8OnT
OAkVFIlz5mTX9KL/5M5QMmKd7x752FzGjs3M8/ByZQJga+37jR8YHNCmuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCKkJQILEkzJegNn+pY6mxgtVWEmMB8GA1UdIwQY
MBaAFEpj3GdTqMvXS3RFLBU2832cTccMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21QY1oxT295OWRMZEVVc0ZUYnpmWnhOeHd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni80ZjAzMzUtZTg2MC00NjE5LTkzODAt
ZTM0MWIwZjkxNWQzLzEvSXFRbEFnc1NUTWw2QTJmNmxqcWJHQzFWWVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni80ZjAzMzUtZTg2MC00NjE5LTkzODAtZTM0MWIwZjkxNWQz
LzEvU21QY1oxT295OWRMZEVVc0ZUYnpmWnhOeHd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLYiOAwQA
uZq/MA0GCSqGSIb3DQEBCwUAA4IBAQC8E75jh2XczowHfsb35hKBa9kwmpVYzavS
3ySUYFw7RxhkQPd/mi1JBeDNgXnlNELBTwdYKw1jGn3p+KgpKnKMrZhgK+wIgvKe
raDYB2jSnAsK0oKeUjs5Ya2JhCcTHHyvtkGSLnUxh5Q7LHpQX5thOkUif6YCcqeK
Bm/sAH/b3qiBVg+GnXSvuADSThYGVayjhiklnKhCBZY4d+PqUzmQX1BTv6bfgDic
FaEz0I597A8w5JNREZOsljfgzaXEP9z+hEa31WFxMFSX16FLzsTAORRynyiCBJyT
FG+Yn7/kaodMYLLKRaljLz03P9FOAvhJor4BSTLRjgswg+sKEvkj
-----END CERTIFICATE-----