Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/502ecd-e6fe-4298-8054-1385871a909d/1/iZiyV0ORJ-KY6APD5s66sF-gxYU.roa
File:                     iZiyV0ORJ-KY6APD5s66sF-gxYU.roa (raw, json)
Hash identifier:          WNmagUtZ/t/Dk8tHKJWccrMbWHQCN8dns0Xs9HXTUrw=
Subject key identifier:   89:98:B2:57:43:91:27:E2:98:E8:03:C3:E6:CE:BA:B0:5F:A0:C5:85
Certificate issuer:       /CN=23a3482e1d66d87f5b9a5eeb9c8afd6b5ec23224
Certificate serial:       018CC86F1B869E31285570E7868EC2FF5A55
Authority key identifier: 23:A3:48:2E:1D:66:D8:7F:5B:9A:5E:EB:9C:8A:FD:6B:5E:C2:32:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I6NILh1m2H9bml7rnIr9a17CMiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/502ecd-e6fe-4298-8054-1385871a909d/1/iZiyV0ORJ-KY6APD5s66sF-gxYU.roa
Signing time:             Tue 02 Jan 2024 04:29:33 +0000
ROA not before:           Tue 02 Jan 2024 04:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201411
IP address blocks:        185.70.143.0/24 maxlen: 24
                          185.70.140.0/22 maxlen: 23
                          185.70.142.0/24 maxlen: 24
                          2a05:2a40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/502ecd-e6fe-4298-8054-1385871a909d/1/I6NILh1m2H9bml7rnIr9a17CMiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/502ecd-e6fe-4298-8054-1385871a909d/1/I6NILh1m2H9bml7rnIr9a17CMiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I6NILh1m2H9bml7rnIr9a17CMiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1b:86:9e:31:28:55:70:e7:86:8e:c2:ff:5a:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23a3482e1d66d87f5b9a5eeb9c8afd6b5ec23224
        Validity
            Not Before: Jan  2 04:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8998b257439127e298e803c3e6cebab05fa0c585
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:5a:45:0b:f7:cc:c0:17:88:b4:2a:61:49:6f:
                    67:0a:20:03:a5:97:28:b8:87:d4:bb:7b:4a:99:3e:
                    66:8c:19:08:49:17:77:4b:25:48:82:ca:e5:02:89:
                    a0:3c:8d:07:d0:6e:09:4b:5a:db:cc:74:41:86:da:
                    31:67:5b:87:c8:a9:4c:e6:23:14:0f:f8:65:c1:1c:
                    85:02:0a:ad:42:f5:7c:e1:95:f0:a3:df:0b:c2:c3:
                    d0:c4:58:3a:7f:c7:dd:f9:36:19:a4:72:21:07:f1:
                    a0:67:55:94:b7:ae:b2:77:4c:2d:26:e2:e3:c2:3b:
                    26:f2:6e:e1:ef:84:2c:c2:9e:47:d6:ec:37:82:5c:
                    d2:3c:dc:5d:a5:5b:f7:70:f9:28:69:26:98:50:4f:
                    9a:13:9e:9b:ee:2d:8f:7f:84:82:4d:dc:e1:36:50:
                    da:3f:e2:67:76:c9:f4:19:43:12:42:c4:90:79:4e:
                    ed:3a:84:64:2d:14:2d:7c:86:4c:2b:c4:84:65:40:
                    c6:05:a1:9c:83:83:a6:75:1f:f6:85:26:67:f9:db:
                    58:69:ad:0b:d7:c3:b7:7e:33:98:a2:4d:f2:72:9a:
                    0d:bd:3d:1c:0c:31:36:56:2e:7b:a9:f5:b3:ba:20:
                    0f:7d:7e:da:f7:e5:60:0b:d8:1d:16:3d:1d:25:b9:
                    ed:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:98:B2:57:43:91:27:E2:98:E8:03:C3:E6:CE:BA:B0:5F:A0:C5:85
            X509v3 Authority Key Identifier:
                keyid:23:A3:48:2E:1D:66:D8:7F:5B:9A:5E:EB:9C:8A:FD:6B:5E:C2:32:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I6NILh1m2H9bml7rnIr9a17CMiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/502ecd-e6fe-4298-8054-1385871a909d/1/iZiyV0ORJ-KY6APD5s66sF-gxYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/502ecd-e6fe-4298-8054-1385871a909d/1/I6NILh1m2H9bml7rnIr9a17CMiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.140.0/22
                IPv6:
                  2a05:2a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         92:41:99:2a:ef:2a:f6:89:87:34:0c:8b:2b:76:7a:1d:e5:a6:
         68:e0:c1:96:f4:6d:44:82:09:f1:9b:8d:52:d5:ee:49:36:7b:
         5e:a8:cc:b8:98:53:49:3a:f4:e6:5e:4c:97:cd:2f:bd:1c:13:
         b2:26:a3:ba:96:e5:be:5c:b2:4a:e7:ad:57:3c:e1:04:28:27:
         51:b3:10:32:33:be:56:a5:eb:07:82:78:b0:47:8d:cc:5a:ef:
         b1:d9:b0:3f:0e:d3:0d:36:bb:ba:91:4a:f0:4d:19:57:e8:66:
         25:fc:14:e9:78:70:a9:65:2a:29:1a:cd:36:1a:24:eb:79:69:
         b3:10:90:32:c6:e5:48:b1:39:e4:d7:4a:8a:15:55:ba:6c:3d:
         90:b5:86:49:a2:af:c9:dd:82:8f:5e:49:47:1b:7c:55:00:e6:
         ff:de:03:37:3e:aa:4d:a2:a7:d8:21:56:60:b1:39:b1:d8:f5:
         6c:6e:56:74:d6:80:c7:fe:84:a5:1c:21:95:fa:dc:1a:32:27:
         0a:81:8d:48:5f:e6:9d:7f:7d:68:07:4b:c7:36:34:e3:c7:1b:
         12:df:fa:82:2e:02:65:8e:96:fd:e1:39:a4:7e:68:20:27:62:
         11:8a:d3:21:68:83:07:86:9b:a5:f5:28:5d:a0:84:e8:d6:a3:
         5b:c7:ce:c3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIbxuGnjEoVXDnho7C/1pVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzYTM0ODJlMWQ2NmQ4N2Y1YjlhNWVlYjljOGFmZDZiNWVj
MjMyMjQwHhcNMjQwMTAyMDQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTk4YjI1NzQzOTEyN2UyOThlODAzYzNlNmNlYmFiMDVmYTBjNTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVpFC/fMwBeItCphSW9nCiADpZco
uIfUu3tKmT5mjBkISRd3SyVIgsrlAomgPI0H0G4JS1rbzHRBhtoxZ1uHyKlM5iMU
D/hlwRyFAgqtQvV84ZXwo98LwsPQxFg6f8fd+TYZpHIhB/GgZ1WUt66yd0wtJuLj
wjsm8m7h74Qswp5H1uw3glzSPNxdpVv3cPkoaSaYUE+aE56b7i2Pf4SCTdzhNlDa
P+Jndsn0GUMSQsSQeU7tOoRkLRQtfIZMK8SEZUDGBaGcg4OmdR/2hSZn+dtYaa0L
18O3fjOYok3ycpoNvT0cDDE2Vi57qfWzuiAPfX7a9+VgC9gdFj0dJbntDQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFImYsldDkSfimOgDw+bOurBfoMWFMB8GA1UdIwQY
MBaAFCOjSC4dZth/W5pe65yK/WtewjIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTZOSUxoMW0ySDlibWw3cm5JcjlhMTdDTWlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC81MDJlY2QtZTZmZS00Mjk4LTgwNTQt
MTM4NTg3MWE5MDlkLzEvaVppeVYwT1JKLUtZNkFQRDVzNjZzRi1neFlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC81MDJlY2QtZTZmZS00Mjk4LTgwNTQtMTM4NTg3MWE5MDlk
LzEvSTZOSUxoMW0ySDlibWw3cm5JcjlhMTdDTWlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUaMMA0E
AgACMAcDBQMqBSpAMA0GCSqGSIb3DQEBCwUAA4IBAQCSQZkq7yr2iYc0DIsrdnod
5aZo4MGW9G1Eggnxm41S1e5JNnteqMy4mFNJOvTmXkyXzS+9HBOyJqO6luW+XLJK
561XPOEEKCdRsxAyM75WpesHgniwR43MWu+x2bA/DtMNNru6kUrwTRlX6GYl/BTp
eHCpZSopGs02GiTreWmzEJAyxuVIsTnk10qKFVW6bD2QtYZJoq/J3YKPXklHG3xV
AOb/3gM3PqpNoqfYIVZgsTmx2PVsblZ01oDH/oSlHCGV+twaMicKgY1IX+adf31o
B0vHNjTjxxsS3/qCLgJljpb94TmkfmggJ2IRitMhaIMHhpul9ShdoITo1qNbx87D
-----END CERTIFICATE-----