Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/14dd6e-6773-47ff-8e3b-1137073fa8f6/1/70DTM8lDpKWx_VihNVznZWWznnY.roa
File:                     70DTM8lDpKWx_VihNVznZWWznnY.roa (raw, json)
Hash identifier:          idqsiJDCij6sY86t77Xdh9KMsQD6SLoC0jjPANhltro=
Subject key identifier:   EF:40:D3:33:C9:43:A4:A5:B1:FD:58:A1:35:5C:E7:65:65:B3:9E:76
Certificate issuer:       /CN=72b88675247ce1865a353f4cef5b2ac288a39698
Certificate serial:       018EC3247EC1F793327FFD8CE44D6804CC3D
Authority key identifier: 72:B8:86:75:24:7C:E1:86:5A:35:3F:4C:EF:5B:2A:C2:88:A3:96:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/criGdSR84YZaNT9M71sqwoijlpg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/14dd6e-6773-47ff-8e3b-1137073fa8f6/1/70DTM8lDpKWx_VihNVznZWWznnY.roa
Signing time:             Tue 09 Apr 2024 13:55:32 +0000
ROA not before:           Tue 09 Apr 2024 13:55:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        31.42.188.0/23 maxlen: 23
                          46.175.144.0/21 maxlen: 21
                          91.219.62.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/14dd6e-6773-47ff-8e3b-1137073fa8f6/1/criGdSR84YZaNT9M71sqwoijlpg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/14dd6e-6773-47ff-8e3b-1137073fa8f6/1/criGdSR84YZaNT9M71sqwoijlpg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/criGdSR84YZaNT9M71sqwoijlpg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c3:24:7e:c1:f7:93:32:7f:fd:8c:e4:4d:68:04:cc:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b88675247ce1865a353f4cef5b2ac288a39698
        Validity
            Not Before: Apr  9 13:55:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef40d333c943a4a5b1fd58a1355ce76565b39e76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:1f:66:1e:bf:d6:3e:cb:76:4d:63:36:a5:8f:
                    e5:89:bd:1c:1b:7f:4c:58:b5:a3:fc:d9:23:3e:ed:
                    3a:0c:fa:72:21:08:f7:46:93:6a:cc:c9:4a:5a:8c:
                    d2:51:5c:9d:d4:ae:b8:9c:1f:6b:8b:b9:fd:7a:c4:
                    d7:b0:fa:01:74:34:c1:61:5e:bf:5f:9d:15:cc:fe:
                    b3:6d:28:3e:b6:9c:ff:b0:01:ff:14:c4:db:09:86:
                    01:28:90:85:cf:40:cd:91:ed:59:56:eb:ea:8f:d2:
                    a8:81:e9:6f:67:5d:6e:36:26:98:98:71:46:6b:76:
                    66:9f:ab:da:d9:74:65:85:66:db:0d:5a:09:aa:06:
                    56:e3:2e:6e:26:e1:fd:af:18:88:30:12:90:68:9f:
                    6a:d2:4e:db:a1:6d:bb:d0:78:9b:87:19:62:ba:e2:
                    39:40:de:7a:3d:44:b7:e3:3d:cb:19:72:0e:21:06:
                    74:77:7d:d0:46:73:73:e3:bb:17:f9:7e:70:63:bb:
                    3d:36:f3:1a:a9:46:2d:b9:48:49:11:4a:d7:43:cb:
                    b3:9a:8b:c6:9a:12:ff:bc:d8:7b:6b:a9:31:e9:a5:
                    63:d9:96:76:a9:9b:01:10:ee:c5:90:fe:61:73:cd:
                    c7:c3:d7:dd:bb:0d:f9:d6:0b:bb:a5:90:d7:6c:ad:
                    0b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:40:D3:33:C9:43:A4:A5:B1:FD:58:A1:35:5C:E7:65:65:B3:9E:76
            X509v3 Authority Key Identifier:
                keyid:72:B8:86:75:24:7C:E1:86:5A:35:3F:4C:EF:5B:2A:C2:88:A3:96:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/criGdSR84YZaNT9M71sqwoijlpg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/14dd6e-6773-47ff-8e3b-1137073fa8f6/1/70DTM8lDpKWx_VihNVznZWWznnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/14dd6e-6773-47ff-8e3b-1137073fa8f6/1/criGdSR84YZaNT9M71sqwoijlpg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.188.0/23
                  46.175.144.0/21
                  91.219.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:3a:ab:70:a6:6d:87:a5:4b:15:41:76:3a:77:09:6d:08:6b:
         a2:10:3c:4a:08:95:c1:e0:fc:b3:f0:b8:a7:f3:09:48:1a:e0:
         d0:fe:12:4c:5c:88:ee:48:ec:0e:99:a7:b0:ff:cf:64:76:09:
         ee:15:62:ca:fc:88:49:35:f2:e4:96:6b:ab:11:ae:63:e7:aa:
         0b:eb:5f:12:eb:37:38:93:6d:e1:45:fa:c9:58:a7:6d:46:38:
         53:d9:88:35:d9:a7:ae:a3:e8:b1:50:b6:18:95:82:61:fd:f3:
         8a:8c:5d:8f:b4:9c:1f:e9:18:a4:d7:24:be:14:7f:fe:3f:a6:
         4f:86:b1:1b:2e:2e:99:56:7f:47:c0:f9:65:28:72:71:22:15:
         be:27:52:b6:24:f6:41:0e:7b:1d:4b:ef:cd:33:5a:1a:c0:aa:
         7e:5d:8d:90:5a:a1:8b:68:ee:a1:0e:f9:a2:74:c0:c1:ce:c0:
         03:1e:10:56:1f:aa:b4:4b:1a:b5:d8:30:b0:27:12:ce:91:ce:
         61:a6:08:c5:4d:dc:be:da:bd:8d:d8:00:45:da:d4:c3:51:3b:
         68:51:9b:62:27:68:e5:c0:b2:17:52:b2:f5:1f:c1:2e:9a:b0:
         d7:23:13:eb:a1:54:ca:0a:d2:04:87:6d:90:24:df:96:71:1e:
         be:09:e1:1a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY7DJH7B95Myf/2M5E1oBMw9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjg4Njc1MjQ3Y2UxODY1YTM1M2Y0Y2VmNWIyYWMyODhh
Mzk2OTgwHhcNMjQwNDA5MTM1NTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjQwZDMzM2M5NDNhNGE1YjFmZDU4YTEzNTVjZTc2NTY1YjM5ZTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkR9mHr/WPst2TWM2pY/lib0cG39M
WLWj/NkjPu06DPpyIQj3RpNqzMlKWozSUVyd1K64nB9ri7n9esTXsPoBdDTBYV6/
X50VzP6zbSg+tpz/sAH/FMTbCYYBKJCFz0DNke1ZVuvqj9KogelvZ11uNiaYmHFG
a3Zmn6va2XRlhWbbDVoJqgZW4y5uJuH9rxiIMBKQaJ9q0k7boW270HibhxliuuI5
QN56PUS34z3LGXIOIQZ0d33QRnNz47sX+X5wY7s9NvMaqUYtuUhJEUrXQ8uzmovG
mhL/vNh7a6kx6aVj2ZZ2qZsBEO7FkP5hc83Hw9fduw351gu7pZDXbK0LjQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO9A0zPJQ6Slsf1YoTVc52Vls552MB8GA1UdIwQY
MBaAFHK4hnUkfOGGWjU/TO9bKsKIo5aYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JpR2RTUjg0WVphTlQ5TTcxc3F3b2lqbHBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8xNGRkNmUtNjc3My00N2ZmLThlM2It
MTEzNzA3M2ZhOGY2LzEvNzBEVE04bERwS1d4X1ZpaE5Wem5aV1d6bm5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8xNGRkNmUtNjc3My00N2ZmLThlM2ItMTEzNzA3M2ZhOGY2
LzEvY3JpR2RTUjg0WVphTlQ5TTcxc3F3b2lqbHBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBHyq8AwQD
Lq+QAwQBW9s+MA0GCSqGSIb3DQEBCwUAA4IBAQCSOqtwpm2HpUsVQXY6dwltCGui
EDxKCJXB4Pyz8Lin8wlIGuDQ/hJMXIjuSOwOmaew/89kdgnuFWLK/IhJNfLklmur
Ea5j56oL618S6zc4k23hRfrJWKdtRjhT2Yg12aeuo+ixULYYlYJh/fOKjF2PtJwf
6Rik1yS+FH/+P6ZPhrEbLi6ZVn9HwPllKHJxIhW+J1K2JPZBDnsdS+/NM1oawKp+
XY2QWqGLaO6hDvmidMDBzsADHhBWH6q0Sxq12DCwJxLOkc5hpgjFTdy+2r2N2ABF
2tTDUTtoUZtiJ2jlwLIXUrL1H8EumrDXIxProVTKCtIEh22QJN+WcR6+CeEa
-----END CERTIFICATE-----