Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/9e49ff-4264-4647-95a4-8037965693a2/1/H76q-9LnI75xKSGYrLpbsnp22lI.roa
File:                     H76q-9LnI75xKSGYrLpbsnp22lI.roa (raw, json)
Hash identifier:          y1pt9AU+BvDP8cBPIFIcMEGQJMyInRLkenUWf/g1R7k=
Subject key identifier:   1F:BE:AA:FB:D2:E7:23:BE:71:29:21:98:AC:BA:5B:B2:7A:76:DA:52
Certificate issuer:       /CN=20b5100e798fab7577bf725ac9569ea80e6c2a04
Certificate serial:       018CC86EFA1E35C969D846EF464D99F129CE
Authority key identifier: 20:B5:10:0E:79:8F:AB:75:77:BF:72:5A:C9:56:9E:A8:0E:6C:2A:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ILUQDnmPq3V3v3JayVaeqA5sKgQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/9e49ff-4264-4647-95a4-8037965693a2/1/H76q-9LnI75xKSGYrLpbsnp22lI.roa
Signing time:             Tue 02 Jan 2024 04:29:25 +0000
ROA not before:           Tue 02 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205019
IP address blocks:        185.70.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/9e49ff-4264-4647-95a4-8037965693a2/1/ILUQDnmPq3V3v3JayVaeqA5sKgQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/9e49ff-4264-4647-95a4-8037965693a2/1/ILUQDnmPq3V3v3JayVaeqA5sKgQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ILUQDnmPq3V3v3JayVaeqA5sKgQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fa:1e:35:c9:69:d8:46:ef:46:4d:99:f1:29:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20b5100e798fab7577bf725ac9569ea80e6c2a04
        Validity
            Not Before: Jan  2 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fbeaafbd2e723be71292198acba5bb27a76da52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:a2:d5:41:c2:0a:28:d0:2a:a6:e7:50:8c:82:
                    a2:65:00:bf:b5:9b:b1:2b:36:9c:ac:15:c0:bb:d7:
                    65:13:9e:26:e7:e2:3f:78:d9:e4:54:4a:ed:cb:bf:
                    ee:97:40:c6:2e:10:8b:d1:f3:2d:9d:73:c4:d9:90:
                    40:f6:46:fa:42:e1:75:76:a3:dc:b8:10:87:78:83:
                    7e:5d:10:3a:3b:a7:c2:ae:c2:32:e0:48:84:bd:4f:
                    2e:40:6e:f5:94:a4:c0:99:ce:33:9d:3b:cd:98:91:
                    42:d1:2f:ba:2d:96:0f:16:42:87:5e:14:d4:a4:08:
                    45:a5:b4:9a:4d:84:1a:32:48:ac:b9:5c:c4:9b:c0:
                    ed:f0:31:87:42:47:12:d7:ab:e5:c6:c5:9d:44:df:
                    1d:42:9f:df:8d:e0:d8:34:28:de:fc:5a:10:0a:ea:
                    af:9b:08:a6:07:70:8c:a4:f9:8e:e7:fc:30:8f:62:
                    8d:25:67:12:66:9b:1e:e9:1c:f4:3e:f0:b5:8b:1f:
                    3c:25:13:17:44:f2:10:2a:95:ec:46:d6:a4:13:53:
                    d8:aa:c6:4d:15:7c:2b:98:07:c8:a8:db:21:5d:f4:
                    85:13:78:01:95:15:c4:24:47:d8:eb:da:b1:a8:de:
                    27:95:23:2e:bc:c2:f9:52:76:e5:25:aa:4f:e0:ff:
                    5d:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:BE:AA:FB:D2:E7:23:BE:71:29:21:98:AC:BA:5B:B2:7A:76:DA:52
            X509v3 Authority Key Identifier:
                keyid:20:B5:10:0E:79:8F:AB:75:77:BF:72:5A:C9:56:9E:A8:0E:6C:2A:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ILUQDnmPq3V3v3JayVaeqA5sKgQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/9e49ff-4264-4647-95a4-8037965693a2/1/H76q-9LnI75xKSGYrLpbsnp22lI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/9e49ff-4264-4647-95a4-8037965693a2/1/ILUQDnmPq3V3v3JayVaeqA5sKgQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:c6:65:eb:2b:4c:14:a7:84:e6:8c:73:63:ce:d6:78:75:d0:
         6e:8c:b2:04:8c:33:24:5a:17:3d:74:7d:47:5a:34:5f:71:ca:
         11:fe:fd:c6:78:a1:1d:2b:38:10:dc:2d:01:d3:61:4a:42:24:
         20:72:cc:89:13:aa:e6:a7:af:99:3d:f4:a6:73:05:ff:20:8a:
         a4:c0:f6:94:26:8e:63:ec:05:54:c8:89:50:95:e9:bb:83:fa:
         41:c6:73:6c:48:5a:dd:c4:46:24:b2:45:9d:3b:1f:6a:72:73:
         ba:85:be:33:5f:59:3d:df:57:02:df:bc:ce:8f:30:53:ec:b5:
         7f:76:13:5c:fe:de:c0:e0:20:d5:a4:d2:05:cf:8e:2e:48:5e:
         e6:65:0b:33:1f:c8:7e:74:62:c8:85:5e:be:e9:a7:98:59:1d:
         ef:f2:0c:b3:69:b9:e2:1d:cd:5f:96:57:6c:f7:88:bc:2c:ce:
         f1:63:cf:5c:2c:1b:56:76:30:c9:3d:3d:8d:18:46:be:c0:ba:
         08:4f:8a:94:b5:8a:12:d5:36:cc:ee:a4:32:c8:57:8d:bc:e3:
         fa:12:36:52:32:15:86:43:94:d9:2c:3a:1d:b9:f3:38:03:9f:
         ce:a3:a8:33:f2:5b:e9:e7:e3:91:84:f5:53:19:ea:2e:cb:9d:
         a2:52:18:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvoeNclp2EbvRk2Z8SnOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYjUxMDBlNzk4ZmFiNzU3N2JmNzI1YWM5NTY5ZWE4MGU2
YzJhMDQwHhcNMjQwMTAyMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmJlYWFmYmQyZTcyM2JlNzEyOTIxOThhY2JhNWJiMjdhNzZkYTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3aLVQcIKKNAqpudQjIKiZQC/tZux
KzacrBXAu9dlE54m5+I/eNnkVErty7/ul0DGLhCL0fMtnXPE2ZBA9kb6QuF1dqPc
uBCHeIN+XRA6O6fCrsIy4EiEvU8uQG71lKTAmc4znTvNmJFC0S+6LZYPFkKHXhTU
pAhFpbSaTYQaMkisuVzEm8Dt8DGHQkcS16vlxsWdRN8dQp/fjeDYNCje/FoQCuqv
mwimB3CMpPmO5/wwj2KNJWcSZpse6Rz0PvC1ix88JRMXRPIQKpXsRtakE1PYqsZN
FXwrmAfIqNshXfSFE3gBlRXEJEfY69qxqN4nlSMuvML5UnblJapP4P9dZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB++qvvS5yO+cSkhmKy6W7J6dtpSMB8GA1UdIwQY
MBaAFCC1EA55j6t1d79yWslWnqgObCoEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUxVUURubVBxM1YzdjNKYXlWYWVxQTVzS2dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS85ZTQ5ZmYtNDI2NC00NjQ3LTk1YTQt
ODAzNzk2NTY5M2EyLzEvSDc2cS05TG5JNzV4S1NHWXJMcGJzbnAyMmxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS85ZTQ5ZmYtNDI2NC00NjQ3LTk1YTQtODAzNzk2NTY5M2Ey
LzEvSUxVUURubVBxM1YzdjNKYXlWYWVxQTVzS2dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUZkMA0G
CSqGSIb3DQEBCwUAA4IBAQBSxmXrK0wUp4TmjHNjztZ4ddBujLIEjDMkWhc9dH1H
WjRfccoR/v3GeKEdKzgQ3C0B02FKQiQgcsyJE6rmp6+ZPfSmcwX/IIqkwPaUJo5j
7AVUyIlQlem7g/pBxnNsSFrdxEYkskWdOx9qcnO6hb4zX1k931cC37zOjzBT7LV/
dhNc/t7A4CDVpNIFz44uSF7mZQszH8h+dGLIhV6+6aeYWR3v8gyzabniHc1fllds
94i8LM7xY89cLBtWdjDJPT2NGEa+wLoIT4qUtYoS1TbM7qQyyFeNvOP6EjZSMhWG
Q5TZLDodufM4A5/Oo6gz8lvp5+ORhPVTGeouy52iUhj9
-----END CERTIFICATE-----