Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3-MokDYiX_6AmrsNwobeP5wMoXk.roa
File:                     3-MokDYiX_6AmrsNwobeP5wMoXk.roa (raw, json)
Hash identifier:          8Zl7x5hMDz3+AwvTMBX31XnRj2l06G5+Fk+i4dNUV74=
Subject key identifier:   DF:E3:28:90:36:22:5F:FE:80:9A:BB:0D:C2:86:DE:3F:9C:0C:A1:79
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018EE155E79ACCB352A987C5D7A1C249E604
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3-MokDYiX_6AmrsNwobeP5wMoXk.roa
Signing time:             Mon 15 Apr 2024 10:38:07 +0000
ROA not before:           Mon 15 Apr 2024 10:38:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211619
IP address blocks:        45.9.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e1:55:e7:9a:cc:b3:52:a9:87:c5:d7:a1:c2:49:e6:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 15 10:38:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfe3289036225ffe809abb0dc286de3f9c0ca179
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:53:69:f9:ed:4b:e9:42:41:fc:6f:7d:58:d7:
                    04:54:eb:5d:51:ff:8d:79:6a:d9:5a:4b:d7:79:50:
                    6c:94:60:a6:8d:b2:76:bc:63:cb:fd:4a:37:56:c9:
                    de:f5:19:2a:b3:d3:24:73:c2:46:b8:3e:dd:a3:8c:
                    db:5f:8d:9e:ad:9c:e1:cf:b9:86:06:b4:60:0e:47:
                    7e:9a:97:39:6f:bb:91:ea:4d:e1:03:42:31:aa:95:
                    9f:2c:07:cf:f2:f9:d0:66:07:0c:76:8d:b0:e2:21:
                    a8:f8:11:95:f8:06:38:36:61:89:22:24:fe:8f:02:
                    d9:8e:d0:f9:4e:f6:47:69:cf:b3:2e:24:3c:95:b2:
                    4b:e2:24:85:f6:2a:7d:2d:94:36:e6:99:70:e6:d5:
                    0a:37:47:1a:3a:de:57:e0:d3:bc:e4:43:b5:79:3f:
                    dc:ee:79:1a:c5:79:3b:55:93:eb:cd:81:93:38:28:
                    ae:46:9b:4b:63:9f:87:a2:89:10:0c:b6:3a:cb:df:
                    8d:56:00:be:62:c4:0d:82:b1:f4:5e:7e:e3:e4:45:
                    82:70:9e:a2:ec:75:69:fd:83:33:21:e7:13:01:81:
                    57:cf:f9:39:ce:26:2c:2c:25:21:31:56:98:ec:3a:
                    1a:eb:63:46:da:e7:85:14:78:55:af:31:de:24:c1:
                    cf:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:E3:28:90:36:22:5F:FE:80:9A:BB:0D:C2:86:DE:3F:9C:0C:A1:79
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3-MokDYiX_6AmrsNwobeP5wMoXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:ca:c3:26:f6:9a:d0:60:a7:c3:22:17:5d:cf:a6:47:16:51:
         11:45:b7:02:34:43:02:d6:53:a4:d8:d2:a4:d3:7a:e1:8d:d1:
         56:5e:be:68:e5:bb:45:1d:ea:1b:1b:ab:d6:b3:f9:92:3d:96:
         38:a1:e3:92:5d:4e:8d:94:31:5d:ef:5a:92:f5:68:24:34:42:
         f2:ba:8c:89:81:1e:09:e3:4b:45:25:24:9b:cf:6f:30:77:61:
         65:4f:a9:53:0b:1b:94:b0:c8:fd:bd:63:5b:98:fb:f1:93:ce:
         68:3f:c1:3b:ae:b0:0c:4e:ae:84:d4:54:4c:bf:55:d1:bf:a0:
         01:f8:76:ba:24:46:30:2a:22:03:12:ef:f2:a2:f7:ef:c8:a9:
         f0:49:63:72:53:8f:67:82:1c:4c:42:f0:e7:c7:15:92:8c:ef:
         57:d7:33:15:00:4d:cb:74:c1:ba:9c:54:eb:01:0a:a2:1c:ca:
         79:ed:b7:1e:44:e7:b7:37:ba:c7:c3:fe:8c:23:9b:88:46:f2:
         43:de:0f:54:8e:3a:02:a8:7b:7a:a1:cd:49:a6:c4:f0:16:71:
         2f:66:d2:f5:b1:2d:dc:f6:e4:66:21:2f:b6:44:b1:b7:83:47:
         20:fb:ae:bd:27:b3:29:8d:ac:af:b7:38:26:c6:25:2f:ff:4b:
         04:a3:33:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7hVeeazLNSqYfF16HCSeYEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNDE1MTAzODA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmUzMjg5MDM2MjI1ZmZlODA5YWJiMGRjMjg2ZGUzZjljMGNhMTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1Np+e1L6UJB/G99WNcEVOtdUf+N
eWrZWkvXeVBslGCmjbJ2vGPL/Uo3Vsne9Rkqs9Mkc8JGuD7do4zbX42erZzhz7mG
BrRgDkd+mpc5b7uR6k3hA0IxqpWfLAfP8vnQZgcMdo2w4iGo+BGV+AY4NmGJIiT+
jwLZjtD5TvZHac+zLiQ8lbJL4iSF9ip9LZQ25plw5tUKN0caOt5X4NO85EO1eT/c
7nkaxXk7VZPrzYGTOCiuRptLY5+HookQDLY6y9+NVgC+YsQNgrH0Xn7j5EWCcJ6i
7HVp/YMzIecTAYFXz/k5ziYsLCUhMVaY7Doa62NG2ueFFHhVrzHeJMHPKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/jKJA2Il/+gJq7DcKG3j+cDKF5MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMy1Nb2tEWWlYXzZBbXJzTndvYmVQNXdNb1hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQmcMA0G
CSqGSIb3DQEBCwUAA4IBAQBMysMm9prQYKfDIhddz6ZHFlERRbcCNEMC1lOk2NKk
03rhjdFWXr5o5btFHeobG6vWs/mSPZY4oeOSXU6NlDFd71qS9WgkNELyuoyJgR4J
40tFJSSbz28wd2FlT6lTCxuUsMj9vWNbmPvxk85oP8E7rrAMTq6E1FRMv1XRv6AB
+Ha6JEYwKiIDEu/yovfvyKnwSWNyU49nghxMQvDnxxWSjO9X1zMVAE3LdMG6nFTr
AQqiHMp57bceROe3N7rHw/6MI5uIRvJD3g9UjjoCqHt6oc1JpsTwFnEvZtL1sS3c
9uRmIS+2RLG3g0cg+669J7MpjayvtzgmxiUv/0sEozMG
-----END CERTIFICATE-----