Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5taxr5zn6S-boPdVbkOD2EzXf3g.roa
File:                     5taxr5zn6S-boPdVbkOD2EzXf3g.roa (raw, json)
Hash identifier:          IEiXjp1DGzDf0AWBH2j7oEWfOUTe+mmiULZSBk6Jfg0=
Subject key identifier:   E6:D6:B1:AF:9C:E7:E9:2F:9B:A0:F7:55:6E:43:83:D8:4C:D7:7F:78
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018F481D16FFF7069E9FA045F9F898C2A4A0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5taxr5zn6S-boPdVbkOD2EzXf3g.roa
Signing time:             Sun 05 May 2024 09:36:56 +0000
ROA not before:           Sun 05 May 2024 09:36:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50738
IP address blocks:        87.121.124.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:48:1d:16:ff:f7:06:9e:9f:a0:45:f9:f8:98:c2:a4:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May  5 09:36:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6d6b1af9ce7e92f9ba0f7556e4383d84cd77f78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d4:73:6b:eb:b5:1e:f1:30:6f:f0:27:95:12:
                    08:9b:08:95:07:31:1f:1b:b3:d3:99:63:be:78:03:
                    6d:9f:77:54:53:1d:15:83:d2:d0:74:c5:16:72:2e:
                    e7:85:a2:23:0c:23:e4:d6:f1:84:2a:d4:8a:76:a9:
                    2b:9a:c3:42:bf:dc:10:a4:92:fa:43:6e:03:08:88:
                    1b:3a:0b:de:f9:68:cb:7b:d1:a2:ef:28:85:77:22:
                    4c:2f:1f:65:c6:fd:26:74:1a:42:91:4f:b4:49:8d:
                    06:3c:b2:8e:e9:45:f6:65:77:d6:a1:19:ca:f3:d6:
                    d5:21:d5:86:9b:be:d4:94:40:1b:f4:40:12:80:3b:
                    cf:ea:19:dd:b1:75:72:02:e7:af:49:c7:bf:15:47:
                    a5:f7:ff:b2:24:81:24:d0:81:9a:1a:cb:ad:88:de:
                    a6:c2:03:33:50:a5:ba:af:e3:86:26:1c:f6:c5:19:
                    01:7a:f7:5d:32:e2:97:12:be:2c:cd:57:c4:d0:23:
                    c3:bc:31:6f:7e:a6:26:20:c3:d2:bd:9e:78:82:d0:
                    cd:a0:5b:8e:e2:4c:f7:6e:7e:a6:94:22:83:b2:df:
                    2d:99:db:da:b9:a9:99:2c:df:5f:07:55:ae:91:69:
                    1b:b0:32:f3:55:54:23:fc:6e:95:da:9e:f4:6b:b6:
                    86:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:D6:B1:AF:9C:E7:E9:2F:9B:A0:F7:55:6E:43:83:D8:4C:D7:7F:78
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5taxr5zn6S-boPdVbkOD2EzXf3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:55:64:ba:a9:f1:bc:71:8b:f8:ca:d8:2a:d3:95:88:9c:01:
         74:5a:f1:d4:55:25:83:25:ec:b5:91:90:0b:dc:e4:12:ac:af:
         93:52:3e:49:d6:ad:cb:9e:73:43:9d:85:54:dd:0b:08:1b:b3:
         c9:af:08:cf:7d:ed:c3:05:92:78:b6:a2:82:f1:46:c5:cb:ff:
         43:5f:d2:1e:5b:91:71:6d:11:e6:7d:90:8b:9d:ac:c3:88:e0:
         8b:7f:2f:58:92:a0:aa:10:7b:87:51:a3:cb:39:8d:13:da:c8:
         03:02:45:96:34:e5:9f:1f:e8:74:7a:fd:4a:89:90:5e:0b:68:
         4b:4e:d6:6d:f9:d7:5e:44:f2:45:f5:1e:0f:d2:97:d2:3f:48:
         83:af:7f:0f:47:4b:88:33:c1:85:33:25:be:ec:6f:14:50:d3:
         eb:b9:14:ad:1f:dc:b6:f2:89:82:97:a2:9d:b9:e0:20:a2:c5:
         fb:33:53:85:af:fe:0b:24:83:b1:9c:59:d2:10:4e:f9:2b:dc:
         e3:be:bb:38:4b:25:6c:8d:b1:55:ff:13:41:0c:b0:8d:f6:62:
         17:f7:ff:ae:4f:1f:05:19:5c:1a:81:96:54:89:24:22:5e:e9:
         f5:39:f7:a7:55:c9:34:56:18:64:59:37:03:c4:c7:67:a5:9a:
         c2:d7:48:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9IHRb/9waen6BF+fiYwqSgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNTA1MDkzNjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmQ2YjFhZjljZTdlOTJmOWJhMGY3NTU2ZTQzODNkODRjZDc3Zjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNRza+u1HvEwb/AnlRIImwiVBzEf
G7PTmWO+eANtn3dUUx0Vg9LQdMUWci7nhaIjDCPk1vGEKtSKdqkrmsNCv9wQpJL6
Q24DCIgbOgve+WjLe9Gi7yiFdyJMLx9lxv0mdBpCkU+0SY0GPLKO6UX2ZXfWoRnK
89bVIdWGm77UlEAb9EASgDvP6hndsXVyAuevSce/FUel9/+yJIEk0IGaGsutiN6m
wgMzUKW6r+OGJhz2xRkBevddMuKXEr4szVfE0CPDvDFvfqYmIMPSvZ54gtDNoFuO
4kz3bn6mlCKDst8tmdvauamZLN9fB1WukWkbsDLzVVQj/G6V2p70a7aGwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFObWsa+c5+kvm6D3VW5Dg9hM1394MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNXRheHI1em42Uy1ib1BkVmJrT0QyRXpYZjNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV3l8MA0G
CSqGSIb3DQEBCwUAA4IBAQBlVWS6qfG8cYv4ytgq05WInAF0WvHUVSWDJey1kZAL
3OQSrK+TUj5J1q3LnnNDnYVU3QsIG7PJrwjPfe3DBZJ4tqKC8UbFy/9DX9IeW5Fx
bRHmfZCLnazDiOCLfy9YkqCqEHuHUaPLOY0T2sgDAkWWNOWfH+h0ev1KiZBeC2hL
TtZt+ddeRPJF9R4P0pfSP0iDr38PR0uIM8GFMyW+7G8UUNPruRStH9y28omCl6Kd
ueAgosX7M1OFr/4LJIOxnFnSEE75K9zjvrs4SyVsjbFV/xNBDLCN9mIX9/+uTx8F
GVwagZZUiSQiXun1OfenVck0VhhkWTcDxMdnpZrC10gD
-----END CERTIFICATE-----