Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XI2Xa_9AFBk30UdEVjiuN2Ym5kE.roa
File:                     XI2Xa_9AFBk30UdEVjiuN2Ym5kE.roa (raw, json)
Hash identifier:          H+8DGWM5dzZ+iucTEj+hSnvMPRgT15KNOCkufCBgvvY=
Subject key identifier:   5C:8D:97:6B:FF:40:14:19:37:D1:47:44:56:38:AE:37:66:26:E6:41
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018EA849FF000880DF8F1418529FFA67C9E2
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XI2Xa_9AFBk30UdEVjiuN2Ym5kE.roa
Signing time:             Thu 04 Apr 2024 08:46:45 +0000
ROA not before:           Thu 04 Apr 2024 08:46:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198037
IP address blocks:        94.156.122.0/24 maxlen: 24
                          94.156.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a8:49:ff:00:08:80:df:8f:14:18:52:9f:fa:67:c9:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr  4 08:46:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c8d976bff40141937d147445638ae376626e641
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:0c:15:42:05:55:f8:e4:a5:76:05:a8:73:f4:
                    ca:85:9e:f3:9a:53:43:d1:00:4d:a7:3f:d4:ec:8a:
                    ed:56:1c:3f:96:75:c8:ba:41:72:17:64:28:2d:e0:
                    63:5f:a2:10:4f:e2:90:5f:97:25:05:e1:5a:6a:d6:
                    28:8d:fd:a7:f1:d2:8f:36:a9:5a:8d:36:75:e5:a7:
                    ad:c7:fb:e0:a6:6a:c4:a9:f5:51:67:92:df:eb:b3:
                    f2:95:b3:0b:84:08:e6:38:f0:4b:51:15:92:ef:31:
                    a9:fb:fb:ba:e7:b6:a7:7b:b5:e2:a7:cf:80:41:63:
                    27:ce:bd:47:60:8b:83:1d:7f:d8:63:39:d8:3a:d1:
                    a0:3f:19:28:df:a1:ab:9a:48:a5:1e:a3:8e:27:00:
                    7f:7f:fa:cc:ad:bd:aa:9b:2a:4b:38:31:7a:ad:c8:
                    75:13:98:80:60:4b:a6:66:d8:26:ff:7c:8d:89:fe:
                    56:1b:d1:20:ff:16:30:8d:71:22:c9:12:a5:39:a3:
                    9d:19:70:f2:57:19:2b:26:9c:a9:7b:84:c8:69:07:
                    b8:fa:b0:97:7c:ea:06:c6:36:86:b1:92:2e:bd:8a:
                    ed:23:f2:d4:8f:eb:2c:98:7d:de:e6:9b:de:c7:d0:
                    42:d9:19:43:e1:d6:8d:41:3a:44:80:94:dd:09:65:
                    a2:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:8D:97:6B:FF:40:14:19:37:D1:47:44:56:38:AE:37:66:26:E6:41
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XI2Xa_9AFBk30UdEVjiuN2Ym5kE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.122.0/24
                  94.156.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:74:03:89:72:b3:5e:5c:ca:95:1c:67:a5:73:a5:52:d4:9f:
         eb:47:64:05:9c:fe:d2:8f:4a:fd:bc:aa:b6:cb:1a:65:5f:b2:
         3c:ec:ed:62:fe:b4:1a:2b:84:b1:8a:69:37:53:56:72:0f:54:
         fe:f9:16:ae:68:56:5a:47:3c:0d:e0:19:b3:72:23:c3:ac:81:
         b2:dc:c9:5e:37:fa:67:44:82:b1:f6:aa:bb:d7:f8:ad:27:7b:
         31:45:36:d5:78:81:4d:24:f5:53:fc:a8:28:3e:b8:49:4a:28:
         78:69:37:71:ae:31:e4:27:50:1e:40:2f:cf:83:92:b4:c1:78:
         5d:c0:8a:7a:dc:6e:9d:a1:84:23:8e:80:35:8e:d6:ef:11:0a:
         a5:a3:0d:9d:f2:94:65:03:be:cb:ff:bd:b8:29:29:6a:ce:96:
         0c:95:44:20:8e:b8:b2:76:6e:bd:7a:de:3c:2b:63:db:0f:b0:
         9c:c9:0b:ec:64:5f:9e:63:b9:4a:fa:e7:80:56:2a:ac:55:5d:
         85:4d:20:a3:6b:88:e7:a3:5d:5e:2b:76:90:bd:7e:72:88:a4:
         18:9e:99:36:0a:f9:87:b7:cd:1c:96:68:dd:66:86:7e:92:c9:
         bd:33:06:42:11:19:16:b5:3a:af:00:92:53:01:9f:68:aa:d9:
         f8:f0:d8:e3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6oSf8ACIDfjxQYUp/6Z8niMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNDA0MDg0NjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzhkOTc2YmZmNDAxNDE5MzdkMTQ3NDQ1NjM4YWUzNzY2MjZlNjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2AwVQgVV+OSldgWoc/TKhZ7zmlND
0QBNpz/U7IrtVhw/lnXIukFyF2QoLeBjX6IQT+KQX5clBeFaatYojf2n8dKPNqla
jTZ15aetx/vgpmrEqfVRZ5Lf67PylbMLhAjmOPBLURWS7zGp+/u657ane7Xip8+A
QWMnzr1HYIuDHX/YYznYOtGgPxko36GrmkilHqOOJwB/f/rMrb2qmypLODF6rch1
E5iAYEumZtgm/3yNif5WG9Eg/xYwjXEiyRKlOaOdGXDyVxkrJpype4TIaQe4+rCX
fOoGxjaGsZIuvYrtI/LUj+ssmH3e5pvex9BC2RlD4daNQTpEgJTdCWWiywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFyNl2v/QBQZN9FHRFY4rjdmJuZBMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWEkyWGFfOUFGQmszMFVkRVZqaXVOMlltNWtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXpx6AwQA
XpyDMA0GCSqGSIb3DQEBCwUAA4IBAQA6dAOJcrNeXMqVHGelc6VS1J/rR2QFnP7S
j0r9vKq2yxplX7I87O1i/rQaK4Sximk3U1ZyD1T++RauaFZaRzwN4BmzciPDrIGy
3MleN/pnRIKx9qq71/itJ3sxRTbVeIFNJPVT/KgoPrhJSih4aTdxrjHkJ1AeQC/P
g5K0wXhdwIp63G6doYQjjoA1jtbvEQqlow2d8pRlA77L/724KSlqzpYMlUQgjriy
dm69et48K2PbD7CcyQvsZF+eY7lK+ueAViqsVV2FTSCja4jno11eK3aQvX5yiKQY
npk2CvmHt80clmjdZoZ+ksm9MwZCERkWtTqvAJJTAZ9oqtn48Njj
-----END CERTIFICATE-----