Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/p3CFgDfPM8bjWOz5VRaGeCMXxpE.roa
File:                     p3CFgDfPM8bjWOz5VRaGeCMXxpE.roa (raw, json)
Hash identifier:          8rwUfwTwmW+W5EjtABIWufM7ouuWz2kzW3ztt7FjviU=
Subject key identifier:   A7:70:85:80:37:CF:33:C6:E3:58:EC:F9:55:16:86:78:23:17:C6:91
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018F0F87CC1416685859CDAB657531F26A24
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/p3CFgDfPM8bjWOz5VRaGeCMXxpE.roa
Signing time:             Wed 24 Apr 2024 09:55:08 +0000
ROA not before:           Wed 24 Apr 2024 09:55:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        87.121.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0f:87:cc:14:16:68:58:59:cd:ab:65:75:31:f2:6a:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 24 09:55:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a770858037cf33c6e358ecf9551686782317c691
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:6c:21:e3:b0:64:cd:ea:1a:2a:94:36:71:be:
                    42:b5:e6:22:70:cd:f3:72:19:e2:bd:53:e8:45:42:
                    b3:09:2a:71:b0:ad:7a:57:3a:0d:64:37:ae:ec:07:
                    0d:a4:3f:c2:ed:0d:d2:aa:cf:43:2a:4b:2a:36:5a:
                    1b:54:b3:ce:71:fb:9e:b9:28:84:95:9a:3e:1c:01:
                    8e:73:72:9b:1c:de:69:4b:9b:db:d6:d0:a6:f5:1c:
                    fb:fb:66:34:71:f2:37:68:09:94:7a:05:04:14:81:
                    53:5f:48:61:d2:9f:8f:53:a7:25:d4:d0:02:f7:22:
                    a0:ef:7b:3d:04:8f:8c:ab:f4:e6:fb:e6:60:ca:82:
                    30:7e:64:a6:80:2a:2c:d1:66:13:29:9f:b0:99:df:
                    60:2f:62:e8:58:88:f9:3f:6c:de:97:59:32:2c:96:
                    22:c5:1c:01:72:1b:f3:53:56:d8:7c:fe:73:da:61:
                    30:0e:cf:5d:d4:d9:45:2f:84:9d:7e:ce:63:80:a4:
                    52:55:b3:b5:13:e1:4a:9e:a3:fd:a4:be:15:57:9f:
                    6f:71:62:c4:1b:2f:b8:c4:98:16:8f:b4:f6:80:e3:
                    de:d3:10:1d:51:9e:fc:4c:f8:85:44:b0:c8:db:23:
                    76:d2:e6:ad:00:f6:45:b5:f8:5d:c4:c5:5f:91:3d:
                    ac:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:70:85:80:37:CF:33:C6:E3:58:EC:F9:55:16:86:78:23:17:C6:91
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/p3CFgDfPM8bjWOz5VRaGeCMXxpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:49:2a:b5:92:51:a7:c6:09:73:49:bb:89:8c:d8:f9:59:d1:
         98:e0:72:7d:cb:93:5c:d6:e2:bc:c6:8e:08:3e:1c:b7:65:aa:
         0d:b4:a8:09:5c:ed:a7:73:4d:88:6e:6f:d3:5c:20:56:bd:c4:
         aa:6b:e1:64:c6:f1:01:fd:ab:0c:f7:8c:14:c5:93:4e:de:38:
         02:67:17:02:3d:51:21:41:66:44:10:49:8b:6a:76:54:16:ed:
         93:69:c3:22:d2:fd:84:20:26:17:49:76:fc:92:a1:04:33:ea:
         86:e5:97:e9:6e:2f:86:bb:14:3b:ed:70:3a:43:c0:94:61:42:
         5f:a5:37:7d:7d:9a:3d:9d:ee:1d:2a:49:dc:c2:81:ef:4c:d8:
         3e:bb:4c:6e:9a:a2:bf:51:81:07:f1:28:ee:2c:6a:cd:af:b1:
         f6:ab:8c:06:73:d6:8c:ed:08:66:ce:5d:c8:db:4e:42:38:b3:
         85:86:b6:c5:87:f5:ce:3a:b4:f4:3c:0b:50:cd:f9:f2:d5:5a:
         03:46:2b:18:d5:4f:9c:43:55:b8:de:cd:ba:dc:36:02:f9:4b:
         42:ce:95:f9:3f:ef:f4:ff:95:ae:9c:f3:83:d1:40:a1:6d:5a:
         88:94:b7:9d:b4:c7:7c:c1:b3:9a:49:fe:73:68:da:ff:15:b5:
         0f:09:91:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8Ph8wUFmhYWc2rZXUx8mokMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNDI0MDk1NTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzcwODU4MDM3Y2YzM2M2ZTM1OGVjZjk1NTE2ODY3ODIzMTdjNjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWwh47BkzeoaKpQ2cb5CteYicM3z
chnivVPoRUKzCSpxsK16VzoNZDeu7AcNpD/C7Q3Sqs9DKksqNlobVLPOcfueuSiE
lZo+HAGOc3KbHN5pS5vb1tCm9Rz7+2Y0cfI3aAmUegUEFIFTX0hh0p+PU6cl1NAC
9yKg73s9BI+Mq/Tm++ZgyoIwfmSmgCos0WYTKZ+wmd9gL2LoWIj5P2zel1kyLJYi
xRwBchvzU1bYfP5z2mEwDs9d1NlFL4Sdfs5jgKRSVbO1E+FKnqP9pL4VV59vcWLE
Gy+4xJgWj7T2gOPe0xAdUZ78TPiFRLDI2yN20uatAPZFtfhdxMVfkT2scwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdwhYA3zzPG41js+VUWhngjF8aRMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcDNDRmdEZlBNOGJqV096NVZSYUdlQ01YeHBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3ktMA0G
CSqGSIb3DQEBCwUAA4IBAQCvSSq1klGnxglzSbuJjNj5WdGY4HJ9y5Nc1uK8xo4I
Phy3ZaoNtKgJXO2nc02Ibm/TXCBWvcSqa+FkxvEB/asM94wUxZNO3jgCZxcCPVEh
QWZEEEmLanZUFu2TacMi0v2EICYXSXb8kqEEM+qG5Zfpbi+GuxQ77XA6Q8CUYUJf
pTd9fZo9ne4dKkncwoHvTNg+u0xumqK/UYEH8SjuLGrNr7H2q4wGc9aM7Qhmzl3I
205COLOFhrbFh/XOOrT0PAtQzfny1VoDRisY1U+cQ1W43s263DYC+UtCzpX5P+/0
/5WunPOD0UChbVqIlLedtMd8wbOaSf5zaNr/FbUPCZFx
-----END CERTIFICATE-----