Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/q_eiXiwRRDm0NmiKs34m_7SbL2c.roa
File:                     q_eiXiwRRDm0NmiKs34m_7SbL2c.roa (raw, json)
Hash identifier:          xaSX2Zjy4Si9nDEE3Y4euzCiDfjVbTng7CWBT2LS2pI=
Subject key identifier:   AB:F7:A2:5E:2C:11:44:39:B4:36:68:8A:B3:7E:26:FF:B4:9B:2F:67
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018F5470EA5454C445270A55A2C75731F4A5
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/q_eiXiwRRDm0NmiKs34m_7SbL2c.roa
Signing time:             Tue 07 May 2024 19:03:57 +0000
ROA not before:           Tue 07 May 2024 19:03:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400866
IP address blocks:        193.148.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:54:70:ea:54:54:c4:45:27:0a:55:a2:c7:57:31:f4:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May  7 19:03:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abf7a25e2c114439b436688ab37e26ffb49b2f67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ca:a7:49:21:6f:32:48:64:5d:ab:40:c5:04:
                    00:54:07:86:b3:10:28:0d:ae:08:77:a3:a2:4d:c1:
                    af:e2:e5:3d:1f:e2:e0:ab:5e:8b:cf:09:12:d5:f2:
                    f9:c0:67:22:df:12:b7:a8:a6:1d:07:fc:e9:c3:8a:
                    73:96:a6:2c:a9:27:13:1c:5c:cc:f6:31:fc:79:77:
                    4b:4b:e3:0c:f6:3f:f9:b8:85:ff:62:08:8b:84:36:
                    54:c2:9c:94:0b:8a:4c:d9:1e:3a:e3:09:69:ba:a3:
                    51:ae:eb:fb:97:1b:57:8c:79:fc:da:95:23:d6:ed:
                    56:55:15:bb:d4:df:09:ba:72:b8:7c:59:55:14:d6:
                    ee:90:9f:21:88:21:99:3c:14:36:d1:50:58:5a:e6:
                    71:06:04:6e:02:7c:57:ee:8e:35:48:d4:a5:13:f6:
                    a1:a8:10:bd:d9:02:b7:05:1a:3f:06:ff:56:63:3e:
                    4b:8b:67:fe:10:0b:ba:76:81:17:be:07:0c:00:1b:
                    4e:30:b2:2a:7f:bc:4b:d0:9b:40:da:b9:47:ca:a7:
                    6b:6c:2c:a4:21:56:f8:d5:d9:0a:5e:a8:ba:b0:4a:
                    52:dd:b0:a2:31:b4:c7:1b:4c:e6:15:74:f5:8e:f6:
                    04:29:71:1b:4a:72:48:cd:12:63:f5:30:3e:fb:29:
                    0c:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:F7:A2:5E:2C:11:44:39:B4:36:68:8A:B3:7E:26:FF:B4:9B:2F:67
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/q_eiXiwRRDm0NmiKs34m_7SbL2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.148.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:ac:ce:4b:49:65:33:81:c5:28:7a:8b:41:8f:80:d9:c4:3b:
         d0:60:be:4f:77:bc:d5:76:ca:fb:85:49:75:07:a3:1c:f1:6c:
         d5:64:8c:97:90:ab:39:47:ea:71:e8:3e:aa:3f:8d:ba:31:6e:
         e9:c1:b5:f3:a3:b0:dc:c1:93:9e:89:a8:18:64:da:92:98:96:
         d6:0d:76:0a:1b:7d:2c:77:2a:4a:66:ba:8c:8f:a4:14:49:e0:
         19:67:b7:af:02:9b:ba:f7:2e:e7:40:5c:89:cd:e2:ab:0f:b0:
         73:4a:dd:fe:a2:da:8d:da:fd:56:eb:58:8a:ca:41:f3:f3:18:
         d0:a7:5c:c9:b4:e7:e6:ec:94:35:1f:98:49:b7:c4:1c:dd:f1:
         7c:0b:60:c9:f1:09:f5:e7:f7:14:93:8a:ca:05:77:e5:b3:06:
         90:9e:13:32:85:38:77:40:8b:06:bd:a1:44:9b:1a:da:c8:47:
         ff:b1:6f:34:be:8c:da:e6:13:bc:76:52:2c:3b:05:fa:73:0a:
         6d:31:57:b7:e6:7a:77:ab:6e:7e:50:db:5f:9c:6f:c8:6e:29:
         a2:99:24:99:bb:aa:ab:51:ad:27:cd:b4:06:7d:d1:80:5e:3e:
         e3:54:f2:06:d2:5d:d8:55:51:46:74:de:0b:e4:55:d0:ed:5a:
         b5:9b:4b:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9UcOpUVMRFJwpVosdXMfSlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNTA3MTkwMzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmY3YTI1ZTJjMTE0NDM5YjQzNjY4OGFiMzdlMjZmZmI0OWIyZjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cqnSSFvMkhkXatAxQQAVAeGsxAo
Da4Id6OiTcGv4uU9H+Lgq16LzwkS1fL5wGci3xK3qKYdB/zpw4pzlqYsqScTHFzM
9jH8eXdLS+MM9j/5uIX/YgiLhDZUwpyUC4pM2R464wlpuqNRruv7lxtXjHn82pUj
1u1WVRW71N8JunK4fFlVFNbukJ8hiCGZPBQ20VBYWuZxBgRuAnxX7o41SNSlE/ah
qBC92QK3BRo/Bv9WYz5Li2f+EAu6doEXvgcMABtOMLIqf7xL0JtA2rlHyqdrbCyk
IVb41dkKXqi6sEpS3bCiMbTHG0zmFXT1jvYEKXEbSnJIzRJj9TA++ykMSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKv3ol4sEUQ5tDZoirN+Jv+0my9nMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcV9laVhpd1JSRG0wTm1pS3MzNG1fN1NiTDJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZT9MA0G
CSqGSIb3DQEBCwUAA4IBAQBGrM5LSWUzgcUoeotBj4DZxDvQYL5Pd7zVdsr7hUl1
B6Mc8WzVZIyXkKs5R+px6D6qP426MW7pwbXzo7DcwZOeiagYZNqSmJbWDXYKG30s
dypKZrqMj6QUSeAZZ7evApu69y7nQFyJzeKrD7BzSt3+otqN2v1W61iKykHz8xjQ
p1zJtOfm7JQ1H5hJt8Qc3fF8C2DJ8Qn15/cUk4rKBXflswaQnhMyhTh3QIsGvaFE
mxrayEf/sW80voza5hO8dlIsOwX6cwptMVe35np3q25+UNtfnG/IbimimSSZu6qr
Ua0nzbQGfdGAXj7jVPIG0l3YVVFGdN4L5FXQ7Vq1m0sb
-----END CERTIFICATE-----