Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/wwEHjFToZEq8WPVEC0aPrYvpSOU.roa
File:                     wwEHjFToZEq8WPVEC0aPrYvpSOU.roa (raw, json)
Hash identifier:          /S1FAczf+3nlMoXpzsZCr6cz1IelFLOxLtq1iJUXRrk=
Subject key identifier:   C3:01:07:8C:54:E8:64:4A:BC:58:F5:44:0B:46:8F:AD:8B:E9:48:E5
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018F481D17FAA10AD31C341D0CDC6811BE5F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/wwEHjFToZEq8WPVEC0aPrYvpSOU.roa
Signing time:             Sun 05 May 2024 09:36:57 +0000
ROA not before:           Sun 05 May 2024 09:36:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206003
IP address blocks:        87.121.124.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:48:1d:17:fa:a1:0a:d3:1c:34:1d:0c:dc:68:11:be:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May  5 09:36:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c301078c54e8644abc58f5440b468fad8be948e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d1:6a:58:59:1a:c5:3f:71:70:27:1e:e5:7e:
                    e7:da:b6:32:37:f2:45:93:34:b9:70:e2:b7:03:43:
                    b0:ec:77:12:ad:95:5a:29:f1:6d:93:7d:e6:00:38:
                    4b:2e:11:38:fa:32:d9:cf:09:2e:68:72:a9:fd:92:
                    e8:8b:dd:04:d5:cf:25:81:45:ac:4a:50:e8:b6:f6:
                    d5:9a:65:14:40:63:ae:ac:01:64:82:0c:5d:aa:87:
                    a8:07:d3:90:0d:7b:9b:1d:67:6c:9f:00:57:eb:63:
                    da:02:69:35:53:64:c2:46:53:57:92:30:8b:b3:ed:
                    a5:17:93:85:64:69:fe:56:53:37:e2:c7:dc:79:e2:
                    e9:1d:2d:61:ef:48:e6:ba:d6:ef:ec:3f:58:b6:c7:
                    6b:11:6b:6e:ec:53:b8:7b:8a:d7:ea:bc:b3:3a:76:
                    1c:b8:6e:d3:67:17:d1:30:c5:f1:4b:95:f9:ff:48:
                    13:aa:7c:1a:c9:13:51:67:15:49:a5:f7:51:de:50:
                    5e:7f:49:fc:41:bc:bf:7d:75:7c:2f:c8:d5:07:29:
                    c2:73:a7:b7:e7:b8:25:f4:06:df:bd:4d:25:60:ba:
                    9a:75:23:42:c4:8d:88:a7:00:97:4a:04:3d:6c:5c:
                    76:8c:12:3e:5b:d2:a6:99:b1:32:95:bc:da:5b:85:
                    07:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:01:07:8C:54:E8:64:4A:BC:58:F5:44:0B:46:8F:AD:8B:E9:48:E5
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/wwEHjFToZEq8WPVEC0aPrYvpSOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:bb:71:ea:d7:43:1c:d1:f9:06:2c:d2:b3:b1:db:ba:7e:80:
         22:c2:4e:e2:9d:ea:e5:bd:49:3a:1b:3f:ff:fa:67:55:7a:27:
         95:b3:41:a1:85:4e:99:07:86:f1:c7:0b:a4:e4:5b:ae:21:11:
         60:db:0f:fd:57:c1:04:53:d9:f9:db:d4:ce:f5:b2:d8:2a:cb:
         ac:5d:07:90:b8:3c:59:44:5f:54:48:a2:a9:37:67:99:6e:b7:
         df:7b:1e:e0:54:d1:88:66:e8:fa:33:70:d5:fa:dd:70:64:3a:
         e8:c7:3e:72:ad:68:89:5f:59:16:72:b1:28:38:65:f8:4b:72:
         bc:b5:d0:63:48:e5:99:51:04:39:98:6f:86:b0:52:f2:98:08:
         d6:91:f5:1b:c0:0d:96:18:dd:01:eb:b8:8c:15:1b:d5:e6:cc:
         a4:2c:e3:f0:f0:1c:de:ce:ae:9d:09:c3:77:df:5c:ff:65:b4:
         de:f2:57:37:6c:32:cf:54:cb:3a:62:07:e9:9e:41:88:56:5c:
         07:09:24:03:5c:90:16:66:9b:0a:7c:5e:d2:49:a6:24:9d:46:
         60:b0:86:64:2a:58:61:88:13:b6:e2:ee:77:49:0e:31:f8:ef:
         1a:a9:43:ae:c4:06:65:47:f6:1e:ff:5a:6b:d4:ac:8c:de:0e:
         fb:f1:0a:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9IHRf6oQrTHDQdDNxoEb5fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNTA1MDkzNjU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzAxMDc4YzU0ZTg2NDRhYmM1OGY1NDQwYjQ2OGZhZDhiZTk0OGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0tFqWFkaxT9xcCce5X7n2rYyN/JF
kzS5cOK3A0Ow7HcSrZVaKfFtk33mADhLLhE4+jLZzwkuaHKp/ZLoi90E1c8lgUWs
SlDotvbVmmUUQGOurAFkggxdqoeoB9OQDXubHWdsnwBX62PaAmk1U2TCRlNXkjCL
s+2lF5OFZGn+VlM34sfceeLpHS1h70jmutbv7D9YtsdrEWtu7FO4e4rX6ryzOnYc
uG7TZxfRMMXxS5X5/0gTqnwayRNRZxVJpfdR3lBef0n8Qby/fXV8L8jVBynCc6e3
57gl9AbfvU0lYLqadSNCxI2IpwCXSgQ9bFx2jBI+W9KmmbEylbzaW4UHRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMMBB4xU6GRKvFj1RAtGj62L6UjlMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvd3dFSGpGVG9aRXE4V1BWRUMwYVByWXZwU09VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV3l8MA0G
CSqGSIb3DQEBCwUAA4IBAQAyu3Hq10Mc0fkGLNKzsdu6foAiwk7inerlvUk6Gz//
+mdVeieVs0GhhU6ZB4bxxwuk5FuuIRFg2w/9V8EEU9n529TO9bLYKsusXQeQuDxZ
RF9USKKpN2eZbrffex7gVNGIZuj6M3DV+t1wZDroxz5yrWiJX1kWcrEoOGX4S3K8
tdBjSOWZUQQ5mG+GsFLymAjWkfUbwA2WGN0B67iMFRvV5sykLOPw8Bzezq6dCcN3
31z/ZbTe8lc3bDLPVMs6YgfpnkGIVlwHCSQDXJAWZpsKfF7SSaYknUZgsIZkKlhh
iBO24u53SQ4x+O8aqUOuxAZlR/Ye/1pr1KyM3g778Qo9
-----END CERTIFICATE-----