Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0JyvhXd9NB1x3HBurOYxOxgW908.roa
File:                     0JyvhXd9NB1x3HBurOYxOxgW908.roa (raw, json)
Hash identifier:          voSLUDj4h7O5TaGTIPzpKzOM2OFAVm8+uysna9Wc1X8=
Subject key identifier:   D0:9C:AF:85:77:7D:34:1D:71:DC:70:6E:AC:E6:31:3B:18:16:F7:4F
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCE0A282C0370DCE4493757EC195A2
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0JyvhXd9NB1x3HBurOYxOxgW908.roa
Signing time:             Tue 02 Jan 2024 06:29:27 +0000
ROA not before:           Tue 02 Jan 2024 06:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43068
IP address blocks:        93.123.48.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 02:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:e0:a2:82:c0:37:0d:ce:44:93:75:7e:c1:95:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d09caf85777d341d71dc706eace6313b1816f74f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:75:94:d1:52:05:fb:ff:78:34:a9:4b:9e:66:
                    ec:b3:67:99:5f:9e:15:ea:9b:3d:59:20:a2:c6:d4:
                    07:19:ab:6e:20:b2:e9:03:82:ed:1e:90:86:4f:05:
                    eb:ea:37:39:46:38:50:02:3e:17:96:6f:03:66:c7:
                    ed:2b:90:0a:e7:5f:b6:2a:d0:17:e3:20:c0:b1:a5:
                    79:ad:1f:49:83:ef:6c:14:23:ea:f8:23:3c:bb:ff:
                    68:d4:8e:e8:7b:d0:53:53:85:b3:91:68:0e:c9:05:
                    8d:69:4c:c3:02:1e:70:2b:ea:ec:87:92:ac:12:14:
                    db:4a:e5:ae:b2:4e:62:59:77:ef:5b:54:42:78:e5:
                    c6:07:08:df:e9:48:e5:69:dc:e7:ac:a5:eb:d2:e0:
                    61:50:5b:1a:2d:03:d0:88:1a:02:e8:d5:3c:5c:af:
                    5d:a3:9f:9d:c3:af:70:3d:2c:d0:1e:59:19:22:1d:
                    cb:48:6f:8b:df:cf:32:c7:c6:b1:90:d0:66:e7:7c:
                    9b:b1:e7:f9:02:1c:5d:fa:e0:a4:41:68:38:69:f4:
                    ae:76:0c:71:7d:10:ef:93:5a:8f:ef:12:c0:f1:1b:
                    dd:bc:d3:4f:83:cf:65:61:da:ad:10:41:d6:29:c8:
                    bd:d0:7e:9a:a7:b8:21:d6:31:0c:6b:d2:25:c8:60:
                    f7:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:9C:AF:85:77:7D:34:1D:71:DC:70:6E:AC:E6:31:3B:18:16:F7:4F
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0JyvhXd9NB1x3HBurOYxOxgW908.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.123.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         75:7d:93:4d:d8:20:ab:8d:52:cb:62:fc:82:44:20:61:9f:96:
         97:67:7f:7a:a2:91:c3:99:e3:38:78:ec:34:9a:4b:1b:ad:63:
         cd:a8:de:fb:35:f0:06:ee:68:0c:44:0d:95:a9:6e:a0:da:41:
         cf:aa:00:57:68:97:57:51:69:fd:a4:ef:b2:d8:3e:2f:18:55:
         70:e5:c8:fd:5c:23:d0:6c:76:ce:20:6f:58:eb:75:cf:fb:3c:
         34:c6:63:80:9b:7a:f1:c5:35:84:35:18:80:5c:43:ef:c0:75:
         3e:ba:4e:c8:94:b2:91:58:dd:45:48:88:a9:b3:91:fe:ae:4e:
         05:48:e0:3e:b0:ce:44:46:ea:6f:53:a8:f6:8a:f5:66:6b:c2:
         58:a3:02:cb:1d:3c:ba:f2:36:5e:3a:27:33:0b:b5:94:4a:2b:
         33:83:60:b9:b1:5b:e4:5b:df:a4:e9:88:32:64:1d:5b:b2:e4:
         79:48:56:41:d9:17:7b:f2:7f:ec:61:7e:3c:2d:42:84:4c:2c:
         76:af:60:7f:87:5d:e8:26:7d:94:4a:6d:b3:5e:34:9e:94:8a:
         e9:49:d1:78:ea:c9:64:bf:de:ac:18:55:47:37:c0:d3:07:4a:
         17:16:9f:3b:03:19:66:0b:ee:d4:ba:2a:e9:83:02:ad:da:1f:
         fd:8b:44:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3OCigsA3Dc5Ek3V+wZWiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDljYWY4NTc3N2QzNDFkNzFkYzcwNmVhY2U2MzEzYjE4MTZmNzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHWU0VIF+/94NKlLnmbss2eZX54V
6ps9WSCixtQHGatuILLpA4LtHpCGTwXr6jc5RjhQAj4Xlm8DZsftK5AK51+2KtAX
4yDAsaV5rR9Jg+9sFCPq+CM8u/9o1I7oe9BTU4WzkWgOyQWNaUzDAh5wK+rsh5Ks
EhTbSuWusk5iWXfvW1RCeOXGBwjf6UjladznrKXr0uBhUFsaLQPQiBoC6NU8XK9d
o5+dw69wPSzQHlkZIh3LSG+L388yx8axkNBm53ybsef5Ahxd+uCkQWg4afSudgxx
fRDvk1qP7xLA8RvdvNNPg89lYdqtEEHWKci90H6ap7gh1jEMa9IlyGD3vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNCcr4V3fTQdcdxwbqzmMTsYFvdPMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMEp5dmhYZDlOQjF4M0hCdXJPWXhPeGdXOTA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEXXswMA0G
CSqGSIb3DQEBCwUAA4IBAQB1fZNN2CCrjVLLYvyCRCBhn5aXZ396opHDmeM4eOw0
mksbrWPNqN77NfAG7mgMRA2VqW6g2kHPqgBXaJdXUWn9pO+y2D4vGFVw5cj9XCPQ
bHbOIG9Y63XP+zw0xmOAm3rxxTWENRiAXEPvwHU+uk7IlLKRWN1FSIips5H+rk4F
SOA+sM5ERupvU6j2ivVma8JYowLLHTy68jZeOiczC7WUSiszg2C5sVvkW9+k6Ygy
ZB1bsuR5SFZB2Rd78n/sYX48LUKETCx2r2B/h13oJn2USm2zXjSelIrpSdF46slk
v96sGFVHN8DTB0oXFp87AxlmC+7UuirpgwKt2h/9i0Su
-----END CERTIFICATE-----