Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-o5bcFrtgUO9-H10easxTvqFis4.roa
File:                     1-o5bcFrtgUO9-H10easxTvqFis4.roa (raw, json)
Hash identifier:          3zzPF0/d9f9QEj9cCzzUzEcr+QKQ1amckYRyB8XdD7E=
Subject key identifier:   FA:8E:5B:70:5A:ED:81:43:BD:F8:7D:74:79:AB:31:4E:FA:85:8A:CE
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCDA7E2E17DCCD8E4EFC9A68412B78
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-o5bcFrtgUO9-H10easxTvqFis4.roa
Signing time:             Tue 02 Jan 2024 06:29:26 +0000
ROA not before:           Tue 02 Jan 2024 06:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31083
IP address blocks:        87.120.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:da:7e:2e:17:dc:cd:8e:4e:fc:9a:68:41:2b:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa8e5b705aed8143bdf87d7479ab314efa858ace
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:12:f1:f2:25:88:fb:cb:35:9e:98:78:71:11:
                    5f:64:1b:2b:bd:58:84:71:d4:8c:5b:26:78:6e:dd:
                    9d:97:ea:42:7a:e5:dc:21:dd:d1:e3:b2:51:cf:4c:
                    f2:64:7f:a5:90:ee:bc:7b:fc:67:dd:77:77:ec:d5:
                    5c:5d:cc:c9:da:90:1e:34:10:55:21:03:f1:3e:39:
                    2f:db:29:c7:f5:53:ee:cd:e5:7b:4c:a6:8a:08:8c:
                    6d:bd:a6:71:42:7e:e8:05:81:d8:18:1a:85:63:b7:
                    93:9a:99:be:d4:bc:34:f5:1a:7c:7c:10:a4:58:dc:
                    7d:63:c5:eb:1c:d7:33:02:96:36:ea:b4:0e:3a:29:
                    ca:73:a8:df:de:9c:54:8c:aa:5f:65:3c:38:b3:c4:
                    f9:d5:69:5a:2d:41:f6:1d:f2:2c:fa:ae:8b:20:49:
                    68:1d:98:c1:46:29:7e:b2:f0:0f:95:a3:6c:fb:71:
                    ed:73:ca:64:2c:48:82:a4:d9:e1:01:e4:1b:d1:1d:
                    ae:3c:0e:3f:f6:5e:c1:42:28:5b:37:67:bf:57:c4:
                    a0:83:06:72:7d:a1:41:c9:a6:bd:75:c3:3c:d9:a5:
                    4a:29:d5:5d:35:8a:0b:db:4e:ed:65:bc:d1:7a:8f:
                    b0:44:d0:f1:9d:f7:82:ae:7d:c7:7c:04:1b:87:28:
                    1e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:8E:5B:70:5A:ED:81:43:BD:F8:7D:74:79:AB:31:4E:FA:85:8A:CE
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-o5bcFrtgUO9-H10easxTvqFis4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:a8:e7:30:ab:4c:28:66:24:11:77:ab:ea:0c:ee:7d:46:4a:
         f2:03:89:8a:34:33:0f:b7:1f:6f:f6:45:a3:6d:73:51:67:4d:
         15:f5:bd:84:a9:7d:a4:c2:99:4d:5b:72:70:a4:77:f2:af:a4:
         aa:2c:43:4b:09:60:a4:8e:6a:9c:5d:80:9c:be:14:52:0e:2a:
         54:da:dc:b3:59:f9:f8:1c:a4:5f:c6:5a:f0:0c:74:b4:0d:87:
         36:a1:ae:b0:b8:75:34:5b:72:9c:46:36:f5:be:e3:4f:f5:bd:
         da:72:e0:84:e8:c8:7c:2b:cc:71:dc:6f:1b:a9:6d:de:f7:ba:
         0e:54:21:9c:0c:52:f7:20:6a:c1:21:f7:b6:1f:4f:1b:72:70:
         4a:ff:ee:3d:38:7b:83:9c:1c:76:0e:fa:12:c1:6d:30:51:f4:
         fb:1c:85:78:a2:ae:3e:20:b4:fc:47:0f:66:1b:91:c2:1e:55:
         e0:60:01:ac:8d:e7:78:2f:10:a3:3b:26:88:6e:1d:1b:90:61:
         9f:5c:0c:5d:c1:52:16:5b:05:7e:88:c0:22:5a:b9:c3:ca:27:
         e5:c3:1b:7f:2c:2a:e8:d9:97:5b:7b:62:ef:4b:07:b7:05:29:
         fb:80:e0:45:dd:03:7a:23:f5:de:72:22:47:f9:91:f9:a7:e0:
         f9:b2:69:cb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3Np+LhfczY5O/JpoQSt4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYThlNWI3MDVhZWQ4MTQzYmRmODdkNzQ3OWFiMzE0ZWZhODU4YWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBLx8iWI+8s1nph4cRFfZBsrvViE
cdSMWyZ4bt2dl+pCeuXcId3R47JRz0zyZH+lkO68e/xn3Xd37NVcXczJ2pAeNBBV
IQPxPjkv2ynH9VPuzeV7TKaKCIxtvaZxQn7oBYHYGBqFY7eTmpm+1Lw09Rp8fBCk
WNx9Y8XrHNczApY26rQOOinKc6jf3pxUjKpfZTw4s8T51WlaLUH2HfIs+q6LIElo
HZjBRil+svAPlaNs+3Htc8pkLEiCpNnhAeQb0R2uPA4/9l7BQihbN2e/V8SggwZy
faFByaa9dcM82aVKKdVdNYoL207tZbzReo+wRNDxnfeCrn3HfAQbhygeKQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPqOW3Ba7YFDvfh9dHmrMU76hYrOMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMS1vNWJjRnJ0Z1VPOS1IMTBlYXN4VHZxRmlzNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcx
Mi8xL0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFd4KTAN
BgkqhkiG9w0BAQsFAAOCAQEAgKjnMKtMKGYkEXer6gzufUZK8gOJijQzD7cfb/ZF
o21zUWdNFfW9hKl9pMKZTVtycKR38q+kqixDSwlgpI5qnF2AnL4UUg4qVNrcs1n5
+BykX8Za8Ax0tA2HNqGusLh1NFtynEY29b7jT/W92nLghOjIfCvMcdxvG6lt3ve6
DlQhnAxS9yBqwSH3th9PG3JwSv/uPTh7g5wcdg76EsFtMFH0+xyFeKKuPiC0/EcP
ZhuRwh5V4GABrI3neC8QozsmiG4dG5Bhn1wMXcFSFlsFfojAIlq5w8on5cMbfywq
6NmXW3ti70sHtwUp+4DgRd0DeiP13nIiR/mR+afg+bJpyw==
-----END CERTIFICATE-----