Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2UTlZ4nK77EX3tam3RS7JzUcCOE.roa
File:                     2UTlZ4nK77EX3tam3RS7JzUcCOE.roa (raw, json)
Hash identifier:          JpmN25RJngwVKG/QzWsDGf0ybqVnFqD80A7gvWpIlmY=
Subject key identifier:   D9:44:E5:67:89:CA:EF:B1:17:DE:D6:A6:DD:14:BB:27:35:1C:08:E1
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01913180BA8096B7BB965B51C2BC1757710B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2UTlZ4nK77EX3tam3RS7JzUcCOE.roa
Signing time:             Thu 08 Aug 2024 10:20:05 +0000
ROA not before:           Thu 08 Aug 2024 10:20:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48090
IP address blocks:        195.178.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:31:80:ba:80:96:b7:bb:96:5b:51:c2:bc:17:57:71:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Aug  8 10:20:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d944e56789caefb117ded6a6dd14bb27351c08e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:5d:a0:74:d5:75:e8:fb:f2:f7:66:27:22:6f:
                    5c:86:7a:4c:bf:79:0a:c7:17:db:74:51:9a:52:28:
                    12:f9:98:69:97:a3:f0:e8:1b:fe:f0:2b:a7:24:12:
                    86:49:cd:d2:58:99:00:e3:6d:07:0e:f7:95:d3:63:
                    e7:63:ed:67:1f:6c:d5:3d:07:76:4b:ff:80:5b:cc:
                    d9:da:5f:1b:d2:c0:c5:70:f9:8f:48:71:13:64:34:
                    23:d2:49:c2:ae:84:5e:cb:52:c3:1e:2a:f9:fb:bc:
                    3e:d7:11:e0:c9:64:e1:25:82:6c:9a:20:7f:b8:2b:
                    c4:d8:b1:c5:c9:ae:ff:c0:09:0f:b0:73:b4:4c:69:
                    c7:6b:45:04:98:de:ea:6d:f5:e1:12:ac:ba:55:ca:
                    a3:e4:83:2a:0d:2b:68:da:48:64:63:34:dd:4f:ce:
                    28:92:5a:19:13:7f:48:24:14:e1:34:4a:61:8f:ee:
                    e9:b6:49:11:32:15:8a:b4:8b:b4:47:2b:f8:99:74:
                    08:1e:a2:29:07:9b:3c:eb:c0:f3:54:bb:0d:b1:91:
                    44:d4:72:b7:52:3b:55:d7:3a:65:54:56:b4:09:c5:
                    0b:4b:34:34:82:26:53:92:e9:b6:d6:b0:e8:44:78:
                    f4:51:c7:0c:3a:fd:b3:42:b4:dc:3b:cd:a4:e3:d3:
                    fb:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:44:E5:67:89:CA:EF:B1:17:DE:D6:A6:DD:14:BB:27:35:1C:08:E1
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2UTlZ4nK77EX3tam3RS7JzUcCOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:fe:c0:07:11:e5:fd:07:e1:a7:59:3d:c6:97:c1:80:0b:3e:
         40:7f:a9:ce:06:0f:65:a4:58:a8:cd:79:69:2b:a4:8d:eb:d3:
         af:63:36:c8:51:bc:9e:38:fd:18:83:85:dd:a3:bd:3c:da:d7:
         77:fc:26:52:30:79:a1:12:ba:76:3c:00:5a:0d:9f:8a:be:e5:
         5b:12:0c:11:22:9b:11:57:b4:20:43:be:95:fd:6f:89:d4:1f:
         79:5d:1d:6a:77:77:5f:f7:f9:9f:91:7e:e4:1f:be:3c:10:da:
         c5:c1:61:87:15:f7:43:27:c7:ce:20:c6:85:91:17:79:31:09:
         4e:38:8e:ca:a4:95:64:66:2b:a7:34:25:70:8e:f7:35:36:b5:
         82:30:81:ff:ad:4f:a8:50:1a:b3:3f:36:3e:95:ff:d3:a5:61:
         45:d2:1e:06:47:ce:77:f6:79:bc:f1:d2:4e:b5:28:bf:86:87:
         83:11:a6:e9:70:e2:0d:3b:b0:b7:d2:79:2e:ce:1f:a8:48:15:
         fc:e0:bf:c6:12:51:86:bf:a3:cf:79:ad:ae:1f:07:c7:f2:5f:
         fe:b0:a9:8b:48:00:a8:74:b8:1d:68:83:35:6b:2f:35:24:e9:
         72:64:78:ff:a8:1e:ad:96:ca:40:0d:44:c8:50:1b:a1:80:af:
         e2:45:ec:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZExgLqAlre7lltRwrwXV3ELMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwODA4MTAyMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTQ0ZTU2Nzg5Y2FlZmIxMTdkZWQ2YTZkZDE0YmIyNzM1MWMwOGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1F2gdNV16Pvy92YnIm9chnpMv3kK
xxfbdFGaUigS+Zhpl6Pw6Bv+8CunJBKGSc3SWJkA420HDveV02PnY+1nH2zVPQd2
S/+AW8zZ2l8b0sDFcPmPSHETZDQj0knCroRey1LDHir5+7w+1xHgyWThJYJsmiB/
uCvE2LHFya7/wAkPsHO0TGnHa0UEmN7qbfXhEqy6Vcqj5IMqDSto2khkYzTdT84o
kloZE39IJBThNEphj+7ptkkRMhWKtIu0Ryv4mXQIHqIpB5s868DzVLsNsZFE1HK3
UjtV1zplVFa0CcULSzQ0giZTkum21rDoRHj0UccMOv2zQrTcO82k49P7DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlE5WeJyu+xF97Wpt0Uuyc1HAjhMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMlVUbFo0bks3N0VYM3RhbTNSUzdKelVjQ09FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7JuMA0G
CSqGSIb3DQEBCwUAA4IBAQAa/sAHEeX9B+GnWT3Gl8GACz5Af6nOBg9lpFiozXlp
K6SN69OvYzbIUbyeOP0Yg4Xdo7082td3/CZSMHmhErp2PABaDZ+KvuVbEgwRIpsR
V7QgQ76V/W+J1B95XR1qd3df9/mfkX7kH748ENrFwWGHFfdDJ8fOIMaFkRd5MQlO
OI7KpJVkZiunNCVwjvc1NrWCMIH/rU+oUBqzPzY+lf/TpWFF0h4GR8539nm88dJO
tSi/hoeDEabpcOINO7C30nkuzh+oSBX84L/GElGGv6PPea2uHwfH8l/+sKmLSACo
dLgdaIM1ay81JOlyZHj/qB6tlspADUTIUBuhgK/iReye
-----END CERTIFICATE-----