Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2b4BmtAyyFNN_79ZtHts6czrInQ.roa
File:                     2b4BmtAyyFNN_79ZtHts6czrInQ.roa (raw, json)
Hash identifier:          oqiRKSmyVFv6DTM9yEE9L6R8SMBMFRDPTjlqh8/5JQY=
Subject key identifier:   D9:BE:01:9A:D0:32:C8:53:4D:FF:BF:59:B4:7B:6C:E9:CC:EB:22:74
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DD0A82E200A6C4D9520DCDC2CB1DD8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2b4BmtAyyFNN_79ZtHts6czrInQ.roa
Signing time:             Tue 02 Jan 2024 06:29:38 +0000
ROA not before:           Tue 02 Jan 2024 06:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209628
IP address blocks:        87.121.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:0a:82:e2:00:a6:c4:d9:52:0d:cd:c2:cb:1d:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9be019ad032c8534dffbf59b47b6ce9cceb2274
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:2c:9f:52:34:e1:07:66:04:e1:d9:fe:ae:47:
                    a3:3c:33:60:1f:08:7f:b2:83:a5:2b:7d:aa:80:f6:
                    bb:64:4f:f5:74:6f:27:e3:3f:16:eb:27:de:86:bf:
                    ad:71:27:27:95:8e:44:10:bf:c9:d1:eb:0e:08:81:
                    b8:10:fc:d4:3d:0e:ae:98:b2:64:c9:1b:f4:ba:f4:
                    3e:22:96:73:67:a1:b9:f0:60:69:fb:c6:c7:8e:ec:
                    9f:da:0f:5b:6c:f1:1a:22:7d:21:2b:9e:72:9f:0b:
                    d6:f8:ba:c9:41:dc:c8:7a:97:19:7b:09:97:36:f4:
                    15:e3:8e:4d:87:8f:4b:e4:7c:ad:d2:74:95:cd:82:
                    bc:46:f6:81:65:6d:a4:85:1c:ed:b2:34:bc:c9:19:
                    71:b0:5c:09:20:27:c9:12:b8:4d:19:6a:3f:50:df:
                    0e:e2:96:c8:1d:7b:bd:68:27:1c:c2:db:9f:ed:3d:
                    74:53:ac:4c:a1:9b:a0:d3:32:0c:30:62:db:4c:c6:
                    ae:91:55:7b:c3:91:b9:93:f1:00:42:86:72:4f:05:
                    6a:e6:85:ad:22:d9:2f:d7:dd:90:b8:e1:d6:f3:29:
                    fc:31:24:b5:dc:b8:82:c5:c4:93:af:19:d9:4c:80:
                    53:3f:8c:bc:50:18:e8:59:ae:8b:76:84:b9:96:05:
                    a4:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:BE:01:9A:D0:32:C8:53:4D:FF:BF:59:B4:7B:6C:E9:CC:EB:22:74
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2b4BmtAyyFNN_79ZtHts6czrInQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:fb:fc:0a:49:68:e0:78:0c:86:f8:16:5b:a6:1d:9e:d8:b8:
         de:06:d3:74:1a:5c:a9:a6:8d:8f:ab:38:92:02:a4:70:eb:1c:
         40:06:9d:01:8f:f0:1a:42:99:86:b6:f2:61:a4:44:50:1c:f6:
         b3:6b:44:4b:fd:14:b2:b9:1f:ed:9e:fc:5c:ca:28:da:90:80:
         3f:12:fe:fc:b1:bc:25:04:06:20:06:c3:c9:30:9b:2e:3e:41:
         ed:ba:87:7f:eb:73:ba:16:2e:d4:81:30:cc:50:5e:a1:e9:b3:
         6b:cf:03:1b:f6:c3:3c:a0:d5:70:7e:00:c9:ea:34:49:23:36:
         89:42:96:dd:39:77:f4:e4:22:67:1b:e1:82:96:f9:10:6f:3f:
         b9:65:f3:5d:f9:78:d1:31:19:0f:94:fe:c4:9d:de:d3:e6:b4:
         d5:b9:1b:90:11:1e:3e:76:05:85:75:21:53:8a:fa:cc:04:f7:
         27:61:40:e7:74:94:99:9f:61:a8:48:15:9c:d7:58:3e:b1:64:
         b0:24:5e:62:a8:e0:33:b8:9f:06:0d:78:79:21:7c:80:e4:20:
         d9:98:68:77:fa:90:9a:eb:ed:71:6f:d1:38:ca:15:96:2b:ff:
         51:2d:35:e9:12:35:21:5d:17:61:17:65:71:4c:7d:6b:22:62:
         11:8a:1a:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3QqC4gCmxNlSDc3Cyx3YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWJlMDE5YWQwMzJjODUzNGRmZmJmNTliNDdiNmNlOWNjZWIyMjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSyfUjThB2YE4dn+rkejPDNgHwh/
soOlK32qgPa7ZE/1dG8n4z8W6yfehr+tcScnlY5EEL/J0esOCIG4EPzUPQ6umLJk
yRv0uvQ+IpZzZ6G58GBp+8bHjuyf2g9bbPEaIn0hK55ynwvW+LrJQdzIepcZewmX
NvQV445Nh49L5Hyt0nSVzYK8RvaBZW2khRztsjS8yRlxsFwJICfJErhNGWo/UN8O
4pbIHXu9aCccwtuf7T10U6xMoZug0zIMMGLbTMaukVV7w5G5k/EAQoZyTwVq5oWt
Itkv192QuOHW8yn8MSS13LiCxcSTrxnZTIBTP4y8UBjoWa6LdoS5lgWkEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNm+AZrQMshTTf+/WbR7bOnM6yJ0MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMmI0Qm10QXl5Rk5OXzc5WnRIdHM2Y3pySW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3k2MA0G
CSqGSIb3DQEBCwUAA4IBAQCc+/wKSWjgeAyG+BZbph2e2LjeBtN0Glyppo2PqziS
AqRw6xxABp0Bj/AaQpmGtvJhpERQHPaza0RL/RSyuR/tnvxcyijakIA/Ev78sbwl
BAYgBsPJMJsuPkHtuod/63O6Fi7UgTDMUF6h6bNrzwMb9sM8oNVwfgDJ6jRJIzaJ
QpbdOXf05CJnG+GClvkQbz+5ZfNd+XjRMRkPlP7End7T5rTVuRuQER4+dgWFdSFT
ivrMBPcnYUDndJSZn2GoSBWc11g+sWSwJF5iqOAzuJ8GDXh5IXyA5CDZmGh3+pCa
6+1xb9E4yhWWK/9RLTXpEjUhXRdhF2VxTH1rImIRihps
-----END CERTIFICATE-----