Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4Vl53MINAJjl9n1RML-OWlhcu-U.roa
File:                     4Vl53MINAJjl9n1RML-OWlhcu-U.roa (raw, json)
Hash identifier:          87ku90RXZsXVsbDqmBlrs8v4utIIl088Sr81Iu+1aUk=
Subject key identifier:   E1:59:79:DC:C2:0D:00:98:E5:F6:7D:51:30:BF:8E:5A:58:5C:BB:E5
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01942824D96BB377BB3D59129231EF7B98E5
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4Vl53MINAJjl9n1RML-OWlhcu-U.roa
Signing time:             Thu 02 Jan 2025 17:51:31 +0000
ROA not before:           Thu 02 Jan 2025 17:51:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400909
IP address blocks:        87.121.114.0/23 maxlen: 23
                          185.252.162.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:d9:6b:b3:77:bb:3d:59:12:92:31:ef:7b:98:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e15979dcc20d0098e5f67d5130bf8e5a585cbbe5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c7:7b:df:f9:2d:3b:fa:fb:c3:54:10:d9:c1:
                    65:13:09:44:c5:8e:2b:d0:cc:1a:af:5b:35:0b:db:
                    43:e7:e0:5c:25:a1:3d:ae:8c:60:2c:9c:a4:12:56:
                    9b:08:0b:0c:f8:67:bc:36:a4:fd:2f:a5:bc:fb:3b:
                    40:29:08:78:5d:df:46:15:d4:c5:6e:44:e6:56:f1:
                    3a:bd:a6:fd:81:ca:53:71:6b:d6:64:7c:5c:8c:d0:
                    c4:69:1d:00:08:73:82:e8:4d:3f:65:31:46:55:3d:
                    4d:44:ab:13:73:aa:e0:f7:3c:da:3e:18:84:61:f1:
                    a8:d0:aa:9e:0c:fe:78:2d:95:f0:a1:84:5a:30:e1:
                    a2:4c:41:88:2a:df:4e:96:e8:f8:57:a7:20:4c:2f:
                    bf:ac:6d:94:25:db:17:f1:e1:a1:1e:8d:0e:aa:c3:
                    7a:98:4b:4e:39:0c:8c:6a:ff:a7:23:7b:c2:89:df:
                    8b:ed:c6:e1:62:f8:e2:27:30:ab:f5:36:23:08:93:
                    4d:01:86:03:db:5b:fa:fb:34:5c:f8:7d:ec:7a:0d:
                    19:e7:15:0c:dc:b5:93:6f:28:f2:cd:83:17:02:9e:
                    8e:be:83:1a:f0:8f:36:fb:f5:dc:2a:50:5d:7d:7a:
                    27:b6:3b:78:40:aa:8a:67:f8:e7:6b:ad:1b:c4:06:
                    de:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:59:79:DC:C2:0D:00:98:E5:F6:7D:51:30:BF:8E:5A:58:5C:BB:E5
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4Vl53MINAJjl9n1RML-OWlhcu-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.114.0/23
                  185.252.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:b2:5a:74:84:b8:e7:fd:f8:11:93:5e:b6:4d:e8:ee:4f:64:
         f4:2c:30:17:65:f8:52:d8:87:1a:bb:e7:13:57:47:33:b1:9f:
         6c:d8:a2:4d:39:13:0a:5f:0d:3d:a0:33:b0:8a:9f:aa:be:61:
         02:ad:ef:6a:54:1c:75:af:5e:fc:fd:2c:9a:85:a7:2d:b3:f6:
         b0:34:5f:2f:df:49:df:01:0f:19:76:6d:9c:c6:cc:1f:c3:4a:
         49:f7:0e:52:a0:1e:63:a2:ca:f9:b8:ff:5b:1e:88:7c:c8:c1:
         dd:7a:ed:31:cc:fe:e6:bc:c0:e8:b5:b2:d9:7c:3b:e1:6a:6d:
         cc:70:a7:16:83:a7:c3:e8:84:7d:ef:4a:1a:9b:ee:d1:c0:b8:
         67:d0:77:88:98:6f:71:23:44:8f:a6:1c:03:4b:3c:9c:d7:f7:
         95:92:60:71:22:26:7f:e8:e4:b3:46:45:7a:80:28:c1:7b:f1:
         b0:14:3d:3e:31:90:44:f6:3b:0e:4d:61:b3:c0:3e:6c:e7:f9:
         4c:fe:10:13:f1:f9:44:8e:3d:70:39:12:20:17:88:2e:42:43:
         f7:ef:55:a7:ef:b7:47:53:2f:ba:c2:d5:c0:39:a7:b7:8c:c6:
         c3:6e:36:30:09:09:98:1c:b5:e5:54:b0:2c:e6:f6:99:bd:99:
         19:21:88:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJNlrs3e7PVkSkjHve5jlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTU5NzlkY2MyMGQwMDk4ZTVmNjdkNTEzMGJmOGU1YTU4NWNiYmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcd73/ktO/r7w1QQ2cFlEwlExY4r
0Mwar1s1C9tD5+BcJaE9roxgLJykElabCAsM+Ge8NqT9L6W8+ztAKQh4Xd9GFdTF
bkTmVvE6vab9gcpTcWvWZHxcjNDEaR0ACHOC6E0/ZTFGVT1NRKsTc6rg9zzaPhiE
YfGo0KqeDP54LZXwoYRaMOGiTEGIKt9Oluj4V6cgTC+/rG2UJdsX8eGhHo0OqsN6
mEtOOQyMav+nI3vCid+L7cbhYvjiJzCr9TYjCJNNAYYD21v6+zRc+H3seg0Z5xUM
3LWTbyjyzYMXAp6OvoMa8I82+/XcKlBdfXontjt4QKqKZ/jna60bxAbeXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOFZedzCDQCY5fZ9UTC/jlpYXLvlMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNFZsNTNNSU5BSmpsOW4xUk1MLU9XbGhjdS1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBV3lyAwQB
ufyiMA0GCSqGSIb3DQEBCwUAA4IBAQAtslp0hLjn/fgRk162TejuT2T0LDAXZfhS
2Icau+cTV0czsZ9s2KJNORMKXw09oDOwip+qvmECre9qVBx1r178/Syahacts/aw
NF8v30nfAQ8Zdm2cxswfw0pJ9w5SoB5josr5uP9bHoh8yMHdeu0xzP7mvMDotbLZ
fDvham3McKcWg6fD6IR970oam+7RwLhn0HeImG9xI0SPphwDSzyc1/eVkmBxIiZ/
6OSzRkV6gCjBe/GwFD0+MZBE9jsOTWGzwD5s5/lM/hAT8flEjj1wORIgF4guQkP3
71Wn77dHUy+6wtXAOae3jMbDbjYwCQmYHLXlVLAs5vaZvZkZIYgH
-----END CERTIFICATE-----