Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4bc3THuw3CPO9LDfnJTdVVu0OgE.roa
File:                     4bc3THuw3CPO9LDfnJTdVVu0OgE.roa (raw, json)
Hash identifier:          hyNAgIhs6fjiekzPnn+j/xrzZlWkpWrwwnbGhvDy8pM=
Subject key identifier:   E1:B7:37:4C:7B:B0:DC:23:CE:F4:B0:DF:9C:94:DD:55:5B:B4:3A:01
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01919C9FCA1B08A6B7C9461DE09D2DE160C6
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4bc3THuw3CPO9LDfnJTdVVu0OgE.roa
Signing time:             Thu 29 Aug 2024 05:33:23 +0000
ROA not before:           Thu 29 Aug 2024 05:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        194.55.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9c:9f:ca:1b:08:a6:b7:c9:46:1d:e0:9d:2d:e1:60:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Aug 29 05:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1b7374c7bb0dc23cef4b0df9c94dd555bb43a01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:db:d1:b4:e0:aa:4d:58:da:7e:c3:5e:82:df:
                    87:a5:0b:9e:ba:83:af:2a:07:63:70:4c:f5:e2:58:
                    80:62:e0:d9:50:24:8b:c9:6c:33:12:a8:9c:50:6e:
                    0c:dd:26:81:6c:b3:96:11:fc:ed:dc:69:33:3a:bb:
                    08:24:64:fa:8a:cc:ea:21:bc:21:d1:b6:ec:d3:60:
                    45:24:6c:d0:63:f3:69:93:7e:08:a0:ef:34:11:5f:
                    8c:62:f4:be:68:10:48:38:e2:2a:ce:0a:f0:88:7f:
                    fb:d3:79:72:52:b5:34:68:91:0e:e6:b8:6e:68:8c:
                    31:10:cd:00:cc:de:8b:b5:61:92:fe:65:3b:66:a0:
                    e8:1e:f6:ed:e7:8c:64:55:15:ae:e4:7a:5a:9b:94:
                    d0:36:a7:dc:02:c5:f0:5d:61:68:a6:ae:33:41:c3:
                    c7:a3:a7:36:1a:17:2a:5c:70:e0:27:b8:00:6a:62:
                    a2:3b:c3:8d:ff:fc:b5:45:68:45:82:0d:3c:0c:37:
                    ca:45:12:08:92:2f:84:be:71:b8:07:09:b4:72:a9:
                    ad:fe:b3:71:0e:f0:1c:e8:25:be:ad:4e:9a:eb:0e:
                    28:dc:01:98:77:39:63:96:f7:68:95:b5:11:ec:3e:
                    ea:35:73:b6:53:08:ed:1b:a6:9d:7e:12:14:7b:23:
                    85:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:B7:37:4C:7B:B0:DC:23:CE:F4:B0:DF:9C:94:DD:55:5B:B4:3A:01
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4bc3THuw3CPO9LDfnJTdVVu0OgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.55.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:4b:d3:5f:cf:aa:59:d8:33:d7:2c:f7:e8:05:28:49:f2:af:
         12:d8:62:fe:42:8c:9e:ea:5d:87:4f:1d:79:e0:54:b2:60:a9:
         56:9a:c7:0f:cf:b9:b0:4b:19:1c:00:b6:98:a8:81:12:7d:4f:
         df:6a:d5:2e:8f:db:bc:c1:72:15:ea:76:cc:a3:a5:ac:77:e2:
         2f:fa:c8:55:41:6a:21:16:6c:e9:e8:ba:99:84:a9:c7:d6:a9:
         bd:18:30:47:48:82:03:1a:47:94:a2:f1:93:96:0f:55:0c:15:
         af:4d:27:9d:04:0a:50:78:66:ea:b6:87:1c:c1:ea:2e:dd:e3:
         fb:e5:74:79:b6:1c:ce:92:87:ee:fb:69:f2:cb:19:57:7e:cb:
         fa:25:d7:68:02:3d:64:23:1b:a0:52:d2:5d:50:b0:bf:09:67:
         b3:16:32:c2:6b:e2:e3:99:b9:fc:94:e0:d2:d7:b4:8c:95:5c:
         17:63:60:0f:9f:77:3b:37:49:e2:5b:26:97:f0:03:da:7c:05:
         c2:45:c5:66:ad:d8:7d:97:3d:e3:20:ba:d1:1b:25:b6:b2:13:
         8b:41:08:c3:43:55:ba:d7:e3:ec:18:13:5c:03:0d:c9:64:8a:
         4b:0c:a8:bc:b5:cd:ab:51:d5:56:7f:2a:cd:cf:cb:77:40:f5:
         63:fb:58:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGcn8obCKa3yUYd4J0t4WDGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwODI5MDUzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWI3Mzc0YzdiYjBkYzIzY2VmNGIwZGY5Yzk0ZGQ1NTViYjQzYTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1dvRtOCqTVjafsNegt+HpQueuoOv
KgdjcEz14liAYuDZUCSLyWwzEqicUG4M3SaBbLOWEfzt3GkzOrsIJGT6iszqIbwh
0bbs02BFJGzQY/Npk34IoO80EV+MYvS+aBBIOOIqzgrwiH/703lyUrU0aJEO5rhu
aIwxEM0AzN6LtWGS/mU7ZqDoHvbt54xkVRWu5Hpam5TQNqfcAsXwXWFopq4zQcPH
o6c2GhcqXHDgJ7gAamKiO8ON//y1RWhFgg08DDfKRRIIki+EvnG4Bwm0cqmt/rNx
DvAc6CW+rU6a6w4o3AGYdzljlvdolbUR7D7qNXO2UwjtG6adfhIUeyOF/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOG3N0x7sNwjzvSw35yU3VVbtDoBMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNGJjM1RIdXczQ1BPOUxEZm5KVGRWVnUwT2dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjfhMA0G
CSqGSIb3DQEBCwUAA4IBAQA5S9Nfz6pZ2DPXLPfoBShJ8q8S2GL+Qoye6l2HTx15
4FSyYKlWmscPz7mwSxkcALaYqIESfU/fatUuj9u8wXIV6nbMo6Wsd+Iv+shVQWoh
Fmzp6LqZhKnH1qm9GDBHSIIDGkeUovGTlg9VDBWvTSedBApQeGbqtoccweou3eP7
5XR5thzOkofu+2nyyxlXfsv6JddoAj1kIxugUtJdULC/CWezFjLCa+Ljmbn8lODS
17SMlVwXY2APn3c7N0niWyaX8APafAXCRcVmrdh9lz3jILrRGyW2shOLQQjDQ1W6
1+PsGBNcAw3JZIpLDKi8tc2rUdVWfyrNz8t3QPVj+1h+
-----END CERTIFICATE-----