Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/53Dyyt8x5giy37Erl9Q4OiL82R4.roa
File:                     53Dyyt8x5giy37Erl9Q4OiL82R4.roa (raw, json)
Hash identifier:          2t6ihTcdlxeOIWJOdtrTnvTa4TjPf7Jx4hFcJJAhblc=
Subject key identifier:   E7:70:F2:CA:DF:31:E6:08:B2:DF:B1:2B:97:D4:38:3A:22:FC:D9:1E
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018DF05D6359E397D5D96A3DF04E6733D978
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/53Dyyt8x5giy37Erl9Q4OiL82R4.roa
Signing time:             Wed 28 Feb 2024 15:37:48 +0000
ROA not before:           Wed 28 Feb 2024 15:37:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60539
IP address blocks:        87.121.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f0:5d:63:59:e3:97:d5:d9:6a:3d:f0:4e:67:33:d9:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 28 15:37:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e770f2cadf31e608b2dfb12b97d4383a22fcd91e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:fd:96:fb:e8:c7:d2:c8:7e:42:73:94:5e:19:
                    15:6f:c0:8e:2e:38:fe:8b:b6:b0:d9:7c:39:77:cb:
                    fe:37:3f:46:3d:41:84:de:4b:5c:86:4a:5e:37:d4:
                    82:0e:44:e8:4c:18:f6:c4:26:27:68:53:0d:f1:91:
                    c2:56:6e:4e:ac:7d:7d:be:9d:bf:da:60:2c:cc:ca:
                    05:b9:0c:09:9e:a6:90:5b:d7:87:1a:cd:c3:15:65:
                    c9:19:d7:09:a3:4c:0d:6d:c9:c6:d1:70:3e:f5:9b:
                    36:bb:22:34:44:0f:bd:cc:f1:70:b0:2e:47:bb:71:
                    fb:1f:65:87:6d:13:18:d5:04:ce:dc:40:64:f9:04:
                    19:4b:e7:a8:90:c0:c2:e9:96:37:67:ad:88:07:4c:
                    5b:d4:f3:f1:b8:6f:77:71:e0:47:ed:86:79:c2:a5:
                    7e:c0:cc:d6:03:81:bf:a1:d0:a9:0b:e4:2e:ca:9b:
                    f0:11:63:1f:11:a5:39:0c:b0:59:2a:15:39:7d:34:
                    ff:e1:a8:52:75:9e:6b:01:68:8a:ec:fd:18:fa:d7:
                    a3:4b:90:bc:7d:49:8e:ef:e7:25:b2:d6:48:99:e7:
                    6b:81:8d:08:88:ce:fe:5c:bf:2a:b1:a8:18:3c:f0:
                    7a:d6:da:ba:b6:81:17:66:a1:51:ab:3b:1e:2c:01:
                    c9:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:70:F2:CA:DF:31:E6:08:B2:DF:B1:2B:97:D4:38:3A:22:FC:D9:1E
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/53Dyyt8x5giy37Erl9Q4OiL82R4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:06:fb:fa:83:5a:88:40:af:a6:3f:a2:2c:4e:97:7a:86:e6:
         da:fb:82:8f:2d:cb:e4:e0:4a:90:44:f3:54:0f:26:f4:de:37:
         4c:eb:25:8e:40:0e:31:25:db:7e:9d:01:3d:f2:35:95:22:15:
         8f:3d:3f:52:1e:c4:4e:ba:6c:d1:ca:35:45:66:8e:6c:16:01:
         a8:34:bc:ed:f1:42:ae:42:f6:64:1a:37:ee:64:9c:90:aa:d4:
         01:1d:e1:de:41:a4:17:d3:a2:8a:94:c4:b5:b2:9e:31:9d:6f:
         bf:47:0c:f2:71:25:94:fc:db:d9:87:1c:b4:13:95:19:9e:66:
         d3:f4:47:8a:40:e4:2b:83:b0:31:bd:e6:8c:0d:34:c3:f9:31:
         47:32:e0:a8:6d:75:22:3b:a2:93:97:18:44:7a:ee:eb:93:8d:
         46:43:dd:36:50:5b:be:5d:f4:5c:f9:41:37:28:6b:88:ce:87:
         e1:51:72:2a:e3:3d:79:65:c8:29:12:da:36:db:f2:4d:b4:dc:
         5a:9d:71:b0:8f:79:7e:f8:23:5b:91:3f:a2:3e:98:ee:b7:84:
         b4:17:f3:c1:bc:44:72:63:04:b2:63:b9:f3:25:8f:92:34:79:
         40:a5:a2:c5:77:9a:a8:7c:da:4e:13:52:84:88:28:78:11:ca:
         e2:7e:71:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3wXWNZ45fV2Wo98E5nM9l4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjI4MTUzNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzcwZjJjYWRmMzFlNjA4YjJkZmIxMmI5N2Q0MzgzYTIyZmNkOTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApP2W++jH0sh+QnOUXhkVb8COLjj+
i7aw2Xw5d8v+Nz9GPUGE3ktchkpeN9SCDkToTBj2xCYnaFMN8ZHCVm5OrH19vp2/
2mAszMoFuQwJnqaQW9eHGs3DFWXJGdcJo0wNbcnG0XA+9Zs2uyI0RA+9zPFwsC5H
u3H7H2WHbRMY1QTO3EBk+QQZS+eokMDC6ZY3Z62IB0xb1PPxuG93ceBH7YZ5wqV+
wMzWA4G/odCpC+QuypvwEWMfEaU5DLBZKhU5fTT/4ahSdZ5rAWiK7P0Y+tejS5C8
fUmO7+clstZImedrgY0IiM7+XL8qsagYPPB61tq6toEXZqFRqzseLAHJ8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdw8srfMeYIst+xK5fUODoi/NkeMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNTNEeXl0OHg1Z2l5MzdFcmw5UTRPaUw4MlI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3miMA0G
CSqGSIb3DQEBCwUAA4IBAQASBvv6g1qIQK+mP6IsTpd6huba+4KPLcvk4EqQRPNU
Dyb03jdM6yWOQA4xJdt+nQE98jWVIhWPPT9SHsROumzRyjVFZo5sFgGoNLzt8UKu
QvZkGjfuZJyQqtQBHeHeQaQX06KKlMS1sp4xnW+/RwzycSWU/NvZhxy0E5UZnmbT
9EeKQOQrg7AxveaMDTTD+TFHMuCobXUiO6KTlxhEeu7rk41GQ902UFu+XfRc+UE3
KGuIzofhUXIq4z15ZcgpEto22/JNtNxanXGwj3l++CNbkT+iPpjut4S0F/PBvERy
YwSyY7nzJY+SNHlApaLFd5qofNpOE1KEiCh4EcrifnHD
-----END CERTIFICATE-----