Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8XyVbkPGOU9GCf00FsDflRliX94.roa
File:                     8XyVbkPGOU9GCf00FsDflRliX94.roa (raw, json)
Hash identifier:          AUU+2AsNwZgqcG++sRzWTm749LYCFwooRLeR1CnGl+c=
Subject key identifier:   F1:7C:95:6E:43:C6:39:4F:46:09:FD:34:16:C0:DF:95:19:62:5F:DE
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D31908944EAC820B7A74053F46B01E136
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8XyVbkPGOU9GCf00FsDflRliX94.roa
Signing time:             Mon 22 Jan 2024 14:26:12 +0000
ROA not before:           Mon 22 Jan 2024 14:26:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215691
IP address blocks:        171.22.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:31:90:89:44:ea:c8:20:b7:a7:40:53:f4:6b:01:e1:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 22 14:26:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f17c956e43c6394f4609fd3416c0df9519625fde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d4:04:c8:f9:c6:4f:9a:4b:19:b8:0e:60:de:
                    52:37:7f:b6:6b:9d:c8:f6:7c:06:52:e8:4a:71:df:
                    6d:66:ac:bf:71:ac:a9:95:55:c2:7b:ad:a4:78:db:
                    57:8c:99:04:1a:86:01:da:5f:09:88:e1:04:27:f0:
                    84:10:0c:6a:48:0d:3e:27:c0:fd:f7:d2:e3:9a:ab:
                    9c:91:ec:d5:70:7f:c1:78:ee:28:bc:8d:f7:52:c4:
                    88:26:9e:cf:f8:12:21:89:38:f6:ce:a0:ac:02:76:
                    66:db:11:81:b4:5a:0d:8d:7e:f4:69:79:d0:9c:2d:
                    20:be:b4:a8:6b:11:4b:6f:56:a0:85:98:7f:f0:60:
                    22:01:d9:d8:21:6b:21:f4:d6:0a:33:ef:f8:ee:57:
                    7f:a2:d8:0d:e4:14:5c:b2:4c:6e:55:2e:d6:db:d2:
                    a1:25:05:a2:22:cf:43:a4:06:1e:d7:75:fa:ba:2e:
                    2c:47:57:5a:8c:62:45:32:41:3f:cf:ca:e1:d6:93:
                    a7:e9:9d:9d:38:6d:fa:74:2c:3c:42:1c:3b:7b:95:
                    25:31:0d:4d:45:51:a2:be:d9:1e:a5:b6:89:c2:ea:
                    49:41:89:0d:86:97:87:83:41:48:89:d3:55:a5:50:
                    73:3d:27:a2:ac:a2:15:9a:93:93:dd:3a:c5:98:2f:
                    c2:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:7C:95:6E:43:C6:39:4F:46:09:FD:34:16:C0:DF:95:19:62:5F:DE
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8XyVbkPGOU9GCf00FsDflRliX94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:d1:be:be:08:19:9f:62:d0:63:86:a7:e2:df:38:a2:27:b4:
         8f:5a:89:1b:d6:c0:41:84:a6:76:86:ee:e2:5b:f2:cf:d0:33:
         66:75:23:41:6c:29:90:44:55:bb:de:43:3e:b2:4d:a4:e3:11:
         1f:5d:c4:5c:85:23:9e:e5:c0:21:35:bf:50:86:96:96:9c:5d:
         e7:12:d2:b3:c7:a0:6b:78:2d:28:64:dd:5c:44:c4:e3:65:5e:
         40:f6:c6:f2:32:97:29:4d:31:d6:97:42:5b:55:14:ec:e0:bf:
         09:fe:4b:c2:51:84:b0:27:51:26:53:fe:99:b9:31:b7:a8:5c:
         26:a9:c6:4e:e3:e4:0c:8a:d3:70:ab:db:6b:55:f5:04:93:f6:
         77:e7:50:93:59:4c:9d:f9:7f:ca:b5:54:14:58:e2:a8:f4:fc:
         17:bd:ef:30:9c:c5:3b:15:39:90:26:5e:c0:e8:72:0f:1d:7f:
         33:cb:c8:8a:c4:7c:d9:08:60:a1:f1:3f:38:bc:c6:27:67:8f:
         e5:e4:38:60:da:e3:d9:04:51:f4:a0:d8:85:f5:f3:bf:2e:21:
         6b:88:c5:19:24:28:91:d5:4b:d4:03:f7:a9:7f:1d:eb:78:20:
         ae:7a:b3:8c:62:fc:3e:8e:df:3e:4f:c6:78:9b:94:fd:7a:3d:
         3d:4d:28:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0xkIlE6sggt6dAU/RrAeE2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTIyMTQyNjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTdjOTU2ZTQzYzYzOTRmNDYwOWZkMzQxNmMwZGY5NTE5NjI1ZmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNQEyPnGT5pLGbgOYN5SN3+2a53I
9nwGUuhKcd9tZqy/cayplVXCe62keNtXjJkEGoYB2l8JiOEEJ/CEEAxqSA0+J8D9
99LjmquckezVcH/BeO4ovI33UsSIJp7P+BIhiTj2zqCsAnZm2xGBtFoNjX70aXnQ
nC0gvrSoaxFLb1aghZh/8GAiAdnYIWsh9NYKM+/47ld/otgN5BRcskxuVS7W29Kh
JQWiIs9DpAYe13X6ui4sR1dajGJFMkE/z8rh1pOn6Z2dOG36dCw8Qhw7e5UlMQ1N
RVGivtkepbaJwupJQYkNhpeHg0FIidNVpVBzPSeirKIVmpOT3TrFmC/CWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPF8lW5DxjlPRgn9NBbA35UZYl/eMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOFh5VmJrUEdPVTlHQ2YwMEZzRGZsUmxpWDk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxYSMA0G
CSqGSIb3DQEBCwUAA4IBAQBJ0b6+CBmfYtBjhqfi3ziiJ7SPWokb1sBBhKZ2hu7i
W/LP0DNmdSNBbCmQRFW73kM+sk2k4xEfXcRchSOe5cAhNb9QhpaWnF3nEtKzx6Br
eC0oZN1cRMTjZV5A9sbyMpcpTTHWl0JbVRTs4L8J/kvCUYSwJ1EmU/6ZuTG3qFwm
qcZO4+QMitNwq9trVfUEk/Z351CTWUyd+X/KtVQUWOKo9PwXve8wnMU7FTmQJl7A
6HIPHX8zy8iKxHzZCGCh8T84vMYnZ4/l5Dhg2uPZBFH0oNiF9fO/LiFriMUZJCiR
1UvUA/epfx3reCCuerOMYvw+jt8+T8Z4m5T9ej09TShY
-----END CERTIFICATE-----