Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8wfAS8zMC2fDl_271QTRBhr2t0s.roa
File:                     8wfAS8zMC2fDl_271QTRBhr2t0s.roa (raw, json)
Hash identifier:          6+IXPG8r1GToTIvdKmtFWCWINsUhH4MK87uLST7LX0c=
Subject key identifier:   F3:07:C0:4B:CC:CC:0B:67:C3:97:FD:BB:D5:04:D1:06:1A:F6:B7:4B
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0190BA55F8E5A31E4689A098B97494D6DA37
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8wfAS8zMC2fDl_271QTRBhr2t0s.roa
Signing time:             Tue 16 Jul 2024 06:58:34 +0000
ROA not before:           Tue 16 Jul 2024 06:58:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        195.178.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 13:02:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ba:55:f8:e5:a3:1e:46:89:a0:98:b9:74:94:d6:da:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul 16 06:58:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f307c04bcccc0b67c397fdbbd504d1061af6b74b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:0f:5d:09:68:18:c0:b9:76:44:81:58:ca:f1:
                    87:3d:eb:07:61:f4:28:55:10:77:1d:75:b0:ef:c0:
                    a4:11:5c:86:62:80:bf:6d:e7:cc:64:49:b8:51:e5:
                    43:4a:52:52:9d:08:8f:b3:1f:1d:49:25:6a:8b:13:
                    cc:7d:40:12:5d:2b:a8:a7:a3:4b:5b:4e:84:70:f4:
                    a4:2b:dd:b5:0c:be:80:b0:77:c8:6d:47:c1:a0:a4:
                    60:df:44:2a:f3:fb:b0:75:1e:ba:3b:f2:c1:20:b7:
                    bc:ba:74:6c:74:4c:c2:57:4c:17:6f:e4:40:df:86:
                    eb:d7:96:75:33:46:6b:ad:22:99:de:3a:bc:e8:ac:
                    64:8a:29:1b:f9:6a:0f:b4:16:db:df:0f:74:2b:68:
                    17:c9:09:72:9d:ef:b7:2a:77:51:0d:07:5a:1d:03:
                    60:67:fb:b7:a3:65:95:f0:8f:1e:ba:c9:ea:40:ce:
                    70:12:37:60:44:6f:ab:20:8e:4d:f5:41:65:34:05:
                    87:0f:65:dd:f8:c0:75:60:90:34:2a:ce:33:33:d3:
                    d3:a2:f2:17:e5:9e:c8:97:97:0b:4d:a5:ef:b9:0f:
                    1d:59:b8:a9:fe:5a:d8:54:b4:a3:f7:f7:a2:55:65:
                    42:7a:c5:69:27:69:cb:87:fc:af:4c:8a:38:e7:ca:
                    74:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:07:C0:4B:CC:CC:0B:67:C3:97:FD:BB:D5:04:D1:06:1A:F6:B7:4B
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8wfAS8zMC2fDl_271QTRBhr2t0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:27:34:c3:31:31:a7:51:e9:27:dd:8d:44:a3:4a:c4:d0:72:
         d8:9b:89:c5:d1:65:b3:d9:20:4d:b4:ba:3d:25:48:da:e0:e3:
         75:b4:59:6a:fb:e1:dc:ac:7b:9d:a7:5b:ce:68:9c:f4:d0:46:
         24:e9:b6:70:57:7b:16:66:e4:7c:28:62:20:f5:08:79:43:c4:
         04:01:34:5e:e1:4c:2e:a6:c5:dc:ec:db:83:79:4a:49:98:58:
         2c:d1:0d:bd:1d:6a:6c:ff:0d:0e:d2:8a:3c:4c:29:5d:0f:fd:
         5c:19:4f:2e:0e:36:e6:4b:52:fd:78:5f:d7:e9:a0:c1:3f:01:
         8e:13:f5:e0:99:e9:b4:e7:c6:a7:f9:41:9c:a8:37:c5:25:f8:
         91:68:7e:3d:19:2c:51:b9:4e:cc:e2:54:7c:7f:c6:85:76:d8:
         0e:57:d2:7d:fd:78:17:7a:58:9c:a3:60:bb:07:4f:d4:e8:39:
         7a:a2:a4:23:cc:95:68:e8:75:4a:3b:8a:46:d0:ee:ef:73:16:
         20:5d:f4:2b:70:0f:b0:66:73:b9:59:f3:77:b0:27:8a:46:18:
         6c:0f:24:f0:bb:54:7c:c9:30:e4:9f:71:23:0c:97:93:de:2e:
         23:66:1f:c9:b4:3a:ce:e5:22:cc:41:21:bf:44:d1:1c:98:7f:
         7b:51:e9:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC6Vfjlox5GiaCYuXSU1to3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNzE2MDY1ODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzA3YzA0YmNjY2MwYjY3YzM5N2ZkYmJkNTA0ZDEwNjFhZjZiNzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQ9dCWgYwLl2RIFYyvGHPesHYfQo
VRB3HXWw78CkEVyGYoC/befMZEm4UeVDSlJSnQiPsx8dSSVqixPMfUASXSuop6NL
W06EcPSkK921DL6AsHfIbUfBoKRg30Qq8/uwdR66O/LBILe8unRsdEzCV0wXb+RA
34br15Z1M0ZrrSKZ3jq86Kxkiikb+WoPtBbb3w90K2gXyQlyne+3KndRDQdaHQNg
Z/u3o2WV8I8eusnqQM5wEjdgRG+rII5N9UFlNAWHD2Xd+MB1YJA0Ks4zM9PTovIX
5Z7Il5cLTaXvuQ8dWbip/lrYVLSj9/eiVWVCesVpJ2nLh/yvTIo458p0zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMHwEvMzAtnw5f9u9UE0QYa9rdLMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOHdmQVM4ek1DMmZEbF8yNzFRVFJCaHIydDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7JvMA0G
CSqGSIb3DQEBCwUAA4IBAQCfJzTDMTGnUekn3Y1Eo0rE0HLYm4nF0WWz2SBNtLo9
JUja4ON1tFlq++HcrHudp1vOaJz00EYk6bZwV3sWZuR8KGIg9Qh5Q8QEATRe4Uwu
psXc7NuDeUpJmFgs0Q29HWps/w0O0oo8TCldD/1cGU8uDjbmS1L9eF/X6aDBPwGO
E/Xgmem058an+UGcqDfFJfiRaH49GSxRuU7M4lR8f8aFdtgOV9J9/XgXelico2C7
B0/U6Dl6oqQjzJVo6HVKO4pG0O7vcxYgXfQrcA+wZnO5WfN3sCeKRhhsDyTwu1R8
yTDkn3EjDJeT3i4jZh/JtDrO5SLMQSG/RNEcmH97Uen4
-----END CERTIFICATE-----