Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9TochHlWBKyEInzC7IeWK5jjBt8.roa
File:                     9TochHlWBKyEInzC7IeWK5jjBt8.roa (raw, json)
Hash identifier:          7tZ1XGphu4sF2H18jMxyRcgOXQBwWYDM5B9jANRnPpU=
Subject key identifier:   F5:3A:1C:84:79:56:04:AC:84:22:7C:C2:EC:87:96:2B:98:E3:06:DF
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCF2EC14CAAE053F17D8D7469ACB59
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9TochHlWBKyEInzC7IeWK5jjBt8.roa
Signing time:             Tue 02 Jan 2024 06:29:32 +0000
ROA not before:           Tue 02 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60528
IP address blocks:        87.120.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:f2:ec:14:ca:ae:05:3f:17:d8:d7:46:9a:cb:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f53a1c84795604ac84227cc2ec87962b98e306df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:81:a9:13:28:71:89:3f:46:9b:8d:f7:97:eb:
                    c9:d5:f4:ae:8d:fa:2e:d3:3b:24:aa:7c:ba:10:c3:
                    ee:1d:d9:a9:ab:fa:3e:59:56:a8:5b:ff:6e:10:b2:
                    aa:e6:85:db:7b:09:94:c6:5a:37:4e:47:a5:7c:17:
                    db:e2:94:d9:f9:2a:29:3d:67:2d:b2:52:97:68:64:
                    74:bb:37:a9:0a:d5:64:b1:ec:91:3b:9d:b5:44:3c:
                    2b:31:ff:ac:c8:1d:7b:c0:14:5d:16:44:6f:d8:70:
                    08:e9:64:2a:75:45:2d:ee:c9:9a:24:ad:a4:20:32:
                    fd:37:09:2c:55:7d:21:9d:74:25:b9:00:0e:ea:1d:
                    db:33:4b:5a:49:45:52:d8:65:ef:ef:63:f7:9f:db:
                    da:b6:f6:ef:a0:e4:df:2b:14:f4:b3:97:c4:fc:5a:
                    15:b7:f1:ef:b8:3c:3a:68:61:5f:74:8c:42:8e:38:
                    b3:e6:03:20:c1:7b:81:bd:f3:52:ef:22:3f:fe:55:
                    cd:56:c2:99:a1:43:40:ee:42:9c:c8:ef:e2:ed:4c:
                    c8:f7:0f:15:a6:03:d6:f4:02:c9:44:e2:7b:ef:26:
                    70:d8:47:cc:77:5c:da:7a:0f:49:46:2e:19:ed:00:
                    83:67:71:ad:6a:68:67:06:71:df:2f:25:0f:1e:fd:
                    93:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:3A:1C:84:79:56:04:AC:84:22:7C:C2:EC:87:96:2B:98:E3:06:DF
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9TochHlWBKyEInzC7IeWK5jjBt8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:a2:4e:86:19:d6:4b:49:12:9c:32:23:e6:13:8f:9f:94:3c:
         9f:eb:2c:11:e9:6b:cc:2e:cd:61:0c:53:82:9a:b8:75:0f:78:
         47:93:e0:4b:33:38:71:49:1a:05:51:f8:17:4f:71:6c:c8:44:
         2e:95:7f:fc:2f:3c:3b:58:62:52:f6:be:77:07:26:6a:2c:1f:
         03:7c:8e:b1:2d:c1:43:bd:57:e5:ae:3e:33:cf:ca:1e:45:06:
         5b:4d:79:ba:8f:e4:69:15:e6:a7:36:44:fe:6e:6e:86:41:57:
         02:0c:38:85:72:98:a9:83:2c:00:2e:f6:f6:aa:f0:88:46:d6:
         fc:18:b9:8d:49:fa:ae:d5:c6:b7:cb:c4:bc:0b:8b:62:39:e7:
         df:7a:70:e4:4a:19:48:05:37:40:8f:0c:9d:db:a9:5a:59:25:
         57:75:34:78:e7:8b:0a:de:e7:97:3d:d2:e3:2d:7c:cb:a3:98:
         67:96:2b:d0:f5:18:1a:34:e9:fd:ea:98:c6:c1:65:55:c9:96:
         73:4c:10:84:fc:ca:fd:1d:56:90:fb:6e:72:01:ac:4d:36:8b:
         61:99:a0:97:19:d1:a1:1d:18:18:de:48:81:09:11:c4:54:1f:
         6c:8e:d8:55:72:61:67:19:d5:91:d4:65:e8:1d:fd:b6:55:b8:
         04:20:d6:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3PLsFMquBT8X2NdGmstZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTNhMWM4NDc5NTYwNGFjODQyMjdjYzJlYzg3OTYyYjk4ZTMwNmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYGpEyhxiT9Gm433l+vJ1fSujfou
0zskqny6EMPuHdmpq/o+WVaoW/9uELKq5oXbewmUxlo3TkelfBfb4pTZ+SopPWct
slKXaGR0uzepCtVkseyRO521RDwrMf+syB17wBRdFkRv2HAI6WQqdUUt7smaJK2k
IDL9NwksVX0hnXQluQAO6h3bM0taSUVS2GXv72P3n9vatvbvoOTfKxT0s5fE/FoV
t/HvuDw6aGFfdIxCjjiz5gMgwXuBvfNS7yI//lXNVsKZoUNA7kKcyO/i7UzI9w8V
pgPW9ALJROJ77yZw2EfMd1zaeg9JRi4Z7QCDZ3GtamhnBnHfLyUPHv2TeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPU6HIR5VgSshCJ8wuyHliuY4wbfMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOVRvY2hIbFdCS3lFSW56QzdJZVdLNWpqQnQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3ghMA0G
CSqGSIb3DQEBCwUAA4IBAQAcok6GGdZLSRKcMiPmE4+flDyf6ywR6WvMLs1hDFOC
mrh1D3hHk+BLMzhxSRoFUfgXT3FsyEQulX/8Lzw7WGJS9r53ByZqLB8DfI6xLcFD
vVflrj4zz8oeRQZbTXm6j+RpFeanNkT+bm6GQVcCDDiFcpipgywALvb2qvCIRtb8
GLmNSfqu1ca3y8S8C4tiOeffenDkShlIBTdAjwyd26laWSVXdTR454sK3ueXPdLj
LXzLo5hnlivQ9RgaNOn96pjGwWVVyZZzTBCE/Mr9HVaQ+25yAaxNNothmaCXGdGh
HRgY3kiBCRHEVB9sjthVcmFnGdWR1GXoHf22VbgEINaY
-----END CERTIFICATE-----