Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BJDap2gR2L4osfLK3gq4N74M8jA.roa
File:                     BJDap2gR2L4osfLK3gq4N74M8jA.roa (raw, json)
Hash identifier:          22AaMcqfErmpMcvqLLw7D8FGqLxTVVBZUQm0uYrlSXE=
Subject key identifier:   04:90:DA:A7:68:11:D8:BE:28:B1:F2:CA:DE:0A:B8:37:BE:0C:F2:30
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018DC6E6101148E006D7465CA2A3B2667712
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BJDap2gR2L4osfLK3gq4N74M8jA.roa
Signing time:             Tue 20 Feb 2024 14:23:02 +0000
ROA not before:           Tue 20 Feb 2024 14:23:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22781
IP address blocks:        87.121.146.0/24 maxlen: 24
                          87.121.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c6:e6:10:11:48:e0:06:d7:46:5c:a2:a3:b2:66:77:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 20 14:23:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0490daa76811d8be28b1f2cade0ab837be0cf230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ab:81:42:4f:56:22:93:c0:1c:c7:46:4b:0d:
                    97:aa:25:d5:ae:11:b3:c4:c2:39:44:20:27:03:42:
                    24:49:e5:61:e8:13:92:7b:9d:34:5d:eb:1e:0d:ba:
                    e2:d7:e7:a6:3f:ca:fa:db:99:e3:c9:0c:ac:cd:45:
                    56:66:d8:3a:4d:df:69:60:9d:d6:ff:0d:36:88:81:
                    79:6a:b7:cb:b9:13:1c:20:b2:22:af:7c:fa:45:a1:
                    68:4a:26:4a:f4:66:75:d9:0a:bf:10:a6:a1:7f:d0:
                    ca:04:cd:34:9a:d7:9e:3a:a9:51:0b:2a:d6:bc:d7:
                    46:f3:c3:d9:5d:5a:bd:e4:d0:b7:75:72:72:22:b2:
                    59:4a:85:53:f4:bc:bb:ec:3c:9f:d1:58:28:d2:bc:
                    43:ad:b6:a6:f3:7f:55:a2:08:a7:b9:34:c0:47:ce:
                    fe:9a:e1:5f:d0:f4:8e:25:d5:c0:95:45:c1:79:15:
                    18:96:9c:35:ee:16:4a:6d:02:52:60:e7:e9:b0:bf:
                    47:03:14:a6:21:ca:da:95:91:c0:e9:af:67:c9:5f:
                    bf:2a:6a:48:6a:22:f5:ab:62:91:20:16:61:d9:cf:
                    72:a9:dc:4e:0b:e3:f3:49:68:d6:eb:d7:90:08:d6:
                    b8:59:39:2f:e1:d7:97:2c:94:6e:5f:7c:90:fe:7a:
                    1a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:90:DA:A7:68:11:D8:BE:28:B1:F2:CA:DE:0A:B8:37:BE:0C:F2:30
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BJDap2gR2L4osfLK3gq4N74M8jA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:25:dc:9c:d1:5f:ce:cd:1c:8a:7a:6f:87:6b:5b:67:a9:d1:
         ff:23:8d:fb:4b:8c:8b:8c:da:8f:34:07:1f:e6:95:36:29:99:
         1e:3d:64:1c:c5:e8:70:04:7b:9a:db:21:d4:38:ec:d6:ff:a2:
         e2:9d:31:fa:4c:df:eb:34:91:bf:d2:da:3a:cf:2c:6b:bf:e6:
         c5:af:e9:37:06:53:81:e5:11:08:45:b9:2b:fd:09:c6:14:e5:
         65:71:ca:b9:db:a8:0b:cf:26:ff:bd:c1:e8:dd:13:27:23:21:
         4e:1b:cd:aa:e4:cd:d8:a5:68:f9:e5:f1:e5:a3:20:00:22:5d:
         2e:b7:d5:ca:f0:97:93:18:b7:f9:d2:5f:a0:56:b4:21:7b:df:
         22:8f:8d:d5:9b:f8:86:84:d3:08:29:df:39:a7:01:54:d3:cc:
         94:4f:19:fa:28:2a:d1:e7:51:24:e0:b0:b2:62:72:48:7a:01:
         34:4a:c2:3d:1d:ff:45:e0:b6:ea:ee:46:0e:32:14:51:0f:10:
         23:c2:10:ce:c5:75:40:01:e1:b1:49:b2:6e:78:f5:61:62:dc:
         d9:b4:9f:51:b0:79:c5:9b:4b:f0:86:de:ef:f3:5f:f8:d0:b8:
         14:ac:84:f9:30:34:22:c0:f4:93:53:ba:fc:18:ef:98:0c:e7:
         b6:fd:9f:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3G5hARSOAG10ZcoqOyZncSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjIwMTQyMzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDkwZGFhNzY4MTFkOGJlMjhiMWYyY2FkZTBhYjgzN2JlMGNmMjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkquBQk9WIpPAHMdGSw2XqiXVrhGz
xMI5RCAnA0IkSeVh6BOSe500XeseDbri1+emP8r625njyQyszUVWZtg6Td9pYJ3W
/w02iIF5arfLuRMcILIir3z6RaFoSiZK9GZ12Qq/EKahf9DKBM00mteeOqlRCyrW
vNdG88PZXVq95NC3dXJyIrJZSoVT9Ly77Dyf0Vgo0rxDrbam839VoginuTTAR87+
muFf0PSOJdXAlUXBeRUYlpw17hZKbQJSYOfpsL9HAxSmIcralZHA6a9nyV+/KmpI
aiL1q2KRIBZh2c9yqdxOC+PzSWjW69eQCNa4WTkv4deXLJRuX3yQ/noagwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASQ2qdoEdi+KLHyyt4KuDe+DPIwMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQkpEYXAyZ1IyTDRvc2ZMSzNncTRONzRNOGpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV3mSMA0G
CSqGSIb3DQEBCwUAA4IBAQAfJdyc0V/OzRyKem+Ha1tnqdH/I437S4yLjNqPNAcf
5pU2KZkePWQcxehwBHua2yHUOOzW/6LinTH6TN/rNJG/0to6zyxrv+bFr+k3BlOB
5REIRbkr/QnGFOVlccq526gLzyb/vcHo3RMnIyFOG82q5M3YpWj55fHloyAAIl0u
t9XK8JeTGLf50l+gVrQhe98ij43Vm/iGhNMIKd85pwFU08yUTxn6KCrR51Ek4LCy
YnJIegE0SsI9Hf9F4Lbq7kYOMhRRDxAjwhDOxXVAAeGxSbJuePVhYtzZtJ9RsHnF
m0vwht7v81/40LgUrIT5MDQiwPSTU7r8GO+YDOe2/Z94
-----END CERTIFICATE-----