Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BkYRKveUARCFy2OoEqFLhkUgvBA.roa
File:                     BkYRKveUARCFy2OoEqFLhkUgvBA.roa (raw, json)
Hash identifier:          pB8NEphgr0iolfBipGAPIoYxozMCbl/Z/4gQCZx7Zvw=
Subject key identifier:   06:46:11:2A:F7:94:01:10:85:CB:63:A8:12:A1:4B:86:45:20:BC:10
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCEEC2DA568325726941A144373F4F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BkYRKveUARCFy2OoEqFLhkUgvBA.roa
Signing time:             Tue 02 Jan 2024 06:29:31 +0000
ROA not before:           Tue 02 Jan 2024 06:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51801
IP address blocks:        87.121.122.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:ee:c2:da:56:83:25:72:69:41:a1:44:37:3f:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0646112af794011085cb63a812a14b864520bc10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:79:ad:c1:c5:67:db:05:8b:1b:3d:11:c2:b5:
                    9f:7c:1b:bb:96:59:10:a6:32:71:c2:98:38:76:15:
                    ee:0b:ad:c7:40:9b:b7:7e:db:12:e8:b2:e3:7c:d5:
                    0b:cc:f3:52:9b:11:ce:25:5a:5b:f5:26:91:df:42:
                    87:51:40:0c:52:ee:e6:49:01:0e:28:a6:a5:20:8e:
                    22:e7:a6:05:74:1c:19:7d:71:6c:b3:9b:06:2f:8f:
                    fd:4a:89:f9:58:43:bd:e1:6f:8e:f7:4e:b5:55:20:
                    cf:18:8b:49:1e:8b:92:be:5d:e8:82:58:36:67:9e:
                    63:f0:cb:fb:74:88:00:36:a1:4b:7f:23:6e:5b:bd:
                    19:06:ca:16:9f:5f:52:91:00:41:f7:d8:2b:45:75:
                    89:eb:fe:f6:bc:37:e9:38:b2:8a:b4:5a:59:86:89:
                    f1:57:ea:be:00:27:e6:15:b0:ab:2e:74:8a:51:33:
                    4f:cb:8f:3e:b3:f9:4f:1a:74:88:87:d3:fe:08:e8:
                    00:5e:1b:1f:1e:3e:81:51:68:b7:42:a7:fc:89:fe:
                    af:30:c7:1e:c8:b5:32:1b:01:47:d2:1f:ff:8d:36:
                    04:57:e2:4a:6f:50:4b:19:f6:3a:f7:9e:df:17:4c:
                    af:a3:8b:85:b4:c7:74:ba:46:0a:4c:a5:d2:98:f7:
                    a1:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:46:11:2A:F7:94:01:10:85:CB:63:A8:12:A1:4B:86:45:20:BC:10
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BkYRKveUARCFy2OoEqFLhkUgvBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:10:54:3a:d7:89:a5:0a:f0:ee:55:15:55:71:69:6a:fe:fd:
         31:47:2e:83:ac:25:88:bf:d3:aa:ba:b9:ae:90:26:b3:d7:23:
         96:31:fc:39:02:85:a8:67:e3:46:d5:a1:4f:48:e0:e8:d1:2a:
         2f:5c:1c:9c:4d:8a:a9:80:d4:cc:93:b0:97:24:02:3a:12:df:
         4c:8f:73:92:41:0a:c0:35:28:6a:de:7b:94:bc:e2:4e:ea:b0:
         a9:77:d3:96:ea:4f:07:3d:ab:14:33:db:07:57:35:b2:8e:76:
         ae:e1:25:88:a9:63:73:39:37:b8:cb:9c:a4:69:b2:97:be:62:
         a4:ab:34:96:fb:cc:c9:06:6c:e0:3c:02:c6:84:32:18:86:94:
         58:0d:67:e5:96:70:a8:2d:50:ac:cc:b5:63:5d:02:40:36:09:
         c3:26:d8:67:bb:f3:5a:60:be:49:15:48:23:14:d2:f5:77:09:
         c1:8f:76:e3:e0:cd:cd:62:e8:1a:d7:61:b7:49:86:07:ad:cf:
         f1:d6:ea:d2:3d:79:c9:66:5c:e8:e8:94:b6:95:79:9f:02:a3:
         38:d4:88:b8:b8:af:37:d4:98:94:ec:c1:e8:ef:07:fb:3d:29:
         fc:ee:ad:75:99:f4:b0:12:27:fe:88:62:ea:2a:2e:fb:d9:39:
         ee:de:6a:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3O7C2laDJXJpQaFENz9PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjQ2MTEyYWY3OTQwMTEwODVjYjYzYTgxMmExNGI4NjQ1MjBiYzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHmtwcVn2wWLGz0RwrWffBu7llkQ
pjJxwpg4dhXuC63HQJu3ftsS6LLjfNULzPNSmxHOJVpb9SaR30KHUUAMUu7mSQEO
KKalII4i56YFdBwZfXFss5sGL4/9Son5WEO94W+O9061VSDPGItJHouSvl3oglg2
Z55j8Mv7dIgANqFLfyNuW70ZBsoWn19SkQBB99grRXWJ6/72vDfpOLKKtFpZhonx
V+q+ACfmFbCrLnSKUTNPy48+s/lPGnSIh9P+COgAXhsfHj6BUWi3Qqf8if6vMMce
yLUyGwFH0h//jTYEV+JKb1BLGfY6957fF0yvo4uFtMd0ukYKTKXSmPehFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZGESr3lAEQhctjqBKhS4ZFILwQMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQmtZUkt2ZVVBUkNGeTJPb0VxRkxoa1VndkJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV3l6MA0G
CSqGSIb3DQEBCwUAA4IBAQClEFQ614mlCvDuVRVVcWlq/v0xRy6DrCWIv9Oqurmu
kCaz1yOWMfw5AoWoZ+NG1aFPSODo0SovXBycTYqpgNTMk7CXJAI6Et9Mj3OSQQrA
NShq3nuUvOJO6rCpd9OW6k8HPasUM9sHVzWyjnau4SWIqWNzOTe4y5ykabKXvmKk
qzSW+8zJBmzgPALGhDIYhpRYDWfllnCoLVCszLVjXQJANgnDJthnu/NaYL5JFUgj
FNL1dwnBj3bj4M3NYuga12G3SYYHrc/x1urSPXnJZlzo6JS2lXmfAqM41Ii4uK83
1JiU7MHo7wf7PSn87q11mfSwEif+iGLqKi772Tnu3mry
-----END CERTIFICATE-----