Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CLz7Yp_0WvMtlg-rww2v2TzQMvQ.roa
File:                     CLz7Yp_0WvMtlg-rww2v2TzQMvQ.roa (raw, json)
Hash identifier:          /Kk9OLh5ZT8qVw01RNqIR+DIx5i1qWnNV7OOnkG5ZUQ=
Subject key identifier:   08:BC:FB:62:9F:F4:5A:F3:2D:96:0F:AB:C3:0D:AF:D9:3C:D0:32:F4
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019300B76F2B4545117B08CD493E54EC10D9
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CLz7Yp_0WvMtlg-rww2v2TzQMvQ.roa
Signing time:             Wed 06 Nov 2024 09:04:01 +0000
ROA not before:           Wed 06 Nov 2024 09:04:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214364
IP address blocks:        31.13.212.0/24 maxlen: 24
                          85.217.176.0/22 maxlen: 32
                          87.121.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:00:b7:6f:2b:45:45:11:7b:08:cd:49:3e:54:ec:10:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov  6 09:04:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08bcfb629ff45af32d960fabc30dafd93cd032f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:44:fd:80:0f:07:08:11:97:65:4e:da:fb:b7:
                    9b:b8:1f:6d:0e:df:2b:78:f7:4a:f6:87:10:8e:fb:
                    a5:cc:83:4f:e7:b1:78:e9:3e:f4:96:ea:39:8e:a1:
                    4a:f7:03:47:50:9c:5f:72:4b:7d:ff:ae:f8:d1:1e:
                    ee:d7:95:b9:cc:99:e1:1e:68:51:4c:59:ed:42:d5:
                    d1:c4:b7:32:41:93:98:61:fb:50:d8:6a:a3:dd:93:
                    6e:70:a6:b0:34:ef:58:6d:c0:6d:7b:54:dd:70:40:
                    df:15:c8:fc:f0:81:c5:16:67:dd:54:cd:03:68:e4:
                    9e:9a:06:00:79:1e:61:03:db:76:8a:26:c5:41:a0:
                    6e:66:c2:ee:0f:63:9a:82:40:e1:22:62:5c:fb:06:
                    c3:ba:cd:81:f1:55:bf:e1:ce:d0:fe:e0:4b:c9:75:
                    18:cb:d8:47:a6:36:4c:18:a8:f5:78:92:31:72:f7:
                    fd:78:76:52:8c:76:1d:33:c4:bb:dd:13:57:06:2e:
                    cc:1c:13:38:11:d5:46:01:cf:e1:1d:88:90:c8:a3:
                    68:2f:fc:54:da:79:d9:18:af:2a:47:6c:51:89:16:
                    e0:3f:b0:1b:24:15:58:95:65:92:0c:d4:38:d5:4d:
                    d4:e0:d8:a8:b7:02:99:49:27:63:97:a9:50:01:d2:
                    21:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:BC:FB:62:9F:F4:5A:F3:2D:96:0F:AB:C3:0D:AF:D9:3C:D0:32:F4
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CLz7Yp_0WvMtlg-rww2v2TzQMvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.212.0/24
                  85.217.176.0/22
                  87.121.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:13:e0:27:4f:24:2d:de:8f:03:fe:21:70:c5:91:0e:79:0e:
         ec:91:1c:e2:b9:53:90:d0:0b:53:e1:d5:d7:a6:8d:36:96:b7:
         12:8c:9d:ab:c1:14:d2:2c:5e:16:6d:a6:85:48:98:75:20:b0:
         72:68:ae:8b:c2:43:9d:b6:dd:ff:a4:68:4f:af:ae:cc:98:30:
         67:f9:60:a4:bb:f7:5f:65:0d:35:88:cd:6b:6e:fb:cd:38:1d:
         69:a7:75:b5:03:f6:b6:64:32:28:c0:30:29:7e:d1:91:86:a9:
         10:d1:19:62:28:73:7c:d2:89:c7:8d:ad:d3:8b:e4:87:fa:58:
         08:da:4e:f5:4c:e9:d2:fb:17:94:03:d0:d5:e3:ba:0a:c8:52:
         b6:15:d1:fb:1c:34:be:dd:f1:33:5f:11:25:4c:0d:5f:cd:e0:
         88:aa:e9:57:da:77:1f:4a:0e:a4:90:f2:ba:7a:f4:ae:42:a7:
         5c:be:0c:f5:95:a4:f9:78:2e:ec:9c:67:07:0b:d9:7c:9d:44:
         cf:20:c5:8c:a9:05:49:33:f8:dc:aa:a9:86:9d:db:b6:7d:14:
         a9:57:99:4c:36:8c:21:f7:ce:04:3c:6b:ac:2e:a4:c6:f8:9c:
         7c:23:7b:52:51:30:c8:11:f1:56:97:f0:04:a2:e6:d7:da:16:
         89:ed:a0:8b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZMAt28rRUURewjNST5U7BDZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMTA2MDkwNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGJjZmI2MjlmZjQ1YWYzMmQ5NjBmYWJjMzBkYWZkOTNjZDAzMmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA20T9gA8HCBGXZU7a+7ebuB9tDt8r
ePdK9ocQjvulzINP57F46T70luo5jqFK9wNHUJxfckt9/6740R7u15W5zJnhHmhR
TFntQtXRxLcyQZOYYftQ2Gqj3ZNucKawNO9YbcBte1TdcEDfFcj88IHFFmfdVM0D
aOSemgYAeR5hA9t2iibFQaBuZsLuD2OagkDhImJc+wbDus2B8VW/4c7Q/uBLyXUY
y9hHpjZMGKj1eJIxcvf9eHZSjHYdM8S73RNXBi7MHBM4EdVGAc/hHYiQyKNoL/xU
2nnZGK8qR2xRiRbgP7AbJBVYlWWSDNQ41U3U4NiotwKZSSdjl6lQAdIhgwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAi8+2Kf9FrzLZYPq8MNr9k80DL0MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQ0x6N1lwXzBXdk10bGctcnd3MnYyVHpRTXZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHw3UAwQC
VdmwAwQAV3ncMA0GCSqGSIb3DQEBCwUAA4IBAQCRE+AnTyQt3o8D/iFwxZEOeQ7s
kRziuVOQ0AtT4dXXpo02lrcSjJ2rwRTSLF4WbaaFSJh1ILByaK6LwkOdtt3/pGhP
r67MmDBn+WCku/dfZQ01iM1rbvvNOB1pp3W1A/a2ZDIowDApftGRhqkQ0RliKHN8
0onHja3Ti+SH+lgI2k71TOnS+xeUA9DV47oKyFK2FdH7HDS+3fEzXxElTA1fzeCI
qulX2ncfSg6kkPK6evSuQqdcvgz1laT5eC7snGcHC9l8nUTPIMWMqQVJM/jcqqmG
ndu2fRSpV5lMNowh984EPGusLqTG+Jx8I3tSUTDIEfFWl/AEoubX2haJ7aCL
-----END CERTIFICATE-----