Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/DjEOQhwDVca-5Jxw7p157OYgVp4.roa
File:                     DjEOQhwDVca-5Jxw7p157OYgVp4.roa (raw, json)
Hash identifier:          G7qA1tQQkgNu+U/GR7n1XilEumSlLvz5XnKire5A92M=
Subject key identifier:   0E:31:0E:42:1C:03:55:C6:BE:E4:9C:70:EE:9D:79:EC:E6:20:56:9E
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0194282494FFFB7F94080A63F6E42D0D1634
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/DjEOQhwDVca-5Jxw7p157OYgVp4.roa
Signing time:             Thu 02 Jan 2025 17:51:13 +0000
ROA not before:           Thu 02 Jan 2025 17:51:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60949
IP address blocks:        87.120.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:94:ff:fb:7f:94:08:0a:63:f6:e4:2d:0d:16:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e310e421c0355c6bee49c70ee9d79ece620569e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1b:e5:ce:e7:f2:14:16:0f:5a:f1:c0:41:b2:
                    27:24:db:21:19:50:8a:9e:31:af:f0:26:52:3e:ae:
                    71:b1:b8:20:95:5b:49:5d:14:57:bb:e0:2e:f6:de:
                    71:ee:31:b5:6f:7d:0b:eb:d4:45:51:ae:d8:70:62:
                    38:d5:cc:10:fd:3b:f9:8d:11:59:5b:1c:19:31:c4:
                    1a:f2:24:5f:61:97:b9:71:62:a7:52:ef:ae:ff:15:
                    bb:f1:44:f9:ad:a4:41:8b:31:df:64:b5:1d:4b:ba:
                    12:5a:5f:88:74:c8:98:38:d7:2f:01:d4:64:ba:18:
                    97:88:a0:a7:64:3f:77:c7:45:b7:f5:85:11:a5:86:
                    ea:b0:75:06:86:aa:13:4f:d3:c7:ec:33:26:bf:d0:
                    ff:63:13:98:0a:84:62:77:1b:86:c8:32:cf:58:83:
                    36:45:d1:fa:c5:c8:68:59:6c:76:34:e2:3d:6f:cf:
                    6e:9c:8e:62:90:23:6e:d0:cf:87:aa:cf:77:6a:2b:
                    2b:bd:d1:f3:68:3a:0c:ec:14:d1:c9:fa:f4:40:86:
                    a2:15:24:07:86:b9:f6:1d:a6:1a:5d:d8:87:64:63:
                    b0:3b:2d:13:38:84:92:f0:04:94:8e:a2:e6:82:6a:
                    51:5b:ef:63:c8:f2:1c:3b:88:6c:10:54:10:db:20:
                    af:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:31:0E:42:1C:03:55:C6:BE:E4:9C:70:EE:9D:79:EC:E6:20:56:9E
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/DjEOQhwDVca-5Jxw7p157OYgVp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:d5:55:e2:0f:46:75:b2:85:b3:81:3c:97:1f:a7:ce:e3:b6:
         2e:63:01:27:11:d9:58:e5:6d:e6:bc:a5:de:14:79:39:14:4e:
         c7:b9:82:f1:d2:07:a0:e4:c2:9a:a7:99:4c:75:17:b6:c7:92:
         65:f5:c9:e6:66:51:93:e3:64:a2:bf:59:c7:e3:d9:dd:92:6e:
         0d:84:6a:e8:16:b2:b1:b4:49:77:ef:ac:74:16:25:7d:01:3d:
         3c:54:83:71:ed:b9:3f:61:a0:59:0b:46:02:ac:ad:36:9b:f2:
         76:50:c0:32:57:62:e8:9c:1c:21:74:a6:98:2e:dd:1c:1a:fe:
         4e:07:47:6f:63:1d:f1:e2:a3:3f:77:c1:2a:b4:11:86:26:98:
         89:ed:cb:d4:05:02:c5:eb:a8:0e:83:fc:99:40:e3:36:00:79:
         f1:6c:b7:c6:80:69:a1:1e:8f:bc:87:d0:be:4b:14:79:bd:21:
         c6:1d:3b:46:3a:a8:e9:a2:66:1f:e3:c4:c9:79:34:90:37:7e:
         b7:61:94:81:14:43:d6:96:a5:df:9d:56:8f:48:c9:a1:10:da:
         ba:aa:14:ef:23:9d:2c:a0:c7:6d:8f:84:f9:9a:22:6a:83:e4:
         f8:53:1e:e2:dc:4e:99:de:82:7a:eb:32:c6:74:59:e9:94:fd:
         36:e4:84:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJJT/+3+UCApj9uQtDRY0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTMxMGU0MjFjMDM1NWM2YmVlNDljNzBlZTlkNzllY2U2MjA1NjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhvlzufyFBYPWvHAQbInJNshGVCK
njGv8CZSPq5xsbgglVtJXRRXu+Au9t5x7jG1b30L69RFUa7YcGI41cwQ/Tv5jRFZ
WxwZMcQa8iRfYZe5cWKnUu+u/xW78UT5raRBizHfZLUdS7oSWl+IdMiYONcvAdRk
uhiXiKCnZD93x0W39YURpYbqsHUGhqoTT9PH7DMmv9D/YxOYCoRidxuGyDLPWIM2
RdH6xchoWWx2NOI9b89unI5ikCNu0M+Hqs93aisrvdHzaDoM7BTRyfr0QIaiFSQH
hrn2HaYaXdiHZGOwOy0TOISS8ASUjqLmgmpRW+9jyPIcO4hsEFQQ2yCviwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4xDkIcA1XGvuSccO6deezmIFaeMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRGpFT1Fod0RWY2EtNUp4dzdwMTU3T1lnVnA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3hFMA0G
CSqGSIb3DQEBCwUAA4IBAQAo1VXiD0Z1soWzgTyXH6fO47YuYwEnEdlY5W3mvKXe
FHk5FE7HuYLx0geg5MKap5lMdRe2x5Jl9cnmZlGT42Siv1nH49ndkm4NhGroFrKx
tEl376x0FiV9AT08VINx7bk/YaBZC0YCrK02m/J2UMAyV2LonBwhdKaYLt0cGv5O
B0dvYx3x4qM/d8EqtBGGJpiJ7cvUBQLF66gOg/yZQOM2AHnxbLfGgGmhHo+8h9C+
SxR5vSHGHTtGOqjpomYf48TJeTSQN363YZSBFEPWlqXfnVaPSMmhENq6qhTvI50s
oMdtj4T5miJqg+T4Ux7i3E6Z3oJ66zLGdFnplP025IQL
-----END CERTIFICATE-----