Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FFGrwT8kZJlOdpHlmn99mYC86Eo.roa
File:                     FFGrwT8kZJlOdpHlmn99mYC86Eo.roa (raw, json)
Hash identifier:          KIPqT4OqXj2Kqib9EJ3a5DN97rD6fXad3vMlQxnLWn4=
Subject key identifier:   14:51:AB:C1:3F:24:64:99:4E:76:91:E5:9A:7F:7D:99:80:BC:E8:4A
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D99660250755B5117A60BA872E5CB476A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FFGrwT8kZJlOdpHlmn99mYC86Eo.roa
Signing time:             Sun 11 Feb 2024 18:20:15 +0000
ROA not before:           Sun 11 Feb 2024 18:20:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215569
IP address blocks:        84.54.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:99:66:02:50:75:5b:51:17:a6:0b:a8:72:e5:cb:47:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 11 18:20:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1451abc13f2464994e7691e59a7f7d9980bce84a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:36:85:2e:52:f8:d5:c8:ae:88:06:aa:5d:b6:
                    7b:f2:0a:54:18:21:1a:88:60:88:20:28:25:b1:b3:
                    b8:a1:7b:01:50:5e:b6:8f:7a:2c:0d:bd:a8:1b:d2:
                    8a:79:97:a3:92:4d:58:a2:e9:80:e4:ad:35:0a:73:
                    27:92:ef:43:42:c1:fc:60:35:fb:28:57:d2:eb:1c:
                    18:68:69:3c:2b:fd:bc:da:8f:f7:fd:6a:39:02:2e:
                    93:dd:a9:8b:66:0b:3b:58:f0:69:63:35:43:cf:4b:
                    50:94:7b:de:3b:b2:51:12:7f:29:3e:b3:db:6b:e4:
                    d8:05:db:d3:60:77:e6:18:ca:54:2b:3e:7a:e4:91:
                    d3:af:b1:b8:04:82:64:c3:c0:ad:7b:ba:e6:d7:5f:
                    41:de:bd:46:dc:35:b4:c3:aa:22:8f:25:ef:14:2f:
                    c8:7b:56:28:d7:4a:2f:83:f0:0c:f1:85:93:c6:a4:
                    e7:98:8c:5c:5e:61:a9:49:e2:b9:e5:0c:12:fe:e7:
                    8d:2d:9d:9f:b4:77:d3:81:61:75:d7:08:08:71:b8:
                    7e:f1:eb:0c:18:24:ce:bf:7f:a7:c3:a9:37:d3:23:
                    c0:f8:30:e5:b7:0a:49:06:bb:fc:f2:c5:79:e2:87:
                    49:f2:35:05:62:6a:ca:26:5c:86:56:37:54:20:94:
                    5c:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:51:AB:C1:3F:24:64:99:4E:76:91:E5:9A:7F:7D:99:80:BC:E8:4A
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FFGrwT8kZJlOdpHlmn99mYC86Eo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:b2:9c:b0:c9:82:99:86:a2:0f:de:d5:06:3f:61:35:b5:c8:
         f1:18:16:17:d4:47:9c:c0:85:db:25:b3:c9:16:47:7a:47:90:
         0d:87:fd:83:88:c3:47:3b:24:3e:86:c0:d2:83:02:18:ff:61:
         4e:90:76:8f:29:e4:2b:8c:52:dd:e4:17:68:e7:47:eb:d3:61:
         98:ce:18:57:1a:c7:3f:28:3d:e0:cb:23:12:8b:aa:e2:8d:51:
         ad:14:1d:1f:e5:98:b7:05:90:11:17:18:19:ef:8c:2a:09:97:
         86:d5:15:a5:dd:4c:f4:b4:11:05:ec:1d:b3:8d:ea:cc:9d:8c:
         c0:9a:c7:b7:2c:aa:21:57:e4:8e:ad:97:22:39:1c:e7:02:e1:
         7c:6a:97:38:74:a3:74:46:96:de:2a:62:20:86:da:99:ae:be:
         a7:e1:2b:d1:69:ee:bc:dc:60:53:ea:d8:ee:6b:cc:e3:24:cc:
         02:4d:3c:ea:e2:48:fa:6e:5d:a2:cb:c5:90:c6:1b:c1:32:0c:
         61:b4:2c:33:90:f0:45:5f:5f:2c:ee:07:66:1f:e0:7c:64:6b:
         b2:e7:30:51:1b:c7:8b:2f:26:05:0f:db:a0:15:a6:ae:8a:ef:
         93:d8:cf:a1:30:2e:f5:04:f7:b0:76:f7:0c:7a:bd:62:bd:7b:
         3a:24:81:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2ZZgJQdVtRF6YLqHLly0dqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjExMTgyMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDUxYWJjMTNmMjQ2NDk5NGU3NjkxZTU5YTdmN2Q5OTgwYmNlODRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzaFLlL41ciuiAaqXbZ78gpUGCEa
iGCIICglsbO4oXsBUF62j3osDb2oG9KKeZejkk1YoumA5K01CnMnku9DQsH8YDX7
KFfS6xwYaGk8K/282o/3/Wo5Ai6T3amLZgs7WPBpYzVDz0tQlHveO7JREn8pPrPb
a+TYBdvTYHfmGMpUKz565JHTr7G4BIJkw8Cte7rm119B3r1G3DW0w6oijyXvFC/I
e1Yo10ovg/AM8YWTxqTnmIxcXmGpSeK55QwS/ueNLZ2ftHfTgWF11wgIcbh+8esM
GCTOv3+nw6k30yPA+DDltwpJBrv88sV54odJ8jUFYmrKJlyGVjdUIJRc6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRRq8E/JGSZTnaR5Zp/fZmAvOhKMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRkZHcndUOGtaSmxPZHBIbG1uOTltWUM4NkVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVDYwMA0G
CSqGSIb3DQEBCwUAA4IBAQByspywyYKZhqIP3tUGP2E1tcjxGBYX1EecwIXbJbPJ
Fkd6R5ANh/2DiMNHOyQ+hsDSgwIY/2FOkHaPKeQrjFLd5Bdo50fr02GYzhhXGsc/
KD3gyyMSi6rijVGtFB0f5Zi3BZARFxgZ74wqCZeG1RWl3Uz0tBEF7B2zjerMnYzA
mse3LKohV+SOrZciORznAuF8apc4dKN0RpbeKmIghtqZrr6n4SvRae683GBT6tju
a8zjJMwCTTzq4kj6bl2iy8WQxhvBMgxhtCwzkPBFX18s7gdmH+B8ZGuy5zBRG8eL
LyYFD9ugFaauiu+T2M+hMC71BPewdvcMer1ivXs6JIEU
-----END CERTIFICATE-----