Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FmpSd-wfMRxx4Kl-ZstloozDPNA.roa
File:                     FmpSd-wfMRxx4Kl-ZstloozDPNA.roa (raw, json)
Hash identifier:          2hskqhO3sdL0nrkzDkAXc5P0feuqN+9FqgzfNLCc3dY=
Subject key identifier:   16:6A:52:77:EC:1F:31:1C:71:E0:A9:7E:66:CB:65:A2:8C:C3:3C:D0
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCE9C7173755050EC5AF4AFB30320F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FmpSd-wfMRxx4Kl-ZstloozDPNA.roa
Signing time:             Tue 02 Jan 2024 06:29:30 +0000
ROA not before:           Tue 02 Jan 2024 06:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48917
IP address blocks:        91.92.106.0/23 maxlen: 23
                          87.121.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:e9:c7:17:37:55:05:0e:c5:af:4a:fb:30:32:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=166a5277ec1f311c71e0a97e66cb65a28cc33cd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e1:ee:29:c5:fb:76:fa:87:e4:47:41:0d:6b:
                    01:31:4a:4d:5c:33:79:a1:98:c1:a1:0d:55:0f:98:
                    78:bf:40:b2:f1:ca:0f:ba:11:6b:d5:4c:4c:27:50:
                    5b:61:25:eb:f1:1f:2b:c9:ac:a6:e6:74:64:bd:ab:
                    33:98:c9:2d:2b:89:ee:3a:73:c7:80:08:e4:15:bb:
                    b0:21:d0:06:90:b5:b2:77:06:93:1a:98:85:14:bf:
                    21:70:f6:f9:59:9a:bb:c3:4b:3e:5e:f1:56:1f:b9:
                    c4:fb:66:62:5c:ce:69:ee:bc:2f:50:bf:3d:df:bc:
                    fb:89:c9:a0:20:bc:57:a2:9e:89:20:51:8d:d6:7a:
                    b5:a3:14:72:45:66:cb:39:f8:a5:83:2a:09:16:00:
                    7f:26:3c:64:c5:50:98:62:8e:2c:82:a2:9a:9f:23:
                    3e:62:1b:01:18:39:81:ab:b1:e7:18:4a:1a:ca:33:
                    18:40:51:cf:9d:2e:36:b7:ae:d9:0b:f8:48:0a:82:
                    ae:70:87:7f:61:71:c7:10:39:83:64:dc:04:60:f8:
                    a9:07:3a:c0:3f:c2:2b:cb:ab:06:fc:cc:70:ea:d6:
                    58:c8:72:91:12:79:60:24:57:9f:5a:78:83:ae:4d:
                    cb:8d:64:f9:be:78:f3:22:c9:e1:b5:5a:8c:2a:d6:
                    e5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:6A:52:77:EC:1F:31:1C:71:E0:A9:7E:66:CB:65:A2:8C:C3:3C:D0
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FmpSd-wfMRxx4Kl-ZstloozDPNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.119.0/24
                  91.92.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:5c:44:dd:75:d8:3b:20:6b:09:d5:2f:80:ff:b0:47:f2:5f:
         b1:f8:ab:2e:70:5b:e4:6b:5d:b6:39:18:74:7b:98:13:50:7e:
         43:94:50:d4:4d:97:04:61:3a:19:cc:f3:5d:8f:20:85:06:b3:
         71:f5:66:1f:c9:14:b7:46:81:e2:98:80:44:b8:c3:93:85:e2:
         06:86:d7:a6:f8:34:e6:aa:53:cc:87:52:a1:f8:94:f8:c0:14:
         dc:63:9a:7d:46:f2:4d:b2:fd:b4:27:bd:81:92:64:a2:08:f0:
         f9:26:ec:3c:b5:b3:67:40:da:bd:80:fb:7a:be:49:87:c2:b4:
         09:f8:bb:7c:d4:45:2c:8f:25:ed:3b:8a:9f:8f:55:94:fb:50:
         32:c5:dc:cd:b7:bc:ba:59:62:df:7e:6f:52:0b:d5:37:f7:7d:
         e2:3b:3e:f9:f8:78:95:b4:c6:1d:e7:2b:5b:fd:31:24:f4:a5:
         b5:4b:df:61:09:2c:6d:fc:c8:54:c2:19:b5:b5:10:73:a3:04:
         3b:2a:f3:de:da:15:63:c2:56:d5:17:7e:4e:2b:78:2f:f2:ae:
         b7:4a:a2:c0:a2:3f:85:6d:d1:90:7f:d7:b7:74:cf:5d:4b:84:
         dd:b5:13:9f:29:44:44:f0:6b:27:00:91:90:ed:f2:56:cc:01:
         65:e2:03:1c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3OnHFzdVBQ7Fr0r7MDIPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjZhNTI3N2VjMWYzMTFjNzFlMGE5N2U2NmNiNjVhMjhjYzMzY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOHuKcX7dvqH5EdBDWsBMUpNXDN5
oZjBoQ1VD5h4v0Cy8coPuhFr1UxMJ1BbYSXr8R8ryaym5nRkvaszmMktK4nuOnPH
gAjkFbuwIdAGkLWydwaTGpiFFL8hcPb5WZq7w0s+XvFWH7nE+2ZiXM5p7rwvUL89
37z7icmgILxXop6JIFGN1nq1oxRyRWbLOfilgyoJFgB/JjxkxVCYYo4sgqKanyM+
YhsBGDmBq7HnGEoayjMYQFHPnS42t67ZC/hICoKucId/YXHHEDmDZNwEYPipBzrA
P8Iry6sG/Mxw6tZYyHKREnlgJFefWniDrk3LjWT5vnjzIsnhtVqMKtblLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBZqUnfsHzEcceCpfmbLZaKMwzzQMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRm1wU2Qtd2ZNUnh4NEtsLVpzdGxvb3pEUE5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV3l3AwQB
W1xqMA0GCSqGSIb3DQEBCwUAA4IBAQA8XETdddg7IGsJ1S+A/7BH8l+x+KsucFvk
a122ORh0e5gTUH5DlFDUTZcEYToZzPNdjyCFBrNx9WYfyRS3RoHimIBEuMOTheIG
htem+DTmqlPMh1Kh+JT4wBTcY5p9RvJNsv20J72BkmSiCPD5Juw8tbNnQNq9gPt6
vkmHwrQJ+Lt81EUsjyXtO4qfj1WU+1AyxdzNt7y6WWLffm9SC9U3933iOz75+HiV
tMYd5ytb/TEk9KW1S99hCSxt/MhUwhm1tRBzowQ7KvPe2hVjwlbVF35OK3gv8q63
SqLAoj+FbdGQf9e3dM9dS4TdtROfKURE8GsnAJGQ7fJWzAFl4gMc
-----END CERTIFICATE-----