Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FzjZrBOHr6BufnyTzzboBkoVVpU.roa
File:                     FzjZrBOHr6BufnyTzzboBkoVVpU.roa (raw, json)
Hash identifier:          hNB93Z8ZouTysnXOFVacVHJQgzlabCciofKkSKoyvFc=
Subject key identifier:   17:38:D9:AC:13:87:AF:A0:6E:7E:7C:93:CF:36:E8:06:4A:15:56:95
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DD0C3B6BDE4FBA2DB2441A99F13D67
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FzjZrBOHr6BufnyTzzboBkoVVpU.roa
Signing time:             Tue 02 Jan 2024 06:29:38 +0000
ROA not before:           Tue 02 Jan 2024 06:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210542
IP address blocks:        79.110.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:0c:3b:6b:de:4f:ba:2d:b2:44:1a:99:f1:3d:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1738d9ac1387afa06e7e7c93cf36e8064a155695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:92:7c:fa:29:98:de:76:20:43:5c:9c:fb:23:
                    a6:5a:4a:98:8b:2f:97:4e:47:d6:ba:dc:99:a3:23:
                    f1:63:e7:66:fc:59:84:8d:78:17:db:59:fb:fe:90:
                    af:70:70:91:5d:01:44:69:7d:38:83:01:16:fd:8c:
                    f9:2f:5e:a7:57:b7:4b:5b:a4:d9:8e:9f:25:a0:0f:
                    05:e6:a2:58:c8:c8:20:75:60:f1:5a:b0:d0:02:d7:
                    71:7b:c8:46:8a:27:4f:58:03:29:a7:d5:1a:70:55:
                    47:8b:9e:08:33:36:0a:11:cf:44:1f:d6:2c:37:2b:
                    59:05:b2:d2:c6:51:7b:cb:52:80:58:0c:cc:3f:56:
                    46:a3:62:a6:0a:0f:2f:f1:28:12:0b:16:9c:75:9f:
                    12:ed:82:27:e0:cd:7b:bf:f1:90:df:ed:8b:e7:17:
                    46:86:99:25:ca:1d:41:d8:50:98:80:52:d8:87:1f:
                    36:5c:e7:92:a2:dd:a9:6d:96:48:99:b3:80:ab:c8:
                    18:70:e7:03:2e:00:17:67:2d:c0:17:20:d1:57:42:
                    8f:8c:47:99:96:ea:4a:ef:71:55:82:77:2f:cd:7b:
                    80:96:41:c9:d9:3d:00:b6:7a:ce:c9:7b:66:2d:9e:
                    fc:5d:66:15:52:39:c5:e4:15:f4:17:9a:78:85:73:
                    70:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:38:D9:AC:13:87:AF:A0:6E:7E:7C:93:CF:36:E8:06:4A:15:56:95
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FzjZrBOHr6BufnyTzzboBkoVVpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:a1:78:35:15:65:4a:9c:6c:c6:cc:29:04:82:5b:dc:4e:ee:
         3c:c5:08:f0:5e:cc:c7:bb:2e:5b:08:c4:69:e4:45:d0:9d:25:
         1e:ce:6f:a9:f9:6c:aa:c3:b2:cd:f0:c1:3c:36:66:84:17:33:
         2b:03:e4:26:52:a0:e2:84:fc:c3:60:31:3e:e6:81:a5:87:0b:
         15:fe:21:de:fe:97:96:57:09:5d:17:37:4f:23:00:5f:bd:08:
         71:05:d9:c5:65:4f:fd:7f:d1:2e:1e:2c:80:2c:37:7f:78:6e:
         88:9e:bc:e7:1a:08:80:4a:fa:bc:3c:5e:50:99:2c:5b:a4:e9:
         5b:0f:d2:ff:e7:c3:7b:9b:d8:a9:2e:71:6e:60:5f:a9:fa:d2:
         56:1b:40:0b:03:aa:ea:4a:aa:7d:22:34:0b:5d:7d:f5:ff:37:
         7c:a0:17:8b:11:ab:8a:1e:cf:e6:e9:35:40:96:55:5f:1b:49:
         e7:11:4a:b6:0c:e3:e0:b7:a1:b7:7c:05:8f:a9:36:4a:af:b2:
         db:54:7d:03:ab:20:d7:96:03:b7:04:27:41:23:f7:9b:e9:f2:
         56:5b:ce:89:28:3d:f6:32:af:f4:ec:f0:fe:9d:f4:4a:6f:fd:
         62:c5:ac:50:dd:f8:10:09:68:c9:22:02:55:b7:43:c2:ba:3e:
         ef:be:be:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3Qw7a95Pui2yRBqZ8T1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzM4ZDlhYzEzODdhZmEwNmU3ZTdjOTNjZjM2ZTgwNjRhMTU1Njk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5J8+imY3nYgQ1yc+yOmWkqYiy+X
TkfWutyZoyPxY+dm/FmEjXgX21n7/pCvcHCRXQFEaX04gwEW/Yz5L16nV7dLW6TZ
jp8loA8F5qJYyMggdWDxWrDQAtdxe8hGiidPWAMpp9UacFVHi54IMzYKEc9EH9Ys
NytZBbLSxlF7y1KAWAzMP1ZGo2KmCg8v8SgSCxacdZ8S7YIn4M17v/GQ3+2L5xdG
hpklyh1B2FCYgFLYhx82XOeSot2pbZZImbOAq8gYcOcDLgAXZy3AFyDRV0KPjEeZ
lupK73FVgncvzXuAlkHJ2T0AtnrOyXtmLZ78XWYVUjnF5BX0F5p4hXNw6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBc42awTh6+gbn58k8826AZKFVaVMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRnpqWnJCT0hyNkJ1Zm55VHp6Ym9Ca29WVnBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT24wMA0G
CSqGSIb3DQEBCwUAA4IBAQCAoXg1FWVKnGzGzCkEglvcTu48xQjwXszHuy5bCMRp
5EXQnSUezm+p+Wyqw7LN8ME8NmaEFzMrA+QmUqDihPzDYDE+5oGlhwsV/iHe/peW
VwldFzdPIwBfvQhxBdnFZU/9f9EuHiyALDd/eG6InrznGgiASvq8PF5QmSxbpOlb
D9L/58N7m9ipLnFuYF+p+tJWG0ALA6rqSqp9IjQLXX31/zd8oBeLEauKHs/m6TVA
llVfG0nnEUq2DOPgt6G3fAWPqTZKr7LbVH0DqyDXlgO3BCdBI/eb6fJWW86JKD32
Mq/07PD+nfRKb/1ixaxQ3fgQCWjJIgJVt0PCuj7vvr54
-----END CERTIFICATE-----