Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HgeVJceisBE1VlVo1a6sHL-Ys4A.roa
File:                     HgeVJceisBE1VlVo1a6sHL-Ys4A.roa (raw, json)
Hash identifier:          wk+p4F5qpmod/MWFRdMIqDuxeetSeCt4hOuqMayyUVk=
Subject key identifier:   1E:07:95:25:C7:A2:B0:11:35:56:55:68:D5:AE:AC:1C:BF:98:B3:80
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019570B40222A23524AEBF825856FB25150A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HgeVJceisBE1VlVo1a6sHL-Ys4A.roa
Signing time:             Fri 07 Mar 2025 13:03:20 +0000
ROA not before:           Fri 07 Mar 2025 13:03:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215411
IP address blocks:        87.121.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:70:b4:02:22:a2:35:24:ae:bf:82:58:56:fb:25:15:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar  7 13:03:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e079525c7a2b01135565568d5aeac1cbf98b380
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:48:64:8e:c0:af:50:88:8c:10:88:cc:01:87:
                    de:84:de:dc:e5:48:b1:43:2e:cf:d0:54:50:56:5e:
                    bb:91:1c:6d:bb:27:be:a8:eb:57:08:f8:31:68:59:
                    53:b9:a7:f8:8b:b3:4a:08:f2:81:f4:06:e6:3e:a9:
                    f1:52:15:21:f2:63:2c:86:13:92:a6:bb:2e:20:61:
                    65:f0:48:10:b1:f2:22:f1:a9:eb:b2:92:bd:c5:0d:
                    d4:4a:0f:53:81:95:01:df:16:e1:4b:1e:99:6f:48:
                    48:9e:46:f2:d5:37:f2:07:6d:a5:0c:21:97:04:16:
                    f7:77:b7:94:f2:5f:69:62:e0:ff:f2:ea:f8:5c:52:
                    13:a5:3b:54:81:3b:00:dc:62:e9:bc:23:e5:0f:b5:
                    28:70:f9:d9:c0:78:20:c3:6d:9e:a4:d2:7b:76:39:
                    9e:4b:d2:e7:d8:4d:ef:7b:f1:c3:dc:3f:9e:77:5a:
                    36:19:f0:3b:97:b7:03:02:cd:41:58:db:a0:58:8a:
                    90:b9:57:d6:8d:57:87:b4:67:87:9f:d6:68:1d:a3:
                    e6:8b:d0:da:4b:7f:07:3b:ed:83:9e:ff:c2:ea:5e:
                    d8:e3:18:ce:3c:43:3c:b4:c5:84:e7:df:ae:18:c1:
                    33:62:a7:25:f6:08:ac:73:ab:0d:8d:a3:fa:32:55:
                    0e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:07:95:25:C7:A2:B0:11:35:56:55:68:D5:AE:AC:1C:BF:98:B3:80
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HgeVJceisBE1VlVo1a6sHL-Ys4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:dc:f7:c4:2a:b8:78:ed:f5:4a:7e:8a:dd:1e:0c:7f:22:97:
         ae:1e:d5:e5:04:b3:8b:f5:5f:0d:ac:82:91:11:f6:a0:82:3c:
         66:6f:65:07:0f:48:ae:6a:55:ad:09:69:4d:d5:3d:e0:2f:b4:
         b6:1d:e0:59:ff:22:bc:45:0d:b7:40:57:f1:e2:a7:3f:a8:00:
         1c:66:08:d7:e5:6d:df:86:90:34:97:43:75:9d:ad:6c:16:8a:
         8c:27:cb:2f:70:a7:3c:02:64:0a:11:5f:17:07:63:7e:40:9e:
         b5:0f:f3:e1:83:01:23:9e:73:c9:99:02:82:25:82:32:1e:36:
         9c:3d:cb:3b:61:45:de:c2:0d:af:e0:40:86:f9:53:31:17:0a:
         e7:e2:33:8e:40:38:4f:95:26:54:9d:1a:09:94:36:00:a6:c5:
         13:0d:a9:cd:36:c5:73:0f:35:92:ea:0d:96:36:70:c7:e5:df:
         bd:e8:cd:9f:63:6e:29:91:cf:6a:da:31:c8:11:be:68:97:c2:
         5d:96:2c:d4:a0:82:96:39:0c:60:fa:90:cd:c0:09:ac:c9:fc:
         d8:17:88:08:db:c7:43:2e:58:f4:74:1e:bb:7c:07:0e:f1:e7:
         b1:fd:d0:13:4f:27:0c:0e:09:89:6d:5f:08:97:d7:87:44:70:
         55:18:78:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVwtAIiojUkrr+CWFb7JRUKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzA3MTMwMzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTA3OTUyNWM3YTJiMDExMzU1NjU1NjhkNWFlYWMxY2JmOThiMzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkhkjsCvUIiMEIjMAYfehN7c5Uix
Qy7P0FRQVl67kRxtuye+qOtXCPgxaFlTuaf4i7NKCPKB9AbmPqnxUhUh8mMshhOS
prsuIGFl8EgQsfIi8anrspK9xQ3USg9TgZUB3xbhSx6Zb0hInkby1TfyB22lDCGX
BBb3d7eU8l9pYuD/8ur4XFITpTtUgTsA3GLpvCPlD7UocPnZwHggw22epNJ7djme
S9Ln2E3ve/HD3D+ed1o2GfA7l7cDAs1BWNugWIqQuVfWjVeHtGeHn9ZoHaPmi9Da
S38HO+2Dnv/C6l7Y4xjOPEM8tMWE59+uGMEzYqcl9gisc6sNjaP6MlUO3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4HlSXHorARNVZVaNWurBy/mLOAMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSGdlVkpjZWlzQkUxVmxWbzFhNnNITC1ZczRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3loMA0G
CSqGSIb3DQEBCwUAA4IBAQBb3PfEKrh47fVKfordHgx/IpeuHtXlBLOL9V8NrIKR
Efaggjxmb2UHD0iualWtCWlN1T3gL7S2HeBZ/yK8RQ23QFfx4qc/qAAcZgjX5W3f
hpA0l0N1na1sFoqMJ8svcKc8AmQKEV8XB2N+QJ61D/PhgwEjnnPJmQKCJYIyHjac
Pcs7YUXewg2v4ECG+VMxFwrn4jOOQDhPlSZUnRoJlDYApsUTDanNNsVzDzWS6g2W
NnDH5d+96M2fY24pkc9q2jHIEb5ol8JdlizUoIKWOQxg+pDNwAmsyfzYF4gI28dD
Llj0dB67fAcO8eex/dATTycMDgmJbV8Il9eHRHBVGHjS
-----END CERTIFICATE-----