Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IEEB5ZuZClh2av_UeNoseNJztjo.roa
File:                     IEEB5ZuZClh2av_UeNoseNJztjo.roa (raw, json)
Hash identifier:          iUjWo/rLltqNToF0xz57P+qijktO7N5AGPS624MKLkk=
Subject key identifier:   20:41:01:E5:9B:99:0A:58:76:6A:FF:D4:78:DA:2C:78:D2:73:B6:3A
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018DFEA42F0B97720E8137BF4C89B5EE84DD
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IEEB5ZuZClh2av_UeNoseNJztjo.roa
Signing time:             Sat 02 Mar 2024 10:09:49 +0000
ROA not before:           Sat 02 Mar 2024 10:09:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212150
IP address blocks:        94.156.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:fe:a4:2f:0b:97:72:0e:81:37:bf:4c:89:b5:ee:84:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar  2 10:09:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=204101e59b990a58766affd478da2c78d273b63a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:57:64:cb:f7:43:77:55:f7:ef:2a:17:3e:36:
                    ca:5d:5f:20:74:7c:3a:34:16:52:55:53:9b:81:35:
                    67:e0:41:79:fb:a5:6b:c7:e3:c6:13:1a:64:4a:d9:
                    6b:4a:f7:6c:41:1d:6d:56:73:25:00:51:72:97:68:
                    8c:e6:b5:db:53:70:43:e1:a6:70:a3:83:d6:9d:7d:
                    e3:a7:c7:1b:ba:76:72:e2:96:40:1f:7f:bb:40:69:
                    9b:66:be:bc:9a:58:a7:b9:60:4d:46:1e:46:e9:fb:
                    d9:4e:5b:1c:03:a3:d7:1b:a3:ba:62:ff:cb:fe:96:
                    d9:58:1e:45:de:d7:a5:ba:44:1c:cf:df:e1:17:49:
                    af:e8:5b:5d:7a:a1:84:d1:3c:71:12:ec:17:f4:3f:
                    4c:2c:83:3d:cc:29:5e:0f:66:46:d2:57:dc:28:eb:
                    e9:a5:a2:23:ac:72:7e:d5:90:f6:63:14:2b:90:47:
                    ab:21:63:0e:e8:5d:a6:ad:52:66:cd:47:2d:e9:cd:
                    d5:29:20:8f:95:44:65:5c:9d:d1:d5:24:22:07:71:
                    73:1a:6e:0c:c0:0b:1d:14:69:84:5c:96:5a:08:8a:
                    72:e0:bf:4a:cd:0a:45:10:f6:9b:69:13:55:42:8d:
                    6d:66:af:6f:2a:b5:36:5d:0c:40:5d:05:68:e8:ef:
                    7b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:41:01:E5:9B:99:0A:58:76:6A:FF:D4:78:DA:2C:78:D2:73:B6:3A
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IEEB5ZuZClh2av_UeNoseNJztjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:ac:97:ff:6e:d8:e4:17:45:16:07:61:89:4f:bd:c2:1e:4d:
         89:f2:d4:f2:83:2e:23:e8:ec:dd:2c:26:cb:80:f7:7d:67:a9:
         d6:95:dc:fd:a4:d2:52:fe:38:3e:03:a4:8b:0f:dd:1b:28:05:
         af:1e:23:c1:5f:55:01:5d:7e:de:fe:23:27:a7:5a:59:ae:4d:
         36:1a:ce:67:a3:f4:4a:33:89:6d:a3:7a:74:30:4c:bd:9a:92:
         a4:c6:6b:0e:d8:7e:1f:cf:d4:97:28:98:f5:85:1b:a8:3d:07:
         c3:d2:b7:26:54:b7:95:ea:46:aa:fe:fc:8a:58:94:b7:b5:22:
         38:f4:70:de:88:33:2e:24:90:98:24:b6:f8:c2:3d:83:8c:bb:
         8f:b6:ba:5a:fa:58:e9:97:60:c0:77:20:b2:63:48:6b:38:1f:
         08:09:ae:a3:89:a3:bd:ee:7d:a4:13:26:91:b9:51:e1:d1:5f:
         cd:98:58:c5:b1:21:f3:ec:6b:f6:eb:2f:e4:99:63:1a:e4:31:
         c1:33:e9:76:39:b5:cc:17:bb:a4:1b:50:7b:73:c2:77:ca:98:
         44:d3:36:9d:a4:61:ef:21:e0:97:de:93:d3:7c:d7:c4:17:3e:
         48:f7:f3:31:6f:01:07:82:4d:38:b9:a2:60:d4:0e:09:b3:0c:
         c2:cd:7f:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3+pC8Ll3IOgTe/TIm17oTdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzAyMTAwOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDQxMDFlNTliOTkwYTU4NzY2YWZmZDQ3OGRhMmM3OGQyNzNiNjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVdky/dDd1X37yoXPjbKXV8gdHw6
NBZSVVObgTVn4EF5+6Vrx+PGExpkStlrSvdsQR1tVnMlAFFyl2iM5rXbU3BD4aZw
o4PWnX3jp8cbunZy4pZAH3+7QGmbZr68mlinuWBNRh5G6fvZTlscA6PXG6O6Yv/L
/pbZWB5F3telukQcz9/hF0mv6FtdeqGE0TxxEuwX9D9MLIM9zCleD2ZG0lfcKOvp
paIjrHJ+1ZD2YxQrkEerIWMO6F2mrVJmzUct6c3VKSCPlURlXJ3R1SQiB3FzGm4M
wAsdFGmEXJZaCIpy4L9KzQpFEPabaRNVQo1tZq9vKrU2XQxAXQVo6O97jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCBBAeWbmQpYdmr/1HjaLHjSc7Y6MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSUVFQjVadVpDbGgyYXZfVWVOb3NlTkp6dGpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpyxMA0G
CSqGSIb3DQEBCwUAA4IBAQBzrJf/btjkF0UWB2GJT73CHk2J8tTygy4j6OzdLCbL
gPd9Z6nWldz9pNJS/jg+A6SLD90bKAWvHiPBX1UBXX7e/iMnp1pZrk02Gs5no/RK
M4lto3p0MEy9mpKkxmsO2H4fz9SXKJj1hRuoPQfD0rcmVLeV6kaq/vyKWJS3tSI4
9HDeiDMuJJCYJLb4wj2DjLuPtrpa+ljpl2DAdyCyY0hrOB8ICa6jiaO97n2kEyaR
uVHh0V/NmFjFsSHz7Gv26y/kmWMa5DHBM+l2ObXMF7ukG1B7c8J3yphE0zadpGHv
IeCX3pPTfNfEFz5I9/MxbwEHgk04uaJg1A4JswzCzX96
-----END CERTIFICATE-----