Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IldEW2mKBeyURORSN91VUY_3VsM.roa
File:                     IldEW2mKBeyURORSN91VUY_3VsM.roa (raw, json)
Hash identifier:          pNPEdWA6Gp2nb8Sv2DgAkmLM3wRBLpchK9j+RX8h1S0=
Subject key identifier:   22:57:44:5B:69:8A:05:EC:94:44:E4:52:37:DD:55:51:8F:F7:56:C3
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCD351895F84B0A5BC0F36581B3189
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IldEW2mKBeyURORSN91VUY_3VsM.roa
Signing time:             Tue 02 Jan 2024 06:29:24 +0000
ROA not before:           Tue 02 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20665
IP address blocks:        217.145.80.0/20 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d3:51:89:5f:84:b0:a5:bc:0f:36:58:1b:31:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2257445b698a05ec9444e45237dd55518ff756c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:40:34:5e:dc:1d:60:fe:51:29:e4:af:37:ee:
                    0d:fb:2b:8c:1b:4a:77:07:75:3a:0f:d5:9b:e3:9c:
                    cf:c5:a7:5a:0f:0d:93:f5:b7:19:06:8e:81:06:63:
                    d2:f7:ca:53:89:e3:ea:a8:59:99:ae:60:5c:f6:cc:
                    bd:68:fe:1d:d1:2a:8d:4e:19:1b:2e:ab:d2:fd:29:
                    3b:d7:84:2c:23:94:b8:1c:a8:ce:ab:52:5e:38:08:
                    c9:e7:83:33:1e:aa:ea:65:24:55:b1:17:7c:5d:e4:
                    cb:b1:fb:aa:0f:d1:d1:bc:49:02:85:19:2d:2d:3f:
                    50:84:8f:27:07:98:90:e1:0c:14:18:a5:b1:6c:b4:
                    b5:79:0d:6d:75:40:ba:65:30:b5:a1:61:d8:78:2c:
                    ae:9d:df:50:21:4a:e9:7e:99:56:27:5f:ef:29:f2:
                    c7:1e:29:51:72:e8:cf:21:d4:6f:99:bb:6d:ed:17:
                    bb:4f:6a:e5:0c:26:28:7b:6e:a8:5a:5b:76:b7:0c:
                    91:37:15:60:39:ac:f3:41:e4:73:f3:45:99:7f:4a:
                    df:f9:8a:8e:ac:d1:5f:f2:02:7a:25:27:1e:22:8b:
                    cd:43:be:fb:54:d4:c9:08:b4:6b:a2:90:33:9a:18:
                    65:d4:31:d5:12:8b:13:b7:48:dd:25:4c:d2:64:6f:
                    b4:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:57:44:5B:69:8A:05:EC:94:44:E4:52:37:DD:55:51:8F:F7:56:C3
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IldEW2mKBeyURORSN91VUY_3VsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         10:15:35:f7:5f:1a:d9:9b:7e:a6:1e:ac:e9:fc:12:a7:96:29:
         e4:1b:45:d3:ce:39:78:5e:0d:b3:93:3a:d1:ec:bf:a5:c5:dd:
         44:45:bb:f1:1e:91:85:d7:4f:02:5d:00:7c:cc:80:33:98:7e:
         b7:b7:e7:df:0b:a8:25:70:97:9c:25:14:b0:c9:0f:63:28:4b:
         48:ad:4f:05:51:e9:e8:19:9c:10:ee:b9:21:c1:c9:ac:7e:fe:
         ea:b5:b4:9f:d8:5f:e0:5d:e0:ef:b0:b3:d3:4b:a9:20:dd:29:
         1a:ec:d9:b5:ec:9b:06:01:3e:f9:f0:cf:59:4b:a7:77:88:e9:
         4e:b2:0e:5e:e0:b9:09:b8:b4:09:56:1f:98:92:c0:6d:9c:27:
         e6:ac:f6:34:1f:11:38:35:a6:3b:3b:26:44:37:06:db:78:6e:
         5f:fb:f7:38:76:bf:26:ca:8f:54:e9:d1:6d:13:70:23:09:55:
         61:78:7a:13:92:1c:52:c5:da:66:13:21:8b:d0:9c:93:2a:04:
         3b:f0:3a:46:f3:a1:a4:c5:7d:c5:20:f5:86:32:ae:b0:3b:09:
         3a:fd:93:c6:0d:97:81:e5:f1:18:f9:f5:4d:9e:fd:f2:a7:58:
         d1:47:67:59:1f:41:8e:52:6d:69:a3:4a:09:fc:1f:89:94:55:
         95:a1:7c:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3NNRiV+EsKW8DzZYGzGJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjU3NDQ1YjY5OGEwNWVjOTQ0NGU0NTIzN2RkNTU1MThmZjc1NmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0A0XtwdYP5RKeSvN+4N+yuMG0p3
B3U6D9Wb45zPxadaDw2T9bcZBo6BBmPS98pTiePqqFmZrmBc9sy9aP4d0SqNThkb
LqvS/Sk714QsI5S4HKjOq1JeOAjJ54MzHqrqZSRVsRd8XeTLsfuqD9HRvEkChRkt
LT9QhI8nB5iQ4QwUGKWxbLS1eQ1tdUC6ZTC1oWHYeCyund9QIUrpfplWJ1/vKfLH
HilRcujPIdRvmbtt7Re7T2rlDCYoe26oWlt2twyRNxVgOazzQeRz80WZf0rf+YqO
rNFf8gJ6JSceIovNQ777VNTJCLRropAzmhhl1DHVEosTt0jdJUzSZG+0pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJXRFtpigXslETkUjfdVVGP91bDMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSWxkRVcybUtCZXlVUk9SU045MVZVWV8zVnNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2ZFQMA0G
CSqGSIb3DQEBCwUAA4IBAQAQFTX3XxrZm36mHqzp/BKnlinkG0XTzjl4Xg2zkzrR
7L+lxd1ERbvxHpGF108CXQB8zIAzmH63t+ffC6glcJecJRSwyQ9jKEtIrU8FUeno
GZwQ7rkhwcmsfv7qtbSf2F/gXeDvsLPTS6kg3Ska7Nm17JsGAT758M9ZS6d3iOlO
sg5e4LkJuLQJVh+YksBtnCfmrPY0HxE4NaY7OyZENwbbeG5f+/c4dr8myo9U6dFt
E3AjCVVheHoTkhxSxdpmEyGL0JyTKgQ78DpG86GkxX3FIPWGMq6wOwk6/ZPGDZeB
5fEY+fVNnv3yp1jRR2dZH0GOUm1po0oJ/B+JlFWVoXzg
-----END CERTIFICATE-----