Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KU7uW_qqpQh_xTE0oD-wuGlu5QE.roa
File:                     KU7uW_qqpQh_xTE0oD-wuGlu5QE.roa (raw, json)
Hash identifier:          Y5fU/jueHPEPrBvlAlYSxO5MjZe6i1hLtgmqFlKP/2M=
Subject key identifier:   29:4E:EE:5B:FA:AA:A5:08:7F:C5:31:34:A0:3F:B0:B8:69:6E:E5:01
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DD0A04C0F488ADE2ABFC4CEBEA99C4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KU7uW_qqpQh_xTE0oD-wuGlu5QE.roa
Signing time:             Tue 02 Jan 2024 06:29:38 +0000
ROA not before:           Tue 02 Jan 2024 06:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209605
IP address blocks:        194.169.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:0a:04:c0:f4:88:ad:e2:ab:fc:4c:eb:ea:99:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=294eee5bfaaaa5087fc53134a03fb0b8696ee501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ce:87:ea:76:81:d6:5c:bd:81:72:92:67:df:
                    f3:c8:7f:ad:ba:fe:51:df:f5:6a:82:83:7a:d7:77:
                    45:0c:fb:78:b5:4a:8b:17:32:4f:23:03:52:47:20:
                    5f:d8:aa:23:47:82:f9:81:c7:16:d7:27:5c:18:4a:
                    da:bc:85:35:2f:12:97:9d:13:77:ec:de:13:c8:ed:
                    0b:8c:34:8f:71:6f:12:75:ab:42:b1:a3:96:ec:64:
                    21:af:54:34:ef:29:20:d0:fb:1b:36:cc:34:16:23:
                    0a:35:2c:18:5e:f7:e5:4e:db:95:50:55:dc:6f:2e:
                    0a:73:6c:0c:84:37:88:73:42:33:64:a4:7c:bb:0f:
                    93:b9:2c:50:ff:82:87:ef:3f:6f:6f:7d:8a:3e:d3:
                    97:4d:be:76:3a:bc:b6:74:8f:56:29:61:dc:17:03:
                    77:40:7f:cc:17:79:df:38:28:ab:ed:03:57:49:58:
                    b2:cb:f0:39:d2:d6:22:3d:a1:10:c5:d8:52:e0:36:
                    f4:11:ed:24:0b:ea:19:2c:1f:5e:6c:63:40:71:36:
                    f2:0e:f2:56:4d:e1:39:a6:14:15:e2:7c:df:d6:be:
                    9c:8e:96:ee:fb:08:79:82:c7:7d:fb:f5:72:1b:ec:
                    2d:3c:b3:98:87:55:c8:f7:3f:6a:7e:06:cb:79:62:
                    ac:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:4E:EE:5B:FA:AA:A5:08:7F:C5:31:34:A0:3F:B0:B8:69:6E:E5:01
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KU7uW_qqpQh_xTE0oD-wuGlu5QE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:20:ab:1b:01:d5:32:ef:fb:86:9e:32:4b:14:64:3a:c6:11:
         eb:59:59:03:46:05:8c:a9:39:ef:d2:47:cb:6b:51:6d:6d:cd:
         6b:e1:72:7c:df:4d:41:cc:9f:06:1f:35:9a:c1:58:ce:81:47:
         b7:18:2d:29:ae:2a:94:c9:df:8b:ac:7c:a2:a7:02:f6:c5:a3:
         ec:87:2a:5f:ab:ad:94:8a:37:3f:ee:70:bb:87:57:27:f4:1f:
         ae:8e:33:73:99:fb:d4:c8:b2:1a:2f:b4:6b:84:1c:b4:f4:41:
         f1:21:1d:99:56:10:6e:fa:08:f8:91:4e:24:74:40:37:35:03:
         98:2c:0b:a3:f2:98:13:29:98:6e:b1:4c:6f:c5:59:ae:87:7a:
         7f:44:fe:41:ed:3f:95:cb:bb:60:1f:f7:13:37:56:02:b8:12:
         a8:3b:97:55:4d:b4:7e:1d:77:e5:1c:62:d1:9b:87:3c:83:b3:
         d7:d1:cd:85:92:eb:68:13:08:ba:43:df:a3:70:00:6d:e8:83:
         06:20:3e:4c:28:bf:02:ad:1c:a1:26:e4:62:17:4f:8b:19:24:
         fa:5d:79:59:e7:ee:68:45:28:e5:e8:f3:10:8f:ae:bc:76:84:
         f2:22:1f:b1:4d:69:26:98:0a:59:dd:70:c8:7a:54:f1:6b:e1:
         d6:6f:b5:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3QoEwPSIreKr/Ezr6pnEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTRlZWU1YmZhYWFhNTA4N2ZjNTMxMzRhMDNmYjBiODY5NmVlNTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlc6H6naB1ly9gXKSZ9/zyH+tuv5R
3/VqgoN613dFDPt4tUqLFzJPIwNSRyBf2KojR4L5gccW1ydcGEravIU1LxKXnRN3
7N4TyO0LjDSPcW8SdatCsaOW7GQhr1Q07ykg0PsbNsw0FiMKNSwYXvflTtuVUFXc
by4Kc2wMhDeIc0IzZKR8uw+TuSxQ/4KH7z9vb32KPtOXTb52Ory2dI9WKWHcFwN3
QH/MF3nfOCir7QNXSViyy/A50tYiPaEQxdhS4Db0Ee0kC+oZLB9ebGNAcTbyDvJW
TeE5phQV4nzf1r6cjpbu+wh5gsd9+/VyG+wtPLOYh1XI9z9qfgbLeWKs/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClO7lv6qqUIf8UxNKA/sLhpbuUBMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvS1U3dVdfcXFwUWhfeFRFMG9ELXd1R2x1NVFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqmvMA0G
CSqGSIb3DQEBCwUAA4IBAQBjIKsbAdUy7/uGnjJLFGQ6xhHrWVkDRgWMqTnv0kfL
a1Ftbc1r4XJ8301BzJ8GHzWawVjOgUe3GC0priqUyd+LrHyipwL2xaPshypfq62U
ijc/7nC7h1cn9B+ujjNzmfvUyLIaL7RrhBy09EHxIR2ZVhBu+gj4kU4kdEA3NQOY
LAuj8pgTKZhusUxvxVmuh3p/RP5B7T+Vy7tgH/cTN1YCuBKoO5dVTbR+HXflHGLR
m4c8g7PX0c2FkutoEwi6Q9+jcABt6IMGID5MKL8CrRyhJuRiF0+LGST6XXlZ5+5o
RSjl6PMQj668doTyIh+xTWkmmApZ3XDIelTxa+HWb7VS
-----END CERTIFICATE-----