Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Ke95O_efQMS1B92tNYtEov5U5QE.roa
File:                     Ke95O_efQMS1B92tNYtEov5U5QE.roa (raw, json)
Hash identifier:          NR1tLuH0DU2s1Oas5+ZAL3Wz8qPtT4hFLmXUCTlMeFw=
Subject key identifier:   29:EF:79:3B:F7:9F:40:C4:B5:07:DD:AD:35:8B:44:A2:FE:54:E5:01
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019349383417353F93E6F149C2510313FE47
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Ke95O_efQMS1B92tNYtEov5U5QE.roa
Signing time:             Wed 20 Nov 2024 10:57:20 +0000
ROA not before:           Wed 20 Nov 2024 10:57:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215590
IP address blocks:        87.121.98.0/24 maxlen: 24
                          87.121.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:49:38:34:17:35:3f:93:e6:f1:49:c2:51:03:13:fe:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov 20 10:57:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29ef793bf79f40c4b507ddad358b44a2fe54e501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:c6:37:c5:8e:75:93:4a:e3:fc:fa:c7:8d:86:
                    ca:b3:c6:f9:d0:cb:16:33:26:f9:b8:c3:af:72:cf:
                    34:49:22:66:fa:d0:36:4c:a0:cb:7a:dc:94:9c:71:
                    1d:60:97:65:40:1e:d0:e0:59:72:45:7c:8a:0e:f1:
                    70:32:84:7a:36:1b:b2:c2:3e:b5:82:7d:95:88:f1:
                    b0:e7:9e:2c:98:14:88:40:77:00:61:3b:f1:84:e3:
                    9a:0d:bc:38:bd:8d:33:df:9b:83:bc:14:3a:99:aa:
                    8f:c6:6d:ca:e8:e2:46:4d:ec:ff:af:47:5f:af:e5:
                    88:f8:e1:89:83:70:50:96:ea:e3:55:54:59:83:6c:
                    d8:1e:a9:02:11:64:df:a0:78:5c:21:8c:63:34:b4:
                    df:86:3e:ef:9f:c9:7f:bd:ac:9e:9d:cc:7e:26:73:
                    86:15:e0:aa:c2:2f:5e:08:7f:b3:09:58:a5:c3:c0:
                    1d:23:76:45:08:78:51:d5:6d:5a:70:80:ca:24:98:
                    19:9d:80:8b:14:2c:eb:2c:75:a8:72:9b:ea:33:02:
                    61:c7:c1:75:20:4b:d7:29:2b:d4:17:bb:d9:2c:b5:
                    be:79:a4:19:8a:d7:65:da:47:5a:13:74:d7:3d:79:
                    bb:b0:a9:fb:f3:1e:38:f6:b5:9a:2e:bb:2c:6a:72:
                    d1:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:EF:79:3B:F7:9F:40:C4:B5:07:DD:AD:35:8B:44:A2:FE:54:E5:01
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Ke95O_efQMS1B92tNYtEov5U5QE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.98.0/24
                  87.121.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:fd:00:ab:80:d7:3b:c3:8b:db:ba:36:0e:a6:50:e8:a7:43:
         b8:34:0c:26:ea:59:36:fe:cf:91:5b:60:3d:96:4c:a6:38:61:
         25:03:9d:13:52:dd:ee:61:4d:7e:89:17:a5:fa:00:67:fd:fc:
         79:a5:ae:6b:7e:b0:0a:45:7b:93:f6:1a:55:f3:fd:89:57:99:
         79:89:12:87:9a:2c:55:d8:ca:fc:6d:3b:64:80:82:79:a4:c2:
         dc:6d:38:d1:de:ed:60:fb:bb:17:7b:5b:0e:40:e2:ae:d8:21:
         98:90:a2:2c:3f:db:92:6a:8d:64:cb:7e:cc:fa:6d:95:1f:0a:
         54:b6:c6:43:1b:97:f0:51:1b:f3:3e:1d:15:26:72:a6:3c:42:
         d2:73:6a:b6:c6:3b:2a:26:be:b2:91:fb:0b:ee:4c:3f:cd:34:
         58:af:66:67:5b:b5:83:8b:14:f2:27:10:8e:0c:df:99:0f:cc:
         bf:51:e0:36:4b:32:10:d1:f1:cc:27:74:40:b1:28:c1:3d:d5:
         f7:ca:95:07:f1:e6:8c:c2:07:2c:4b:0c:91:f8:cd:1b:16:4c:
         9b:73:3a:29:dc:38:aa:4f:5d:0f:eb:00:97:33:6e:13:05:74:
         83:5d:b0:f7:78:9e:d4:8d:e3:05:cf:e1:b3:0c:0a:71:a4:ab:
         60:13:ac:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNJODQXNT+T5vFJwlEDE/5HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMTIwMTA1NzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWVmNzkzYmY3OWY0MGM0YjUwN2RkYWQzNThiNDRhMmZlNTRlNTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3cY3xY51k0rj/PrHjYbKs8b50MsW
Myb5uMOvcs80SSJm+tA2TKDLetyUnHEdYJdlQB7Q4FlyRXyKDvFwMoR6Nhuywj61
gn2ViPGw554smBSIQHcAYTvxhOOaDbw4vY0z35uDvBQ6maqPxm3K6OJGTez/r0df
r+WI+OGJg3BQlurjVVRZg2zYHqkCEWTfoHhcIYxjNLTfhj7vn8l/vayencx+JnOG
FeCqwi9eCH+zCVilw8AdI3ZFCHhR1W1acIDKJJgZnYCLFCzrLHWocpvqMwJhx8F1
IEvXKSvUF7vZLLW+eaQZitdl2kdaE3TXPXm7sKn78x449rWaLrssanLRnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCnveTv3n0DEtQfdrTWLRKL+VOUBMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvS2U5NU9fZWZRTVMxQjkydE5ZdEVvdjVVNVFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV3liAwQA
V3naMA0GCSqGSIb3DQEBCwUAA4IBAQAN/QCrgNc7w4vbujYOplDop0O4NAwm6lk2
/s+RW2A9lkymOGElA50TUt3uYU1+iRel+gBn/fx5pa5rfrAKRXuT9hpV8/2JV5l5
iRKHmixV2Mr8bTtkgIJ5pMLcbTjR3u1g+7sXe1sOQOKu2CGYkKIsP9uSao1ky37M
+m2VHwpUtsZDG5fwURvzPh0VJnKmPELSc2q2xjsqJr6ykfsL7kw/zTRYr2ZnW7WD
ixTyJxCODN+ZD8y/UeA2SzIQ0fHMJ3RAsSjBPdX3ypUH8eaMwgcsSwyR+M0bFkyb
czop3DiqT10P6wCXM24TBXSDXbD3eJ7UjeMFz+GzDApxpKtgE6w0
-----END CERTIFICATE-----