Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Lb0a6d7BzLsjpy9hpD1J7KSmjYY.roa
File:                     Lb0a6d7BzLsjpy9hpD1J7KSmjYY.roa (raw, json)
Hash identifier:          Lkalm291kmIk5NQI2X5Eku9ixcAtZAesDb0HLw/SM/4=
Subject key identifier:   2D:BD:1A:E9:DE:C1:CC:BB:23:A7:2F:61:A4:3D:49:EC:A4:A6:8D:86
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCDB7AB7B5A44A389FB5C62372C7FC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Lb0a6d7BzLsjpy9hpD1J7KSmjYY.roa
Signing time:             Tue 02 Jan 2024 06:29:26 +0000
ROA not before:           Tue 02 Jan 2024 06:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33802
IP address blocks:        87.120.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:db:7a:b7:b5:a4:4a:38:9f:b5:c6:23:72:c7:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2dbd1ae9dec1ccbb23a72f61a43d49eca4a68d86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:08:68:68:35:3b:66:e3:ca:57:33:c6:47:b2:
                    c1:55:e6:f1:bf:bb:b7:d7:74:08:fb:de:f9:52:b2:
                    ff:46:c5:c8:7b:85:0f:24:e6:46:ad:50:b3:9a:b8:
                    0b:a8:6e:0c:d2:62:c6:73:25:08:65:b0:46:ed:98:
                    8b:14:91:e4:97:6f:53:5b:e5:2d:25:4c:0b:aa:64:
                    2c:2a:7e:e5:37:5d:9d:a0:4b:e6:84:e0:4f:15:e2:
                    6f:e8:4e:ec:3a:1c:16:28:24:86:04:e5:e5:4b:02:
                    df:6c:4e:62:93:73:90:1d:df:d2:d4:a6:a2:a4:be:
                    62:c9:4d:d1:14:60:eb:f1:da:be:69:65:3b:28:a7:
                    4a:db:87:3d:9f:8e:ae:21:53:5c:05:46:41:bd:8a:
                    64:fa:ae:18:6c:ae:dc:6d:c8:1a:ea:6e:33:d7:22:
                    1f:4d:39:ce:b3:9e:59:87:76:36:ac:4a:12:fe:3d:
                    d8:85:1f:52:13:3f:04:82:9a:b0:5e:b4:3d:4d:c2:
                    23:17:85:22:6b:ca:cf:fe:ee:e2:68:47:75:89:1f:
                    ba:f7:6f:9e:f9:c5:80:66:74:df:cd:75:c0:51:21:
                    38:cd:04:1e:78:79:81:f2:50:27:84:96:65:15:02:
                    cd:20:27:a6:4d:fe:50:3b:6e:0f:c9:17:ad:39:5f:
                    af:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:BD:1A:E9:DE:C1:CC:BB:23:A7:2F:61:A4:3D:49:EC:A4:A6:8D:86
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Lb0a6d7BzLsjpy9hpD1J7KSmjYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:88:b3:cc:db:3e:28:b2:3f:9a:e4:1c:e0:25:ac:9e:01:f4:
         1a:f9:3e:b0:56:75:77:59:38:c3:f2:29:ef:48:09:52:51:7b:
         05:61:93:a1:7d:a2:54:2e:db:9c:ce:e3:36:f7:15:81:a6:96:
         4d:44:84:17:cc:7e:40:dd:cb:f2:d3:a5:96:ca:01:1b:40:cc:
         84:9a:b2:8c:37:66:aa:dd:e3:d4:9f:35:70:f6:dd:16:4a:ff:
         39:5b:d6:98:de:05:8a:7a:c6:5c:cb:74:16:4f:1b:5f:38:e4:
         8e:86:27:e6:bf:d8:3d:cc:5c:95:35:62:dd:6c:d1:c6:5c:75:
         11:30:61:64:4b:20:4b:10:1d:64:ac:7b:dc:92:e9:63:de:46:
         86:2b:b0:3d:59:24:f5:59:7e:a5:86:45:8f:45:5b:d8:41:76:
         3d:1f:dc:e6:ed:7d:ef:8e:68:ea:b0:87:b9:b3:e6:43:c6:a7:
         65:3c:81:45:ed:23:0a:88:93:05:d7:bb:6d:e6:7f:ee:2c:6d:
         81:17:37:6d:3f:e1:05:6a:90:ce:f9:d1:96:a0:91:04:2d:af:
         d9:0b:73:22:f1:2b:42:0f:1c:21:23:43:50:44:b9:cb:85:fb:
         6d:3c:21:b7:c9:22:68:3f:87:4a:61:93:2c:11:40:dd:58:d4:
         be:2f:6f:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3Nt6t7WkSjiftcYjcsf8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGJkMWFlOWRlYzFjY2JiMjNhNzJmNjFhNDNkNDllY2E0YTY4ZDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQhoaDU7ZuPKVzPGR7LBVebxv7u3
13QI+975UrL/RsXIe4UPJOZGrVCzmrgLqG4M0mLGcyUIZbBG7ZiLFJHkl29TW+Ut
JUwLqmQsKn7lN12doEvmhOBPFeJv6E7sOhwWKCSGBOXlSwLfbE5ik3OQHd/S1Kai
pL5iyU3RFGDr8dq+aWU7KKdK24c9n46uIVNcBUZBvYpk+q4YbK7cbcga6m4z1yIf
TTnOs55Zh3Y2rEoS/j3YhR9SEz8EgpqwXrQ9TcIjF4Uia8rP/u7iaEd1iR+692+e
+cWAZnTfzXXAUSE4zQQeeHmB8lAnhJZlFQLNICemTf5QO24PyRetOV+vdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC29Gunewcy7I6cvYaQ9Seykpo2GMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTGIwYTZkN0J6THNqcHk5aHBEMUo3S1NtallZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3gKMA0G
CSqGSIb3DQEBCwUAA4IBAQBQiLPM2z4osj+a5BzgJayeAfQa+T6wVnV3WTjD8inv
SAlSUXsFYZOhfaJULtuczuM29xWBppZNRIQXzH5A3cvy06WWygEbQMyEmrKMN2aq
3ePUnzVw9t0WSv85W9aY3gWKesZcy3QWTxtfOOSOhifmv9g9zFyVNWLdbNHGXHUR
MGFkSyBLEB1krHvckulj3kaGK7A9WST1WX6lhkWPRVvYQXY9H9zm7X3vjmjqsIe5
s+ZDxqdlPIFF7SMKiJMF17tt5n/uLG2BFzdtP+EFapDO+dGWoJEELa/ZC3Mi8StC
DxwhI0NQRLnLhfttPCG3ySJoP4dKYZMsEUDdWNS+L296
-----END CERTIFICATE-----