Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/M2LICSpKrG87Mo__dpVZq0RtG4g.roa
File:                     M2LICSpKrG87Mo__dpVZq0RtG4g.roa (raw, json)
Hash identifier:          ITGHfZo2VgLA1w3v6ivkPlVdolyCTHbpsBVAihEfDhw=
Subject key identifier:   33:62:C8:09:2A:4A:AC:6F:3B:32:8F:FF:76:95:59:AB:44:6D:1B:88
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCEFD60DA9976F706806254367E388
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/M2LICSpKrG87Mo__dpVZq0RtG4g.roa
Signing time:             Tue 02 Jan 2024 06:29:31 +0000
ROA not before:           Tue 02 Jan 2024 06:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57463
IP address blocks:        185.219.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:ef:d6:0d:a9:97:6f:70:68:06:25:43:67:e3:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3362c8092a4aac6f3b328fff769559ab446d1b88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:e0:2e:49:51:74:b5:d5:34:df:80:84:7c:04:
                    82:ea:5b:a5:b5:3e:4e:fb:aa:b3:50:f3:b6:e6:10:
                    3e:7f:d1:76:3e:3c:b5:9e:d8:76:5c:4a:5f:68:39:
                    45:7a:a8:ed:03:78:55:8a:28:a5:3b:a7:89:6d:4a:
                    55:e2:cc:c4:2c:ca:de:d0:3e:3d:ee:16:78:c8:50:
                    7e:70:ed:49:6a:d6:5e:60:9c:1e:0b:cb:d9:d8:64:
                    cf:cf:54:35:30:2c:38:45:cc:cf:dd:73:f1:be:6c:
                    18:b0:9a:ae:ad:f1:0d:2a:80:80:7e:67:3e:99:0e:
                    3b:f8:4f:0b:f6:71:4c:67:10:a5:66:6f:23:21:cd:
                    d3:76:a0:fa:25:67:70:54:83:48:f8:7b:7b:3d:6e:
                    27:73:cc:11:d3:f0:e0:a5:5f:93:de:65:8b:5b:51:
                    c6:6d:97:5d:19:f8:98:75:0e:db:ad:8f:36:7a:1c:
                    44:6c:66:a2:50:5f:e0:85:ec:8d:3c:f6:1b:99:b2:
                    80:70:a0:6e:65:e1:02:fb:1b:dd:90:94:83:19:3b:
                    31:03:d0:32:43:0a:34:17:e8:13:73:01:89:64:45:
                    e0:3e:aa:52:e1:2c:5f:ed:51:4d:d8:8c:40:f9:a5:
                    bc:9a:77:5c:0b:f4:f3:68:f2:7d:21:07:a5:b4:25:
                    9b:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:62:C8:09:2A:4A:AC:6F:3B:32:8F:FF:76:95:59:AB:44:6D:1B:88
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/M2LICSpKrG87Mo__dpVZq0RtG4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:1c:5c:ef:a4:18:5b:a0:25:26:f5:fc:78:2f:bc:77:92:70:
         ee:db:b8:a3:46:d1:ff:66:f9:c1:7b:ed:63:8c:0f:17:f2:29:
         3c:09:42:9e:79:2b:1e:a9:34:3b:09:90:43:40:55:21:f3:22:
         45:24:56:d2:75:74:4c:e4:ef:fc:ac:22:c0:b0:a5:27:f2:67:
         8d:d2:2c:0c:ae:c0:c6:ed:ed:df:ba:f8:e1:66:8c:d4:42:7c:
         b2:1b:da:df:f5:1b:e4:9d:b3:58:c1:4a:97:6d:32:5a:d5:15:
         56:70:4a:22:8b:7b:d4:90:90:d3:4a:0a:9b:e1:57:35:2d:51:
         5b:f8:06:26:61:5d:88:41:17:08:c2:bb:6b:38:be:6c:20:55:
         69:c5:35:3e:b8:7d:31:f6:6d:95:3d:14:9c:07:9d:f5:de:79:
         24:90:d4:0e:d4:14:9c:3f:e4:a6:22:5c:d3:fd:4d:25:dc:f0:
         9a:52:95:9b:45:fa:d9:e4:e8:84:17:c7:c3:08:85:6c:ee:c3:
         dc:49:8c:76:aa:d2:f3:4c:d7:a3:e2:e2:d4:04:7e:7c:e8:74:
         f4:1e:bd:1e:2c:5e:f1:18:92:74:5a:3f:25:6c:7a:6f:e7:7f:
         07:5f:8d:30:09:46:f3:1f:d8:90:43:f0:31:cc:d4:25:02:03:
         5b:c9:4c:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3O/WDamXb3BoBiVDZ+OIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzYyYzgwOTJhNGFhYzZmM2IzMjhmZmY3Njk1NTlhYjQ0NmQxYjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7+AuSVF0tdU034CEfASC6lultT5O
+6qzUPO25hA+f9F2Pjy1nth2XEpfaDlFeqjtA3hViiilO6eJbUpV4szELMre0D49
7hZ4yFB+cO1JatZeYJweC8vZ2GTPz1Q1MCw4RczP3XPxvmwYsJqurfENKoCAfmc+
mQ47+E8L9nFMZxClZm8jIc3TdqD6JWdwVINI+Ht7PW4nc8wR0/DgpV+T3mWLW1HG
bZddGfiYdQ7brY82ehxEbGaiUF/gheyNPPYbmbKAcKBuZeEC+xvdkJSDGTsxA9Ay
Qwo0F+gTcwGJZEXgPqpS4Sxf7VFN2IxA+aW8mndcC/TzaPJ9IQeltCWb9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNiyAkqSqxvOzKP/3aVWatEbRuIMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTTJMSUNTcEtyRzg3TW9fX2RwVlpxMFJ0RzRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudt8MA0G
CSqGSIb3DQEBCwUAA4IBAQBlHFzvpBhboCUm9fx4L7x3knDu27ijRtH/ZvnBe+1j
jA8X8ik8CUKeeSseqTQ7CZBDQFUh8yJFJFbSdXRM5O/8rCLAsKUn8meN0iwMrsDG
7e3fuvjhZozUQnyyG9rf9RvknbNYwUqXbTJa1RVWcEoii3vUkJDTSgqb4Vc1LVFb
+AYmYV2IQRcIwrtrOL5sIFVpxTU+uH0x9m2VPRScB5313nkkkNQO1BScP+SmIlzT
/U0l3PCaUpWbRfrZ5OiEF8fDCIVs7sPcSYx2qtLzTNej4uLUBH586HT0Hr0eLF7x
GJJ0Wj8lbHpv538HX40wCUbzH9iQQ/AxzNQlAgNbyUyK
-----END CERTIFICATE-----