Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/N5lgYQz18-jB7WYF8XOosUyV-G4.roa
File:                     N5lgYQz18-jB7WYF8XOosUyV-G4.roa (raw, json)
Hash identifier:          +yOum3OJfDYUJafGl6oSvjk9DzwTI7lpbg3iQ5GOx+w=
Subject key identifier:   37:99:60:61:0C:F5:F3:E8:C1:ED:66:05:F1:73:A8:B1:4C:95:F8:6E
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018F8DFAF43FADEDED303048CDAF23632AD0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/N5lgYQz18-jB7WYF8XOosUyV-G4.roa
Signing time:             Sat 18 May 2024 23:13:05 +0000
ROA not before:           Sat 18 May 2024 23:13:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205733
IP address blocks:        87.121.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:8d:fa:f4:3f:ad:ed:ed:30:30:48:cd:af:23:63:2a:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 18 23:13:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=379960610cf5f3e8c1ed6605f173a8b14c95f86e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a3:9b:ad:f4:4c:b8:6d:a8:8f:44:a3:a7:9e:
                    0b:a5:8b:e8:52:f7:2f:8f:0f:ef:77:04:33:41:74:
                    27:42:5c:e1:75:c8:75:3a:e5:61:75:00:a0:34:89:
                    2e:e5:5b:a2:1f:5e:95:41:09:b2:8d:0f:2a:c7:f2:
                    e1:35:7d:79:37:3c:e6:18:89:dc:db:b4:d7:59:90:
                    5c:52:b8:6f:26:fe:30:53:dc:83:5a:45:28:b4:33:
                    1e:1e:cb:6c:2b:64:b6:56:c9:78:4e:2d:f1:87:fb:
                    01:01:02:27:a3:19:32:9b:51:ba:00:33:2e:59:79:
                    85:dc:d0:55:66:a2:86:65:63:45:5a:60:68:25:74:
                    1f:f9:d7:16:3b:5f:90:e7:df:a4:d1:fb:f9:5d:7c:
                    f9:16:3c:8b:43:f8:74:c7:09:43:eb:95:0e:bf:9f:
                    01:44:e5:ca:8a:0d:e6:7d:92:24:25:51:6a:e4:7a:
                    c8:cd:fb:79:a5:fa:0f:79:ac:38:25:71:7e:5b:3c:
                    07:e2:31:c2:a9:39:be:c1:c0:ad:9d:00:5a:11:9c:
                    2e:b6:d3:e6:59:61:77:04:2f:2a:b4:28:6b:81:d0:
                    e6:43:bc:e5:1d:ae:85:92:5f:ca:4a:b5:eb:08:f6:
                    a4:23:22:0c:ae:09:ca:35:ec:db:9d:26:88:9b:64:
                    db:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:99:60:61:0C:F5:F3:E8:C1:ED:66:05:F1:73:A8:B1:4C:95:F8:6E
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/N5lgYQz18-jB7WYF8XOosUyV-G4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:0b:5f:87:f1:ab:fa:5f:11:76:88:a3:79:75:a1:75:66:ee:
         9a:0c:ac:e3:8c:b5:19:54:60:ea:db:f9:2e:78:43:e1:22:22:
         0c:fb:81:37:7e:9e:27:63:f9:8e:5b:ee:c0:36:c8:a3:64:f5:
         36:ef:db:b3:ff:d7:75:65:c1:7a:16:44:c4:3f:a1:61:3f:99:
         02:16:57:43:9e:e8:3a:6a:b1:6e:ad:8c:bc:e1:51:a0:b5:2c:
         54:00:96:af:25:25:25:bf:d8:4f:dc:28:d6:66:08:c4:0a:bd:
         80:48:05:2a:c4:07:c8:cc:4a:9c:84:b1:03:12:fc:64:7f:7c:
         93:0e:24:cd:8e:bd:6c:2d:77:8a:5d:78:00:b3:3e:d3:2b:00:
         a2:0e:a0:e3:1e:58:71:15:40:c5:71:f6:58:e7:f5:94:5a:6c:
         ee:75:2e:df:4c:76:57:a8:75:9b:bb:bc:a0:ce:d4:f0:e2:7e:
         33:6b:f3:93:12:f7:ba:30:63:37:39:0b:a3:01:17:36:ec:e6:
         dd:d7:3c:af:50:bd:00:5d:3e:f2:50:14:29:f7:b5:70:2e:3f:
         5f:64:6d:28:2e:b4:55:31:04:6e:ca:13:7e:a4:e7:cc:bd:5e:
         77:d8:7b:db:cc:41:e8:c9:cd:1a:5c:e3:f8:09:af:9f:96:2d:
         78:58:78:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+N+vQ/re3tMDBIza8jYyrQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNTE4MjMxMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzk5NjA2MTBjZjVmM2U4YzFlZDY2MDVmMTczYThiMTRjOTVmODZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KObrfRMuG2oj0Sjp54LpYvoUvcv
jw/vdwQzQXQnQlzhdch1OuVhdQCgNIku5VuiH16VQQmyjQ8qx/LhNX15NzzmGInc
27TXWZBcUrhvJv4wU9yDWkUotDMeHstsK2S2Vsl4Ti3xh/sBAQInoxkym1G6ADMu
WXmF3NBVZqKGZWNFWmBoJXQf+dcWO1+Q59+k0fv5XXz5FjyLQ/h0xwlD65UOv58B
ROXKig3mfZIkJVFq5HrIzft5pfoPeaw4JXF+WzwH4jHCqTm+wcCtnQBaEZwuttPm
WWF3BC8qtChrgdDmQ7zlHa6Fkl/KSrXrCPakIyIMrgnKNezbnSaIm2Tb1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDeZYGEM9fPowe1mBfFzqLFMlfhuMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTjVsZ1lRejE4LWpCN1dZRjhYT29zVXlWLUc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3k8MA0G
CSqGSIb3DQEBCwUAA4IBAQA3C1+H8av6XxF2iKN5daF1Zu6aDKzjjLUZVGDq2/ku
eEPhIiIM+4E3fp4nY/mOW+7ANsijZPU279uz/9d1ZcF6FkTEP6FhP5kCFldDnug6
arFurYy84VGgtSxUAJavJSUlv9hP3CjWZgjECr2ASAUqxAfIzEqchLEDEvxkf3yT
DiTNjr1sLXeKXXgAsz7TKwCiDqDjHlhxFUDFcfZY5/WUWmzudS7fTHZXqHWbu7yg
ztTw4n4za/OTEve6MGM3OQujARc27Obd1zyvUL0AXT7yUBQp97VwLj9fZG0oLrRV
MQRuyhN+pOfMvV532HvbzEHoyc0aXOP4Ca+fli14WHhu
-----END CERTIFICATE-----