Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OEevw8Uw83sVty-iFNu6miP6BTY.roa
File:                     OEevw8Uw83sVty-iFNu6miP6BTY.roa (raw, json)
Hash identifier:          /rAaDlspau6/emWq1HkHdy9G3HNhwG2Pq2jCBGBYDxs=
Subject key identifier:   38:47:AF:C3:C5:30:F3:7B:15:B7:2F:A2:14:DB:BA:9A:23:FA:05:36
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0193258457E3F7FB659EF33484F1A9EBB6EC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OEevw8Uw83sVty-iFNu6miP6BTY.roa
Signing time:             Wed 13 Nov 2024 12:34:10 +0000
ROA not before:           Wed 13 Nov 2024 12:34:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18101
IP address blocks:        193.58.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:25:84:57:e3:f7:fb:65:9e:f3:34:84:f1:a9:eb:b6:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov 13 12:34:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3847afc3c530f37b15b72fa214dbba9a23fa0536
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:db:05:ee:e4:a5:91:ba:a7:22:3c:ee:80:80:
                    39:58:c4:e3:f0:f4:1c:03:08:67:b1:41:57:25:aa:
                    c4:cd:88:eb:57:30:bc:66:63:08:8f:82:95:70:bb:
                    2e:36:d4:7b:0d:4b:f5:f0:39:ed:48:af:36:7e:40:
                    93:d0:85:37:e4:32:77:cb:25:69:9e:1d:6f:b2:cc:
                    26:5f:17:b8:07:9f:3c:63:10:2e:f5:a1:98:83:d0:
                    3a:28:a0:ca:cf:9c:4f:53:5f:c9:4d:74:21:65:9d:
                    67:80:b0:93:46:bb:fd:2b:fe:b7:c2:fa:b5:f3:c6:
                    c6:c0:ea:13:fb:5a:b6:78:f8:cd:23:79:f8:bf:43:
                    fd:f2:34:cd:f9:a9:d8:37:98:cd:a2:24:b4:0b:5b:
                    36:89:ee:f8:60:41:c5:df:a0:54:b0:88:f8:5e:b4:
                    63:ae:6b:7f:d0:d3:83:e9:6d:36:8b:8d:dd:d1:3f:
                    02:97:64:91:3c:b4:07:0b:9d:bb:34:0e:52:e0:94:
                    cc:f4:28:cf:81:f7:fc:f1:e5:a3:dd:ab:60:a5:5f:
                    f8:6c:ac:b3:5c:e4:51:65:68:42:e6:44:f2:90:03:
                    6a:ea:22:27:50:c2:59:e5:d4:97:07:0c:ba:9b:88:
                    f8:e9:9f:ae:28:53:0a:c2:dc:48:d5:78:39:d1:e6:
                    ca:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:47:AF:C3:C5:30:F3:7B:15:B7:2F:A2:14:DB:BA:9A:23:FA:05:36
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OEevw8Uw83sVty-iFNu6miP6BTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:17:dd:84:7e:d6:09:82:cb:05:f9:58:3e:27:c4:81:d3:67:
         c1:d2:4e:b9:6c:41:fc:ac:60:25:bf:1c:03:b1:83:9a:a4:59:
         fd:26:be:b0:c3:cd:89:6e:61:f8:66:06:60:f3:9d:b0:d7:89:
         a9:6a:fc:18:c1:d1:2a:31:ec:ac:b0:39:3c:56:9f:f2:b2:1e:
         aa:68:c7:93:f5:1e:c4:b1:12:88:22:d7:86:9a:01:31:a0:f5:
         65:57:ee:3e:21:29:c2:d4:39:1c:3a:8d:47:69:9e:9a:42:a4:
         83:c0:be:42:75:63:17:57:74:2f:9a:35:e8:04:10:ee:87:48:
         2a:21:77:9d:b7:47:ea:50:c0:bf:2f:33:c8:d0:a1:0c:04:63:
         f5:83:78:05:61:6e:f4:db:b7:3b:8b:00:8c:e3:42:0e:30:c1:
         e4:4e:25:cf:4d:d7:f2:75:e1:21:88:b2:cd:c0:cf:ba:93:be:
         1e:f1:ee:58:4e:0e:bd:76:b4:76:49:24:f8:0c:16:ec:e7:56:
         d2:b7:ea:57:eb:be:fe:0e:09:e8:ab:5b:1f:45:7a:21:63:dd:
         85:14:d7:17:ad:da:38:54:14:80:96:a5:f8:3f:8b:f0:a2:8c:
         84:a9:6c:f1:7b:10:39:be:f4:3a:c1:cb:98:77:aa:89:ef:86:
         bd:9d:51:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMlhFfj9/tlnvM0hPGp67bsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMTEzMTIzNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODQ3YWZjM2M1MzBmMzdiMTViNzJmYTIxNGRiYmE5YTIzZmEwNTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdsF7uSlkbqnIjzugIA5WMTj8PQc
AwhnsUFXJarEzYjrVzC8ZmMIj4KVcLsuNtR7DUv18DntSK82fkCT0IU35DJ3yyVp
nh1vsswmXxe4B588YxAu9aGYg9A6KKDKz5xPU1/JTXQhZZ1ngLCTRrv9K/63wvq1
88bGwOoT+1q2ePjNI3n4v0P98jTN+anYN5jNoiS0C1s2ie74YEHF36BUsIj4XrRj
rmt/0NOD6W02i43d0T8Cl2SRPLQHC527NA5S4JTM9CjPgff88eWj3atgpV/4bKyz
XORRZWhC5kTykANq6iInUMJZ5dSXBwy6m4j46Z+uKFMKwtxI1Xg50ebKRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhHr8PFMPN7FbcvohTbupoj+gU2MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvT0Vldnc4VXc4M3NWdHktaUZOdTZtaVA2QlRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTp7MA0G
CSqGSIb3DQEBCwUAA4IBAQCtF92EftYJgssF+Vg+J8SB02fB0k65bEH8rGAlvxwD
sYOapFn9Jr6ww82JbmH4ZgZg852w14mpavwYwdEqMeyssDk8Vp/ysh6qaMeT9R7E
sRKIIteGmgExoPVlV+4+ISnC1DkcOo1HaZ6aQqSDwL5CdWMXV3QvmjXoBBDuh0gq
IXedt0fqUMC/LzPI0KEMBGP1g3gFYW7027c7iwCM40IOMMHkTiXPTdfydeEhiLLN
wM+6k74e8e5YTg69drR2SST4DBbs51bSt+pX677+Dgnoq1sfRXohY92FFNcXrdo4
VBSAlqX4P4vwooyEqWzxexA5vvQ6wcuYd6qJ74a9nVG9
-----END CERTIFICATE-----