Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/R6ety8yboLb3uPUz6YyW26HTDmw.roa
File:                     R6ety8yboLb3uPUz6YyW26HTDmw.roa (raw, json)
Hash identifier:          2jTAlo0tfZmTuPAAYqaOYDxHI6IJu1gPGmlkBqgares=
Subject key identifier:   47:A7:AD:CB:CC:9B:A0:B6:F7:B8:F5:33:E9:8C:96:DB:A1:D3:0E:6C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0192ADCEFFC2A17210DE5A98BDC972161427
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/R6ety8yboLb3uPUz6YyW26HTDmw.roa
Signing time:             Mon 21 Oct 2024 06:41:17 +0000
ROA not before:           Mon 21 Oct 2024 06:41:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151966
IP address blocks:        45.129.86.0/23 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ad:ce:ff:c2:a1:72:10:de:5a:98:bd:c9:72:16:14:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct 21 06:41:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47a7adcbcc9ba0b6f7b8f533e98c96dba1d30e6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:7b:6f:e9:57:dc:4f:64:88:b1:e9:d6:c2:68:
                    0e:14:12:9b:e4:f3:dc:22:2f:09:40:f9:02:cf:3f:
                    18:32:6f:63:bf:45:72:c5:8e:8b:d4:4d:bd:3b:84:
                    c0:23:d5:ae:29:9c:bc:ca:64:83:5a:5b:92:29:ed:
                    ee:cf:c4:ea:dc:8e:a7:e0:6c:d3:d0:ba:fb:60:54:
                    c3:ab:ae:f3:38:63:9e:bd:f5:f8:06:f5:29:d3:7b:
                    2f:9e:81:df:28:d1:7c:9c:c1:b6:13:2e:46:8b:d7:
                    d8:41:73:63:54:95:16:10:bf:b6:17:3b:b4:99:03:
                    45:25:c3:7b:cc:14:97:7a:91:47:39:50:e9:4c:f2:
                    f0:2d:5b:fb:ad:c7:0d:9f:1b:d9:b1:da:51:02:4d:
                    e7:aa:cb:b2:47:6d:34:1b:f7:67:38:46:05:d9:e2:
                    37:a0:96:3e:fd:20:a4:a1:5c:14:c7:12:0c:3e:20:
                    e4:27:b5:15:fb:e8:b5:ae:98:af:7b:02:09:37:2d:
                    f0:8f:8e:2d:c5:8d:c5:3d:4c:5e:75:f3:f7:04:10:
                    df:69:12:40:37:dc:1d:20:ed:8f:c7:4b:0e:b7:39:
                    4b:03:01:12:14:7d:6b:8e:4d:d2:8d:72:a5:87:6c:
                    45:c7:a2:c5:1b:4b:c7:27:08:a2:7c:02:9c:92:c4:
                    54:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:A7:AD:CB:CC:9B:A0:B6:F7:B8:F5:33:E9:8C:96:DB:A1:D3:0E:6C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/R6ety8yboLb3uPUz6YyW26HTDmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.86.0/23
                  185.252.176.0/24
                  193.35.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:06:29:c6:8e:d7:20:86:f5:2b:ae:f4:19:7a:fb:d8:72:e9:
         e5:5c:3a:01:60:ac:ee:1a:23:33:d2:96:72:4d:c6:c8:0f:51:
         d5:96:fc:ec:71:96:c3:9a:20:1a:01:ce:b9:52:89:16:9f:77:
         fb:cb:12:02:f3:09:f9:a8:3b:44:93:e5:4f:c0:47:74:20:5a:
         b2:68:5f:f8:33:75:9e:63:11:ea:c4:75:4b:52:5f:59:ac:75:
         5d:0a:15:89:04:dd:56:c7:c0:41:47:75:a2:f5:4b:93:10:af:
         b9:0d:14:2f:31:7d:db:59:e2:74:5b:20:63:b4:b0:3e:76:78:
         4a:d1:45:96:da:63:f4:5f:82:b9:f4:7b:da:86:7d:d8:8c:14:
         61:ba:f4:bd:d8:08:c9:fe:39:93:1c:60:91:f1:a3:5e:a4:1f:
         c9:46:62:8b:3e:78:90:bf:c1:b7:13:e0:6f:e7:b1:f0:65:d8:
         22:4d:0a:2e:18:5c:e2:1d:6d:ac:19:41:24:14:33:a3:82:84:
         aa:a7:59:7f:e1:dc:e8:e4:70:52:f9:6a:4e:e6:05:c9:35:13:
         cc:ba:4a:14:b7:90:c8:e4:10:c5:41:9f:a5:5a:02:12:2d:00:
         06:16:cf:df:9e:f3:6a:4a:5b:c4:b2:45:13:e1:b1:63:b7:6b:
         fc:3c:84:97
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZKtzv/CoXIQ3lqYvclyFhQnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMDIxMDY0MTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2E3YWRjYmNjOWJhMGI2ZjdiOGY1MzNlOThjOTZkYmExZDMwZTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnntv6VfcT2SIsenWwmgOFBKb5PPc
Ii8JQPkCzz8YMm9jv0VyxY6L1E29O4TAI9WuKZy8ymSDWluSKe3uz8Tq3I6n4GzT
0Lr7YFTDq67zOGOevfX4BvUp03svnoHfKNF8nMG2Ey5Gi9fYQXNjVJUWEL+2Fzu0
mQNFJcN7zBSXepFHOVDpTPLwLVv7rccNnxvZsdpRAk3nqsuyR200G/dnOEYF2eI3
oJY+/SCkoVwUxxIMPiDkJ7UV++i1rpivewIJNy3wj44txY3FPUxedfP3BBDfaRJA
N9wdIO2Px0sOtzlLAwESFH1rjk3SjXKlh2xFx6LFG0vHJwiifAKcksRUjQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEenrcvMm6C297j1M+mMltuh0w5sMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUjZldHk4eWJvTGIzdVBVejZZeVcyNkhURG13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLYFWAwQA
ufywAwQAwSMTMA0GCSqGSIb3DQEBCwUAA4IBAQCKBinGjtcghvUrrvQZevvYcunl
XDoBYKzuGiMz0pZyTcbID1HVlvzscZbDmiAaAc65UokWn3f7yxIC8wn5qDtEk+VP
wEd0IFqyaF/4M3WeYxHqxHVLUl9ZrHVdChWJBN1Wx8BBR3Wi9UuTEK+5DRQvMX3b
WeJ0WyBjtLA+dnhK0UWW2mP0X4K59Hvahn3YjBRhuvS92AjJ/jmTHGCR8aNepB/J
RmKLPniQv8G3E+Bv57HwZdgiTQouGFziHW2sGUEkFDOjgoSqp1l/4dzo5HBS+WpO
5gXJNRPMukoUt5DI5BDFQZ+lWgISLQAGFs/fnvNqSlvEskUT4bFjt2v8PISX
-----END CERTIFICATE-----