Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/RaSoLFZGyUZyZiTydxFGNzTYFDM.roa
File:                     RaSoLFZGyUZyZiTydxFGNzTYFDM.roa (raw, json)
Hash identifier:          9nROLVJWNHwA+3HM5QBJNC981opidV0yAHMyGtYQULI=
Subject key identifier:   45:A4:A8:2C:56:46:C9:46:72:66:24:F2:77:11:46:37:34:D8:14:33
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCD7CB7E84A2E83C177D7B10177B47
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/RaSoLFZGyUZyZiTydxFGNzTYFDM.roa
Signing time:             Tue 02 Jan 2024 06:29:25 +0000
ROA not before:           Tue 02 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26548
IP address blocks:        91.92.195.0/24 maxlen: 24
                          87.121.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d7:cb:7e:84:a2:e8:3c:17:7d:7b:10:17:7b:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45a4a82c5646c946726624f27711463734d81433
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:f4:be:ea:46:fb:e7:d4:a5:82:f3:d7:9a:56:
                    48:cf:ae:29:bd:41:84:a6:a0:91:10:76:1d:60:ac:
                    f3:c1:b4:c9:5c:89:b7:e5:ca:c2:d3:74:5d:9a:87:
                    ee:d4:56:a6:2c:b5:f3:76:5b:73:e4:1b:dc:3a:f5:
                    b0:2d:44:49:21:da:09:fc:a5:82:1b:75:7e:37:56:
                    3c:bf:d7:82:c1:39:9b:c0:32:7e:ba:55:99:22:0f:
                    0c:29:79:1f:ec:f9:1e:45:66:6a:c6:ea:9c:8b:1f:
                    c7:a9:93:c0:01:c4:a2:e8:ea:93:c7:c3:17:b1:d9:
                    01:a9:9a:9f:bf:cc:4e:5d:fd:d0:17:1b:34:e2:58:
                    89:a1:7b:9e:48:c2:02:df:02:34:35:1f:c8:a9:d0:
                    24:eb:56:b1:4e:f2:ef:6c:56:ed:ca:6b:a7:07:e2:
                    b3:41:92:b1:57:40:b1:86:b9:51:87:ce:e4:47:86:
                    e9:16:6b:21:7a:14:75:42:58:7f:15:7a:e5:19:88:
                    66:11:d5:a4:01:5f:9b:99:58:9e:63:6a:bb:0f:85:
                    c5:37:5c:eb:de:b6:fa:9d:2c:0d:48:ee:cb:74:48:
                    9b:b5:db:31:07:57:54:19:0d:0f:ee:1f:de:bf:02:
                    b4:40:6a:ad:76:06:2b:fc:79:65:62:bc:be:71:a7:
                    23:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:A4:A8:2C:56:46:C9:46:72:66:24:F2:77:11:46:37:34:D8:14:33
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/RaSoLFZGyUZyZiTydxFGNzTYFDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.222.0/24
                  91.92.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:af:67:e6:fa:65:1b:23:6c:a5:ac:7c:62:f6:38:a9:a8:20:
         53:6f:d9:22:6f:08:f0:8e:fe:f7:fd:e1:c0:fc:ac:59:96:0c:
         94:dd:3c:5d:be:d6:f5:13:15:2e:b6:ff:39:e9:e9:ef:75:2c:
         83:6e:2e:62:e9:5e:d2:db:47:c9:59:8c:12:8d:2e:3e:19:f9:
         b3:5c:2f:a0:d1:a6:0b:12:1e:84:2b:29:da:95:ce:88:6c:d9:
         af:63:4e:02:28:9a:fc:5e:19:32:81:d7:0a:71:0d:4f:0b:13:
         7b:31:c0:fc:89:ee:1e:d7:95:10:28:dc:19:d5:4b:76:ba:d1:
         1b:eb:52:87:66:66:36:2e:dc:76:1a:af:e1:b2:dc:12:17:82:
         ef:b0:c3:4d:ab:f3:40:d7:5f:94:a9:38:a9:9b:fd:ee:90:af:
         49:11:96:c7:0a:3a:e6:02:0d:f1:64:f6:18:6b:b7:6d:85:fb:
         e9:e1:df:6a:76:24:6b:db:78:88:60:7a:00:c8:69:81:60:55:
         2a:0c:a7:0a:c7:8a:e3:7b:8b:23:49:26:8b:41:88:b2:80:35:
         ac:ee:c0:78:1b:f8:91:d9:6e:6a:f7:61:75:71:0b:03:12:ff:
         8f:a1:e7:48:cf:50:2a:7d:78:d9:8d:55:d9:6f:19:88:79:65:
         b2:a4:b6:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3NfLfoSi6DwXfXsQF3tHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWE0YTgyYzU2NDZjOTQ2NzI2NjI0ZjI3NzExNDYzNzM0ZDgxNDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/S+6kb759SlgvPXmlZIz64pvUGE
pqCREHYdYKzzwbTJXIm35crC03Rdmofu1FamLLXzdltz5BvcOvWwLURJIdoJ/KWC
G3V+N1Y8v9eCwTmbwDJ+ulWZIg8MKXkf7PkeRWZqxuqcix/HqZPAAcSi6OqTx8MX
sdkBqZqfv8xOXf3QFxs04liJoXueSMIC3wI0NR/IqdAk61axTvLvbFbtymunB+Kz
QZKxV0CxhrlRh87kR4bpFmshehR1Qlh/FXrlGYhmEdWkAV+bmVieY2q7D4XFN1zr
3rb6nSwNSO7LdEibtdsxB1dUGQ0P7h/evwK0QGqtdgYr/HllYry+cacj5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEWkqCxWRslGcmYk8ncRRjc02BQzMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUmFTb0xGWkd5VVp5WmlUeWR4RkdOelRZRkRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV3neAwQA
W1zDMA0GCSqGSIb3DQEBCwUAA4IBAQCEr2fm+mUbI2ylrHxi9jipqCBTb9kibwjw
jv73/eHA/KxZlgyU3Txdvtb1ExUutv856envdSyDbi5i6V7S20fJWYwSjS4+Gfmz
XC+g0aYLEh6EKynalc6IbNmvY04CKJr8XhkygdcKcQ1PCxN7McD8ie4e15UQKNwZ
1Ut2utEb61KHZmY2Ltx2Gq/hstwSF4LvsMNNq/NA11+UqTipm/3ukK9JEZbHCjrm
Ag3xZPYYa7dthfvp4d9qdiRr23iIYHoAyGmBYFUqDKcKx4rje4sjSSaLQYiygDWs
7sB4G/iR2W5q92F1cQsDEv+PoedIz1AqfXjZjVXZbxmIeWWypLYv
-----END CERTIFICATE-----