Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/SIc9NRtKtop1lfs-XTPRr62mGtQ.roa
File:                     SIc9NRtKtop1lfs-XTPRr62mGtQ.roa (raw, json)
Hash identifier:          qHReC1KBvLjQLtSwyAVpwKBjB0iE79hJG0dnWWBgj+M=
Subject key identifier:   48:87:3D:35:1B:4A:B6:8A:75:95:FB:3E:5D:33:D1:AF:AD:A6:1A:D4
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01922422718F82E95594E9913918BE7D46BA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/SIc9NRtKtop1lfs-XTPRr62mGtQ.roa
Signing time:             Tue 24 Sep 2024 13:04:49 +0000
ROA not before:           Tue 24 Sep 2024 13:04:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61254
IP address blocks:        87.121.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:24:22:71:8f:82:e9:55:94:e9:91:39:18:be:7d:46:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep 24 13:04:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48873d351b4ab68a7595fb3e5d33d1afada61ad4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:45:72:6c:ee:fd:01:f6:57:00:ea:8d:3d:ca:
                    be:e9:f8:29:f8:ea:b3:76:6f:9f:6c:84:63:45:bb:
                    ba:57:60:5c:93:85:fc:7e:3c:b2:30:2b:fd:bd:86:
                    54:43:b3:d6:02:7b:2e:df:ce:34:6c:ba:09:95:b3:
                    47:f0:de:e8:e5:1f:43:34:22:f5:fd:17:05:08:3c:
                    54:0d:65:9d:9a:78:15:57:42:ba:3b:36:c0:17:bb:
                    10:63:ab:a0:84:9e:fe:ac:3c:a0:ed:b8:aa:f7:d3:
                    72:63:e1:9b:91:f4:cb:67:1c:c1:10:15:23:f9:37:
                    41:67:e3:23:4b:ec:16:fe:9f:f6:c3:2c:9e:1c:29:
                    8e:7f:80:b6:b8:ed:77:b7:72:16:20:bc:6e:b0:9a:
                    00:a5:56:02:4d:10:7a:28:9c:36:f8:cc:82:17:0e:
                    fc:58:e6:00:b8:24:c5:ef:72:79:a5:af:a4:a9:5b:
                    cb:3a:3f:e8:86:81:44:7e:1b:74:e4:ea:89:fa:39:
                    98:1c:77:a1:bf:be:2d:05:dc:58:33:14:cf:be:81:
                    67:71:2e:5a:4a:84:b6:37:6a:fd:37:70:8a:74:29:
                    1c:60:0d:5f:62:bc:df:ca:74:58:a4:31:4e:4b:6a:
                    18:d9:a4:9c:73:ab:db:1a:6a:6d:1e:f6:33:bc:8c:
                    ee:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:87:3D:35:1B:4A:B6:8A:75:95:FB:3E:5D:33:D1:AF:AD:A6:1A:D4
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/SIc9NRtKtop1lfs-XTPRr62mGtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:15:66:ed:33:ed:82:9c:47:b9:02:79:8b:55:c4:45:14:f8:
         d7:62:a4:45:65:9d:3d:f7:96:93:a6:6f:ec:22:8f:00:a5:14:
         36:54:c0:88:16:f3:aa:8e:20:c4:d6:10:92:22:e9:da:41:28:
         d4:fe:2c:e9:74:2d:31:53:58:46:ce:25:6f:72:0d:da:f7:06:
         3d:ae:6a:5c:25:42:18:c0:af:bc:04:21:83:e7:92:04:45:03:
         04:33:44:d2:c1:ae:90:14:4d:0f:67:44:9c:79:ef:c8:4c:f7:
         8d:a2:92:9f:3a:83:27:8e:a1:36:11:50:cf:19:fe:dc:c9:a3:
         c3:4b:a2:6c:91:28:0b:e8:f7:e3:e2:99:fd:e9:4b:41:11:e3:
         57:d1:bf:10:79:f2:4d:8f:71:1e:8e:6b:3d:73:54:a8:7d:69:
         41:31:34:a9:32:cf:8c:c4:ff:df:08:fb:0f:ea:cb:3c:71:5b:
         fd:6f:ae:57:36:07:ff:5a:fa:ff:b4:8f:68:69:b4:ba:a8:02:
         17:62:a7:e1:07:4b:9c:27:ed:11:7b:24:88:a3:5a:26:3b:0a:
         46:30:c1:9d:88:36:44:e7:e2:ec:55:2c:5c:e7:2d:b1:11:9b:
         14:4a:9e:f8:46:92:84:2c:4c:2a:2e:f3:ae:cd:59:5a:72:8e:
         a5:69:2f:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIkInGPgulVlOmRORi+fUa6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwOTI0MTMwNDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODg3M2QzNTFiNGFiNjhhNzU5NWZiM2U1ZDMzZDFhZmFkYTYxYWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEVybO79AfZXAOqNPcq+6fgp+Oqz
dm+fbIRjRbu6V2Bck4X8fjyyMCv9vYZUQ7PWAnsu3840bLoJlbNH8N7o5R9DNCL1
/RcFCDxUDWWdmngVV0K6OzbAF7sQY6ughJ7+rDyg7biq99NyY+GbkfTLZxzBEBUj
+TdBZ+MjS+wW/p/2wyyeHCmOf4C2uO13t3IWILxusJoApVYCTRB6KJw2+MyCFw78
WOYAuCTF73J5pa+kqVvLOj/ohoFEfht05OqJ+jmYHHehv74tBdxYMxTPvoFncS5a
SoS2N2r9N3CKdCkcYA1fYrzfynRYpDFOS2oY2aScc6vbGmptHvYzvIzujwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEiHPTUbSraKdZX7Pl0z0a+tphrUMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvU0ljOU5SdEt0b3AxbGZzLVhUUFJyNjJtR3RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3ndMA0G
CSqGSIb3DQEBCwUAA4IBAQAJFWbtM+2CnEe5AnmLVcRFFPjXYqRFZZ0995aTpm/s
Io8ApRQ2VMCIFvOqjiDE1hCSIunaQSjU/izpdC0xU1hGziVvcg3a9wY9rmpcJUIY
wK+8BCGD55IERQMEM0TSwa6QFE0PZ0Scee/ITPeNopKfOoMnjqE2EVDPGf7cyaPD
S6JskSgL6Pfj4pn96UtBEeNX0b8QefJNj3Eejms9c1SofWlBMTSpMs+MxP/fCPsP
6ss8cVv9b65XNgf/Wvr/tI9oabS6qAIXYqfhB0ucJ+0ReySIo1omOwpGMMGdiDZE
5+LsVSxc5y2xEZsUSp74RpKELEwqLvOuzVlaco6laS+w
-----END CERTIFICATE-----