Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TDstamouG-t5iEDnAX_uzD_4ivg.roa
File:                     TDstamouG-t5iEDnAX_uzD_4ivg.roa (raw, json)
Hash identifier:          sJ1fKjmVDk1jAk34hu6ACsd+TBo4jOQhRrrCXAMcj7g=
Subject key identifier:   4C:3B:2D:6A:6A:2E:1B:EB:79:88:40:E7:01:7F:EE:CC:3F:F8:8A:F8
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D26BC4FFF35CCA1940396A769B54EA680
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TDstamouG-t5iEDnAX_uzD_4ivg.roa
Signing time:             Sat 20 Jan 2024 11:58:11 +0000
ROA not before:           Sat 20 Jan 2024 11:58:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18796
IP address blocks:        45.144.155.0/24 maxlen: 24
                          93.123.16.0/24 maxlen: 24
                          93.123.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:26:bc:4f:ff:35:cc:a1:94:03:96:a7:69:b5:4e:a6:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 20 11:58:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c3b2d6a6a2e1beb798840e7017feecc3ff88af8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ea:9c:6b:8e:3a:10:68:83:74:75:ec:c3:db:
                    82:0f:04:e5:1b:47:97:f6:28:ba:71:ff:f4:7e:92:
                    5b:5a:21:de:20:5b:87:db:f7:75:6d:47:b7:2f:4b:
                    1a:20:0a:bf:d0:ed:24:4f:f3:f9:29:92:60:04:51:
                    73:92:0a:a2:99:c8:90:c3:1c:eb:cc:c7:5b:33:9a:
                    97:8b:73:e5:f5:9d:ba:43:f7:10:dd:78:a8:4e:df:
                    aa:c9:22:2c:55:d3:c1:a2:43:21:71:0b:6b:c4:97:
                    bf:8b:79:72:11:f0:7b:85:b3:0f:0a:fc:85:1b:88:
                    7f:42:d9:85:f8:66:84:29:9e:11:14:28:08:4d:50:
                    3a:6b:57:25:41:6f:4b:0b:a9:58:fa:e4:8c:6d:0d:
                    33:d6:9f:01:74:66:6c:06:1b:bf:66:92:16:36:1e:
                    18:26:d9:7b:e2:95:05:1d:44:1b:6e:64:6a:60:35:
                    06:4f:22:80:06:f0:52:db:79:62:26:fc:1d:02:d7:
                    c5:45:27:a1:e9:c8:3a:b0:6f:4e:af:2a:d5:cd:83:
                    89:60:9c:1e:10:a1:ba:3a:fa:d5:e1:01:fc:f1:06:
                    5c:1c:15:c2:2e:6d:19:50:98:f2:15:2b:82:56:11:
                    5d:52:75:c1:ef:a7:c8:80:de:8f:22:59:44:de:12:
                    b6:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:3B:2D:6A:6A:2E:1B:EB:79:88:40:E7:01:7F:EE:CC:3F:F8:8A:F8
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TDstamouG-t5iEDnAX_uzD_4ivg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.155.0/24
                  93.123.16.0/24
                  93.123.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:f1:df:94:23:88:be:32:85:4e:d2:34:f1:ee:76:e3:90:38:
         35:fd:d5:18:a5:bb:29:e7:3a:b8:c0:87:67:d0:b2:f9:f9:58:
         ed:91:60:e4:cb:38:61:30:08:3f:c2:29:cb:b6:14:fc:a5:30:
         5c:1e:5a:ae:ba:64:83:fa:3c:c9:9e:3d:67:e4:0f:36:34:b4:
         7a:14:1a:ea:84:21:4a:20:80:b7:73:10:7d:04:cb:91:ec:84:
         b8:92:37:f4:3a:cb:7d:2a:69:dd:12:ac:9c:97:36:e5:96:cb:
         d9:92:9b:3f:a1:0d:bf:86:32:87:6b:18:a1:32:86:2f:2e:c0:
         01:2d:69:8c:6e:a4:1a:94:f3:7a:0c:92:7a:4b:ab:47:b6:7d:
         74:2f:cd:65:0e:51:ed:87:d6:a6:f5:95:45:4c:df:c4:ee:a1:
         84:f0:de:d0:03:d7:1d:94:ab:83:4a:ee:1b:f8:ae:ea:90:b7:
         fa:0e:7b:7f:61:5b:b4:1a:26:74:c3:81:c3:5b:de:10:78:78:
         dd:06:61:18:2c:42:e2:f5:c7:42:3b:18:d1:aa:92:30:3d:31:
         c0:ad:34:63:7a:5e:d0:b8:ac:00:0a:3a:5c:8e:f8:b3:94:97:
         99:2f:78:71:4b:2b:ec:e8:f0:cf:0d:be:c3:fe:b0:08:b9:03:
         49:66:68:c8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY0mvE//NcyhlAOWp2m1TqaAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTIwMTE1ODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzNiMmQ2YTZhMmUxYmViNzk4ODQwZTcwMTdmZWVjYzNmZjg4YWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveqca446EGiDdHXsw9uCDwTlG0eX
9ii6cf/0fpJbWiHeIFuH2/d1bUe3L0saIAq/0O0kT/P5KZJgBFFzkgqimciQwxzr
zMdbM5qXi3Pl9Z26Q/cQ3XioTt+qySIsVdPBokMhcQtrxJe/i3lyEfB7hbMPCvyF
G4h/QtmF+GaEKZ4RFCgITVA6a1clQW9LC6lY+uSMbQ0z1p8BdGZsBhu/ZpIWNh4Y
Jtl74pUFHUQbbmRqYDUGTyKABvBS23liJvwdAtfFRSeh6cg6sG9OryrVzYOJYJwe
EKG6OvrV4QH88QZcHBXCLm0ZUJjyFSuCVhFdUnXB76fIgN6PIllE3hK2AQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEw7LWpqLhvreYhA5wF/7sw/+Ir4MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVERzdGFtb3VHLXQ1aUVEbkFYX3V6RF80aXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALZCbAwQA
XXsQAwQAXXsWMA0GCSqGSIb3DQEBCwUAA4IBAQB58d+UI4i+MoVO0jTx7nbjkDg1
/dUYpbsp5zq4wIdn0LL5+VjtkWDkyzhhMAg/winLthT8pTBcHlquumSD+jzJnj1n
5A82NLR6FBrqhCFKIIC3cxB9BMuR7IS4kjf0Ost9KmndEqyclzbllsvZkps/oQ2/
hjKHaxihMoYvLsABLWmMbqQalPN6DJJ6S6tHtn10L81lDlHth9am9ZVFTN/E7qGE
8N7QA9cdlKuDSu4b+K7qkLf6Dnt/YVu0GiZ0w4HDW94QeHjdBmEYLELi9cdCOxjR
qpIwPTHArTRjel7QuKwACjpcjvizlJeZL3hxSyvs6PDPDb7D/rAIuQNJZmjI
-----END CERTIFICATE-----