Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TlcxGCrWfK7A6-avzoDe7eo6neE.roa
File:                     TlcxGCrWfK7A6-avzoDe7eo6neE.roa (raw, json)
Hash identifier:          TLDv/BlNWqydqX33mBegygcji4oaREi8zHqEOK97bCg=
Subject key identifier:   4E:57:31:18:2A:D6:7C:AE:C0:EB:E6:AF:CE:80:DE:ED:EA:3A:9D:E1
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01930C5C64DDFA38D16568C0B59A6504A624
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TlcxGCrWfK7A6-avzoDe7eo6neE.roa
Signing time:             Fri 08 Nov 2024 15:20:01 +0000
ROA not before:           Fri 08 Nov 2024 15:20:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395793
IP address blocks:        87.121.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0c:5c:64:dd:fa:38:d1:65:68:c0:b5:9a:65:04:a6:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov  8 15:20:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e5731182ad67caec0ebe6afce80deedea3a9de1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6a:26:c0:a4:1f:84:61:98:91:24:ad:48:b2:
                    c0:f6:4e:45:be:b9:82:24:1e:46:c2:10:bf:c8:9d:
                    ca:84:09:8f:d0:28:f4:2c:39:c2:e8:ec:a9:3c:27:
                    02:ec:40:9e:5a:af:78:b4:6d:96:ee:7a:7c:ab:1c:
                    8c:07:97:14:9c:c1:55:02:79:a1:68:41:f7:73:bb:
                    c4:cb:8f:fe:60:3d:f6:4e:e4:76:a8:82:ab:e9:4e:
                    7d:e3:62:33:cf:1e:a2:f1:9b:27:35:12:58:55:18:
                    09:a3:5f:24:b3:99:58:42:4f:aa:6d:22:e3:bb:02:
                    a6:06:88:09:59:5d:94:3e:ec:8d:9a:ba:8b:c6:bb:
                    72:54:18:5c:d2:1d:d8:f8:da:1b:39:85:1e:90:4a:
                    a6:89:76:d0:cf:5b:8e:01:70:cf:9e:d9:14:85:97:
                    27:c0:49:60:dc:64:db:8b:91:8a:92:0b:4c:c9:3e:
                    53:43:b9:7c:34:c2:ce:8a:8e:09:08:2c:e7:9b:83:
                    39:63:07:5a:c8:ed:e6:c3:5f:46:06:bf:97:68:01:
                    a5:5b:d6:89:aa:0d:c6:2c:f2:74:7c:29:3a:43:60:
                    25:21:87:72:ef:3f:8a:29:c3:ef:d4:dc:b2:c0:68:
                    e4:85:6d:3c:86:94:90:6a:ad:1f:93:9e:cf:a1:d8:
                    c5:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:57:31:18:2A:D6:7C:AE:C0:EB:E6:AF:CE:80:DE:ED:EA:3A:9D:E1
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TlcxGCrWfK7A6-avzoDe7eo6neE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:99:f2:0d:86:7b:ad:b0:b9:a4:04:53:81:19:94:9b:05:ae:
         a9:cd:63:9b:58:b8:13:dc:b1:9c:ae:af:d9:be:35:c1:c5:89:
         65:56:a2:d2:d5:70:9d:55:e3:a3:bd:82:95:cb:00:3b:cb:9c:
         48:ce:a3:66:2c:33:d8:1a:69:d5:07:01:7c:c0:b3:eb:09:52:
         89:89:f2:21:17:f7:c7:0f:72:08:fe:86:0b:86:5e:3d:5c:9a:
         fd:12:1e:3e:88:0d:23:7c:73:c5:a7:d4:bd:4e:1f:7b:05:77:
         58:d2:f8:f3:cb:55:e4:e8:80:3b:79:84:df:83:66:be:5e:9d:
         ed:cf:af:fc:cd:92:7c:56:17:0d:22:aa:20:12:11:8b:24:8b:
         55:78:fc:f8:bb:81:32:de:3f:78:6e:74:f6:38:b0:30:2b:d6:
         af:82:75:61:29:c9:b4:a9:61:19:b2:32:3d:81:8f:d8:d5:85:
         2e:b0:63:a4:33:8e:14:52:aa:a0:2a:31:5e:a2:26:25:f0:98:
         71:4d:28:88:3a:31:b7:e2:9c:94:81:29:e9:91:cb:46:7b:d1:
         24:c6:cc:07:a6:01:a2:10:44:ab:01:ef:36:e1:2a:3b:01:4c:
         d2:14:ac:be:5a:71:9a:6a:11:1d:62:6a:08:73:2d:44:d2:89:
         e3:7b:4e:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMMXGTd+jjRZWjAtZplBKYkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMTA4MTUyMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTU3MzExODJhZDY3Y2FlYzBlYmU2YWZjZTgwZGVlZGVhM2E5ZGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWomwKQfhGGYkSStSLLA9k5FvrmC
JB5GwhC/yJ3KhAmP0Cj0LDnC6OypPCcC7ECeWq94tG2W7np8qxyMB5cUnMFVAnmh
aEH3c7vEy4/+YD32TuR2qIKr6U5942Izzx6i8ZsnNRJYVRgJo18ks5lYQk+qbSLj
uwKmBogJWV2UPuyNmrqLxrtyVBhc0h3Y+NobOYUekEqmiXbQz1uOAXDPntkUhZcn
wElg3GTbi5GKkgtMyT5TQ7l8NMLOio4JCCznm4M5YwdayO3mw19GBr+XaAGlW9aJ
qg3GLPJ0fCk6Q2AlIYdy7z+KKcPv1NyywGjkhW08hpSQaq0fk57PodjFHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5XMRgq1nyuwOvmr86A3u3qOp3hMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVGxjeEdDcldmSzdBNi1hdnpvRGU3ZW82bmVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3mlMA0G
CSqGSIb3DQEBCwUAA4IBAQBTmfINhnutsLmkBFOBGZSbBa6pzWObWLgT3LGcrq/Z
vjXBxYllVqLS1XCdVeOjvYKVywA7y5xIzqNmLDPYGmnVBwF8wLPrCVKJifIhF/fH
D3II/oYLhl49XJr9Eh4+iA0jfHPFp9S9Th97BXdY0vjzy1Xk6IA7eYTfg2a+Xp3t
z6/8zZJ8VhcNIqogEhGLJItVePz4u4Ey3j94bnT2OLAwK9avgnVhKcm0qWEZsjI9
gY/Y1YUusGOkM44UUqqgKjFeoiYl8JhxTSiIOjG34pyUgSnpkctGe9EkxswHpgGi
EESrAe824So7AUzSFKy+WnGaahEdYmoIcy1E0onje05a
-----END CERTIFICATE-----