Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UwJ-j_OBl4ogFNb__i6OzxYyq9k.roa
File:                     UwJ-j_OBl4ogFNb__i6OzxYyq9k.roa (raw, json)
Hash identifier:          boC3kPqTwEH6RtxMh6u2Ckin7cqpvmmZXiCr/NkEbH8=
Subject key identifier:   53:02:7E:8F:F3:81:97:8A:20:14:D6:FF:FE:2E:8E:CF:16:32:AB:D9
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCD62F90A7D1186E1ED0C0CE2FCF8C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UwJ-j_OBl4ogFNb__i6OzxYyq9k.roa
Signing time:             Tue 02 Jan 2024 06:29:25 +0000
ROA not before:           Tue 02 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25224
IP address blocks:        87.120.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 06:47:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d6:2f:90:a7:d1:18:6e:1e:d0:c0:ce:2f:cf:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53027e8ff381978a2014d6fffe2e8ecf1632abd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:9d:c4:c3:c7:34:c5:c2:77:42:93:e3:f2:c0:
                    e3:c1:0d:54:25:23:56:b6:64:91:39:b8:25:5e:9f:
                    eb:4b:8f:aa:1b:f2:9a:d8:ca:6b:52:3e:d1:1f:ac:
                    37:1c:90:a4:35:f8:8f:10:32:9b:af:d2:ec:d7:e0:
                    6c:54:57:76:58:88:d1:01:e7:b0:5f:7a:5d:b5:ac:
                    a8:04:4b:f8:8f:9d:c6:80:f8:be:cb:ff:c7:fb:10:
                    ea:7d:1c:25:92:09:20:cf:43:ed:6c:9b:8d:f6:47:
                    a1:3b:eb:d3:a7:82:42:4b:5b:5e:79:5c:0a:56:13:
                    d4:79:21:b5:a1:58:cb:84:32:71:dc:54:4a:d3:6f:
                    47:d8:1a:73:eb:8a:af:fc:53:44:a6:88:6c:10:dd:
                    fa:b0:90:4f:c4:95:6a:e0:1c:f7:a3:28:d5:92:67:
                    62:1e:4e:33:e3:47:f9:99:0b:39:41:7f:70:8d:33:
                    f5:7b:e1:23:a8:ad:c8:ff:96:1b:31:8f:b4:fe:b3:
                    7c:ed:f4:53:a2:49:f9:5e:33:0a:12:a2:27:5a:c1:
                    8c:fd:c0:36:51:db:08:26:d9:38:2f:0e:76:c4:26:
                    92:2b:e6:1c:73:44:90:89:05:e9:f8:14:e3:66:c2:
                    b5:51:c3:e5:02:05:8f:7d:20:ae:81:56:d7:6d:1d:
                    14:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:02:7E:8F:F3:81:97:8A:20:14:D6:FF:FE:2E:8E:CF:16:32:AB:D9
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UwJ-j_OBl4ogFNb__i6OzxYyq9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:25:57:0d:d5:92:30:a7:1c:ad:a1:de:c3:2e:93:6f:78:32:
         01:4c:08:48:4b:19:a2:75:10:3a:65:2b:ad:e6:be:f6:a9:00:
         f9:2e:61:ac:71:d3:0b:b8:c8:d9:c8:f1:6c:71:53:4f:65:63:
         f2:47:1b:e9:57:8f:1f:3c:61:fd:ef:cf:da:1c:14:db:61:62:
         f1:06:91:40:41:7c:ad:1a:6b:24:a8:fc:c6:cf:a1:08:2a:f2:
         36:3f:46:1a:85:63:60:32:17:04:8e:37:4f:b1:b1:31:16:fd:
         75:50:75:0e:01:97:34:1d:22:65:03:22:13:cb:8d:9a:43:9d:
         88:00:10:98:cb:88:1d:f7:bd:86:ff:d8:38:80:2b:04:fb:87:
         b4:fc:c2:02:c4:9e:ef:84:e4:f7:8d:fe:5d:2a:ac:1c:22:af:
         3f:ef:52:4d:39:d4:c4:af:3c:18:fa:04:d2:c8:30:e9:ed:b4:
         e8:e5:fa:7d:b4:d7:ad:e0:0b:b3:d3:2c:5f:b3:3f:72:b1:f3:
         fb:43:e6:43:5d:cb:e5:db:d2:e0:64:3c:bd:fd:39:99:db:87:
         bc:90:c9:ee:aa:5a:47:a8:61:6c:71:c8:e4:7a:35:75:db:f4:
         2b:1d:8e:1d:ea:37:bc:04:47:ec:d4:ab:9b:c7:64:57:8d:3a:
         d5:43:f3:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3NYvkKfRGG4e0MDOL8+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzAyN2U4ZmYzODE5NzhhMjAxNGQ2ZmZmZTJlOGVjZjE2MzJhYmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJ3Ew8c0xcJ3QpPj8sDjwQ1UJSNW
tmSRObglXp/rS4+qG/Ka2MprUj7RH6w3HJCkNfiPEDKbr9Ls1+BsVFd2WIjRAeew
X3pdtayoBEv4j53GgPi+y//H+xDqfRwlkgkgz0PtbJuN9kehO+vTp4JCS1teeVwK
VhPUeSG1oVjLhDJx3FRK029H2Bpz64qv/FNEpohsEN36sJBPxJVq4Bz3oyjVkmdi
Hk4z40f5mQs5QX9wjTP1e+EjqK3I/5YbMY+0/rN87fRTokn5XjMKEqInWsGM/cA2
UdsIJtk4Lw52xCaSK+Ycc0SQiQXp+BTjZsK1UcPlAgWPfSCugVbXbR0UbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMCfo/zgZeKIBTW//4ujs8WMqvZMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVXdKLWpfT0JsNG9nRk5iX19pNk96eFl5cTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3gqMA0G
CSqGSIb3DQEBCwUAA4IBAQBlJVcN1ZIwpxytod7DLpNveDIBTAhISxmidRA6ZSut
5r72qQD5LmGscdMLuMjZyPFscVNPZWPyRxvpV48fPGH978/aHBTbYWLxBpFAQXyt
GmskqPzGz6EIKvI2P0YahWNgMhcEjjdPsbExFv11UHUOAZc0HSJlAyITy42aQ52I
ABCYy4gd972G/9g4gCsE+4e0/MICxJ7vhOT3jf5dKqwcIq8/71JNOdTErzwY+gTS
yDDp7bTo5fp9tNet4Auz0yxfsz9ysfP7Q+ZDXcvl29LgZDy9/TmZ24e8kMnuqlpH
qGFsccjkejV12/QrHY4d6je8BEfs1Kubx2RXjTrVQ/PF
-----END CERTIFICATE-----