Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Vys5DyhQctBwMIMRF5_f0bnGwBM.roa
File:                     Vys5DyhQctBwMIMRF5_f0bnGwBM.roa (raw, json)
Hash identifier:          QNSRXZrws+0rvvSCtInpWPs4uTHvFn6cys/g//W9Vgs=
Subject key identifier:   57:2B:39:0F:28:50:72:D0:70:30:83:11:17:9F:DF:D1:B9:C6:C0:13
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCE31507C47D1A572FC18CB82A405B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Vys5DyhQctBwMIMRF5_f0bnGwBM.roa
Signing time:             Tue 02 Jan 2024 06:29:28 +0000
ROA not before:           Tue 02 Jan 2024 06:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44564
IP address blocks:        87.121.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:e3:15:07:c4:7d:1a:57:2f:c1:8c:b8:2a:40:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=572b390f285072d070308311179fdfd1b9c6c013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d2:e0:e1:98:06:97:7b:f6:e6:69:3e:30:b0:
                    ee:9f:74:11:46:94:e3:95:b9:91:0f:37:0d:43:f7:
                    4d:38:a5:0b:50:07:5a:cb:b3:65:ef:5d:7a:5d:9b:
                    cd:38:e2:4f:f1:7e:a6:6e:9a:aa:14:cd:05:3a:8c:
                    67:e7:59:fe:98:0e:9f:fa:72:1b:71:f0:05:b6:23:
                    c7:b7:f5:2a:7f:5f:c9:8e:91:60:34:fa:28:77:64:
                    67:be:b9:f0:9e:47:9f:27:c9:9e:9a:0a:23:3c:5c:
                    4f:34:d7:cf:f7:7f:5c:09:a2:99:f0:99:2c:ba:d3:
                    62:e6:6c:59:ab:12:ee:8a:8f:e7:b3:a2:8e:55:39:
                    d2:57:30:54:32:3c:38:f0:f2:85:50:cb:1a:d4:53:
                    9a:8d:fc:e7:8f:a0:7e:6d:0a:72:53:48:72:81:83:
                    e8:37:8e:27:23:d7:e2:91:f6:62:2e:e8:65:76:ca:
                    a5:b9:d2:28:58:f3:96:ee:a0:69:bb:48:55:22:77:
                    a9:3b:26:60:2e:81:c3:45:28:c3:e3:00:23:f2:94:
                    e8:93:02:e8:cc:3a:68:c7:1f:37:93:99:cf:ac:4b:
                    a0:71:10:c7:43:fa:23:0a:68:d0:85:96:7d:7b:4c:
                    ec:bb:fa:8d:cb:96:de:39:09:89:9b:ef:3b:a5:45:
                    52:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:2B:39:0F:28:50:72:D0:70:30:83:11:17:9F:DF:D1:B9:C6:C0:13
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Vys5DyhQctBwMIMRF5_f0bnGwBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:0f:19:92:f7:0f:32:c6:03:da:dd:2d:fc:11:21:49:44:a6:
         73:5a:bf:0a:be:7c:60:64:de:5b:f2:c0:b4:82:81:59:18:ee:
         f0:72:9f:b6:c0:41:d4:1a:ad:95:91:28:fd:4a:cc:94:31:ff:
         64:a3:65:0b:17:95:b8:3c:a8:f1:63:f8:40:ab:6e:de:a7:cb:
         02:e5:d5:2f:b1:f5:bf:c0:7c:33:4b:74:64:31:47:1c:4f:6d:
         a6:1f:f1:b7:d5:c6:28:7d:99:d3:8f:8b:70:90:29:49:4e:71:
         71:32:dc:6f:d6:d2:95:73:24:21:48:a6:be:f0:74:d2:88:8e:
         0a:b9:a5:66:25:f4:9d:78:fd:70:33:27:53:ca:b5:69:cc:4a:
         02:4c:62:99:98:d1:f6:31:6a:1f:89:64:26:e4:d8:f1:16:90:
         c4:1f:a2:e1:30:f9:12:ef:c7:da:18:b2:ed:64:98:59:85:0c:
         2e:a6:90:59:b5:19:93:85:f5:a8:71:4b:f5:49:9c:4f:be:72:
         a2:ab:f8:04:01:0d:b4:55:1f:5a:ee:7b:c6:ee:b6:c0:2d:20:
         a2:04:aa:39:79:b0:2c:52:c7:f7:ce:9e:16:b0:4d:e7:40:d9:
         58:65:44:42:01:4c:23:f4:96:23:6f:d5:d3:71:38:73:8f:a5:
         af:b8:be:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3OMVB8R9GlcvwYy4KkBbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzJiMzkwZjI4NTA3MmQwNzAzMDgzMTExNzlmZGZkMWI5YzZjMDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtLg4ZgGl3v25mk+MLDun3QRRpTj
lbmRDzcNQ/dNOKULUAday7Nl7116XZvNOOJP8X6mbpqqFM0FOoxn51n+mA6f+nIb
cfAFtiPHt/Uqf1/JjpFgNPood2RnvrnwnkefJ8memgojPFxPNNfP939cCaKZ8Jks
utNi5mxZqxLuio/ns6KOVTnSVzBUMjw48PKFUMsa1FOajfznj6B+bQpyU0hygYPo
N44nI9fikfZiLuhldsqludIoWPOW7qBpu0hVInepOyZgLoHDRSjD4wAj8pTokwLo
zDpoxx83k5nPrEugcRDHQ/ojCmjQhZZ9e0zsu/qNy5beOQmJm+87pUVSWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFcrOQ8oUHLQcDCDERef39G5xsATMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVnlzNUR5aFFjdEJ3TUlNUkY1X2YwYm5Hd0JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3mgMA0G
CSqGSIb3DQEBCwUAA4IBAQAJDxmS9w8yxgPa3S38ESFJRKZzWr8KvnxgZN5b8sC0
goFZGO7wcp+2wEHUGq2VkSj9SsyUMf9ko2ULF5W4PKjxY/hAq27ep8sC5dUvsfW/
wHwzS3RkMUccT22mH/G31cYofZnTj4twkClJTnFxMtxv1tKVcyQhSKa+8HTSiI4K
uaVmJfSdeP1wMydTyrVpzEoCTGKZmNH2MWofiWQm5NjxFpDEH6LhMPkS78faGLLt
ZJhZhQwuppBZtRmThfWocUv1SZxPvnKiq/gEAQ20VR9a7nvG7rbALSCiBKo5ebAs
Usf3zp4WsE3nQNlYZURCAUwj9JYjb9XTcThzj6WvuL53
-----END CERTIFICATE-----