Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/W3tWfyz4NX4dZ6yFc9u7FgMs0iI.roa
File:                     W3tWfyz4NX4dZ6yFc9u7FgMs0iI.roa (raw, json)
Hash identifier:          FcyDiyms/mZHnKJqoCVywrFT1g0MDqgezviBgYmikRM=
Subject key identifier:   5B:7B:56:7F:2C:F8:35:7E:1D:67:AC:85:73:DB:BB:16:03:2C:D2:22
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCFC9468C592455E7BF7C53EABDE27
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/W3tWfyz4NX4dZ6yFc9u7FgMs0iI.roa
Signing time:             Tue 02 Jan 2024 06:29:34 +0000
ROA not before:           Tue 02 Jan 2024 06:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200385
IP address blocks:        195.178.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:fc:94:68:c5:92:45:5e:7b:f7:c5:3e:ab:de:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b7b567f2cf8357e1d67ac8573dbbb16032cd222
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:fd:65:0a:64:1a:54:5b:e8:14:e6:ba:0a:e2:
                    17:34:9a:3b:fe:86:b6:9a:70:c5:78:0e:9c:96:b2:
                    7d:3e:de:bd:97:f1:5c:b5:5a:0d:cd:cf:47:b2:61:
                    5b:79:92:c6:a4:22:8d:d3:f2:c7:7e:e5:31:e2:c9:
                    ce:50:07:e0:12:6e:73:bc:47:12:fd:91:01:e9:99:
                    43:1b:58:36:a4:e7:90:0c:37:3f:9f:d1:4c:ae:c3:
                    e5:fc:07:a0:91:ca:f3:70:e5:07:65:1d:b6:2e:e5:
                    c7:b1:47:1a:06:72:54:20:c8:de:df:bd:11:88:66:
                    2f:c2:c6:8e:77:53:2f:51:67:e6:3d:59:42:c7:1f:
                    83:4c:b3:de:03:63:60:2f:20:52:fd:72:8a:f8:a1:
                    55:2d:30:2d:21:d2:d4:52:b5:53:3f:22:31:42:a3:
                    36:8d:9e:53:b0:aa:2f:17:92:68:6d:ce:e8:00:92:
                    26:56:7f:10:05:00:48:96:30:38:9b:97:6e:1f:d7:
                    03:06:d2:f4:ff:02:53:5b:16:dd:5c:4c:64:ff:c0:
                    f5:0c:6c:04:19:dd:7d:c6:66:f6:40:ac:9a:38:96:
                    52:21:6e:40:6f:44:72:ac:73:51:07:30:d6:58:b4:
                    cb:67:8a:1b:ed:69:bb:af:f8:49:df:c8:a8:5b:92:
                    f5:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:7B:56:7F:2C:F8:35:7E:1D:67:AC:85:73:DB:BB:16:03:2C:D2:22
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/W3tWfyz4NX4dZ6yFc9u7FgMs0iI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:79:d2:37:4a:4e:f9:e4:04:62:56:f0:c5:67:07:1f:41:aa:
         4b:78:30:bb:6d:1b:73:1c:27:3a:9a:90:9d:5a:32:94:15:fe:
         c7:c7:78:a8:b8:5a:5e:f4:31:3e:51:34:40:9d:1c:25:d1:12:
         ee:18:56:43:36:15:16:ce:10:39:79:f2:c9:78:27:27:13:6b:
         2c:7d:1c:bb:00:94:4b:c9:87:56:3f:dc:53:2a:9d:d4:28:fd:
         d8:c0:f8:b3:31:aa:27:d1:41:bc:42:f7:f6:97:4e:6e:94:f2:
         27:35:77:33:c8:f0:6a:1c:ab:9a:57:e4:47:d9:30:e3:d4:9f:
         a6:76:53:0e:05:fd:72:c1:92:5d:19:f2:7d:d8:48:3a:e4:ea:
         c6:63:f5:78:7e:47:b9:81:44:3a:08:d6:ee:81:27:f8:8b:c1:
         87:fc:02:72:0f:fd:f5:ab:a5:16:f5:77:13:f4:ae:48:7b:fb:
         54:63:fd:96:63:a1:88:3b:48:d3:c5:3d:37:e6:79:f8:8c:68:
         ed:3f:a2:20:a3:42:32:6a:22:d9:e1:14:98:c6:f6:3d:7b:26:
         11:14:8c:8d:63:0f:a6:2c:6c:64:25:73:98:cc:a7:99:54:71:
         7e:5a:6c:a8:22:ff:ec:b5:15:51:6e:69:e1:a7:eb:bb:65:2c:
         84:bc:c5:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3PyUaMWSRV5798U+q94nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjdiNTY3ZjJjZjgzNTdlMWQ2N2FjODU3M2RiYmIxNjAzMmNkMjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiP1lCmQaVFvoFOa6CuIXNJo7/oa2
mnDFeA6clrJ9Pt69l/FctVoNzc9HsmFbeZLGpCKN0/LHfuUx4snOUAfgEm5zvEcS
/ZEB6ZlDG1g2pOeQDDc/n9FMrsPl/AegkcrzcOUHZR22LuXHsUcaBnJUIMje370R
iGYvwsaOd1MvUWfmPVlCxx+DTLPeA2NgLyBS/XKK+KFVLTAtIdLUUrVTPyIxQqM2
jZ5TsKovF5Jobc7oAJImVn8QBQBIljA4m5duH9cDBtL0/wJTWxbdXExk/8D1DGwE
Gd19xmb2QKyaOJZSIW5Ab0RyrHNRBzDWWLTLZ4ob7Wm7r/hJ38ioW5L1BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFt7Vn8s+DV+HWeshXPbuxYDLNIiMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVzN0V2Z5ejROWDRkWjZ5RmM5dTdGZ01zMGlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7J5MA0G
CSqGSIb3DQEBCwUAA4IBAQBnedI3Sk755ARiVvDFZwcfQapLeDC7bRtzHCc6mpCd
WjKUFf7Hx3iouFpe9DE+UTRAnRwl0RLuGFZDNhUWzhA5efLJeCcnE2ssfRy7AJRL
yYdWP9xTKp3UKP3YwPizMaon0UG8Qvf2l05ulPInNXczyPBqHKuaV+RH2TDj1J+m
dlMOBf1ywZJdGfJ92Eg65OrGY/V4fke5gUQ6CNbugSf4i8GH/AJyD/31q6UW9XcT
9K5Ie/tUY/2WY6GIO0jTxT035nn4jGjtP6Igo0IyaiLZ4RSYxvY9eyYRFIyNYw+m
LGxkJXOYzKeZVHF+WmyoIv/stRVRbmnhp+u7ZSyEvMVW
-----END CERTIFICATE-----