Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WnJWk0Z_iK0LwUnh_YQa8qEjox8.roa
File:                     WnJWk0Z_iK0LwUnh_YQa8qEjox8.roa (raw, json)
Hash identifier:          ALyRJnSKwdmlA+Dwj5B53btIxhCQkeqD1bOnCclER2k=
Subject key identifier:   5A:72:56:93:46:7F:88:AD:0B:C1:49:E1:FD:84:1A:F2:A1:23:A3:1F
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0190974AB7F6D609A32FABB5D1F41751D89C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WnJWk0Z_iK0LwUnh_YQa8qEjox8.roa
Signing time:             Tue 09 Jul 2024 11:39:34 +0000
ROA not before:           Tue 09 Jul 2024 11:39:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152878
IP address blocks:        45.8.93.0/24 maxlen: 24
                          45.151.90.0/24 maxlen: 24
                          94.154.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 09:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:97:4a:b7:f6:d6:09:a3:2f:ab:b5:d1:f4:17:51:d8:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul  9 11:39:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a725693467f88ad0bc149e1fd841af2a123a31f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:6e:9d:a6:cd:b2:5f:09:ba:25:2d:41:71:6b:
                    fd:b7:a3:ae:9c:8f:e4:28:45:06:67:93:d6:5c:c6:
                    dd:6b:f5:8b:8b:c4:17:d4:0f:46:dc:c4:c3:ad:0f:
                    9e:04:16:27:93:3f:0a:29:da:47:ce:31:06:87:07:
                    ce:4e:7f:4e:b6:9d:e3:70:e7:35:7b:c0:e8:98:e4:
                    3f:68:18:01:c6:23:df:af:64:87:0a:80:2f:17:89:
                    4c:33:16:5f:c1:51:35:99:b3:28:9d:3e:14:ea:89:
                    b6:26:77:b2:3c:39:45:43:7f:ac:7e:34:ee:c2:aa:
                    65:2c:b0:26:6c:af:5f:9a:1b:5b:26:62:e3:54:d6:
                    27:a1:3b:68:89:54:35:cc:aa:55:30:d3:ca:9d:ef:
                    ae:bf:12:e2:12:43:3e:0d:b0:6d:cd:79:e9:11:3d:
                    af:49:13:77:ad:d1:35:11:2a:b8:1e:14:9e:de:c0:
                    7e:a5:7e:39:96:79:1e:fc:b0:65:a1:e4:8a:92:e3:
                    53:c6:64:d5:ba:96:d3:8f:b1:e7:20:19:94:6d:65:
                    c4:bf:d3:85:ad:f7:e3:78:0c:a1:79:82:3a:fa:4e:
                    3f:6f:c0:5d:62:13:80:7a:2f:4d:7c:1c:28:4a:17:
                    b1:e6:a2:26:d4:be:fd:29:40:dd:d8:95:79:32:a5:
                    55:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:72:56:93:46:7F:88:AD:0B:C1:49:E1:FD:84:1A:F2:A1:23:A3:1F
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WnJWk0Z_iK0LwUnh_YQa8qEjox8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.93.0/24
                  45.151.90.0/24
                  94.154.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:e3:1c:14:27:20:bf:05:46:35:74:98:60:68:4b:45:71:d0:
         0e:64:c3:ae:89:26:1b:4e:03:a0:71:93:a4:83:b3:c1:d3:c6:
         9d:d2:32:9e:d1:17:ed:95:21:23:f9:6f:54:00:56:fd:a0:f3:
         ae:00:b7:ff:f4:0e:8e:8b:ec:42:86:1b:57:f7:48:4c:d3:b4:
         f1:4e:2a:ca:be:9c:79:7b:25:30:90:d5:a4:47:d2:75:fe:d3:
         90:c4:c6:93:7c:b4:49:f2:39:75:73:00:20:27:8b:3b:5d:90:
         c6:30:3e:e9:1e:23:4f:e6:d9:8a:d5:37:da:3a:0c:f4:69:61:
         e8:93:dd:94:7d:3f:45:3c:ec:85:ed:2d:5d:a0:8a:b7:70:c4:
         76:a7:80:fb:a6:9a:64:7f:fc:1d:26:7f:0b:01:0b:bf:0f:a4:
         27:7d:8b:5a:56:e2:a4:cc:50:7f:93:1f:c6:6b:8c:35:19:6f:
         8e:1c:a8:93:bc:fd:bc:d5:9e:81:95:b0:d9:f9:b1:cc:c0:1c:
         29:2d:5b:34:18:d6:19:c1:b6:0d:47:48:f2:5f:2f:da:14:c9:
         a2:74:03:54:90:23:ce:dd:86:d1:ef:36:d3:e2:bc:1f:fb:eb:
         f0:05:ee:47:be:fa:b5:19:ad:70:1e:f0:64:03:53:74:e3:a4:
         71:c4:42:ac
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZCXSrf21gmjL6u10fQXUdicMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNzA5MTEzOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTcyNTY5MzQ2N2Y4OGFkMGJjMTQ5ZTFmZDg0MWFmMmExMjNhMzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0G6dps2yXwm6JS1BcWv9t6OunI/k
KEUGZ5PWXMbda/WLi8QX1A9G3MTDrQ+eBBYnkz8KKdpHzjEGhwfOTn9Otp3jcOc1
e8DomOQ/aBgBxiPfr2SHCoAvF4lMMxZfwVE1mbMonT4U6om2JneyPDlFQ3+sfjTu
wqplLLAmbK9fmhtbJmLjVNYnoTtoiVQ1zKpVMNPKne+uvxLiEkM+DbBtzXnpET2v
SRN3rdE1ESq4HhSe3sB+pX45lnke/LBloeSKkuNTxmTVupbTj7HnIBmUbWXEv9OF
rffjeAyheYI6+k4/b8BdYhOAei9NfBwoShex5qIm1L79KUDd2JV5MqVV9QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFpyVpNGf4itC8FJ4f2EGvKhI6MfMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvV25KV2swWl9pSzBMd1VuaF9ZUWE4cUVqb3g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALQhdAwQA
LZdaAwQAXpqhMA0GCSqGSIb3DQEBCwUAA4IBAQB/4xwUJyC/BUY1dJhgaEtFcdAO
ZMOuiSYbTgOgcZOkg7PB08ad0jKe0RftlSEj+W9UAFb9oPOuALf/9A6Oi+xChhtX
90hM07TxTirKvpx5eyUwkNWkR9J1/tOQxMaTfLRJ8jl1cwAgJ4s7XZDGMD7pHiNP
5tmK1TfaOgz0aWHok92UfT9FPOyF7S1doIq3cMR2p4D7pppkf/wdJn8LAQu/D6Qn
fYtaVuKkzFB/kx/Ga4w1GW+OHKiTvP281Z6BlbDZ+bHMwBwpLVs0GNYZwbYNR0jy
Xy/aFMmidANUkCPO3YbR7zbT4rwf++vwBe5Hvvq1Ga1wHvBkA1N046RxxEKs
-----END CERTIFICATE-----