Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XEkmsduzuQkbU5O4013Zv-_wV-A.roa
File:                     XEkmsduzuQkbU5O4013Zv-_wV-A.roa (raw, json)
Hash identifier:          iMBE7DLUuz0e0GYwmB9eL19G7B43YpkPxfQejHZcyB0=
Subject key identifier:   5C:49:26:B1:DB:B3:B9:09:1B:53:93:B8:D3:5D:D9:BF:EF:F0:57:E0
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01916B5255246CCBDD61631B1896BF04F8EC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XEkmsduzuQkbU5O4013Zv-_wV-A.roa
Signing time:             Mon 19 Aug 2024 15:47:23 +0000
ROA not before:           Mon 19 Aug 2024 15:47:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214438
IP address blocks:        94.156.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 09:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6b:52:55:24:6c:cb:dd:61:63:1b:18:96:bf:04:f8:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Aug 19 15:47:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c4926b1dbb3b9091b5393b8d35dd9bfeff057e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c4:75:c1:d4:ca:0b:24:99:dc:3d:55:08:c6:
                    5d:1b:99:bf:1e:92:15:de:75:72:57:36:67:99:09:
                    00:09:f5:59:29:88:57:90:99:f1:b3:13:d8:c9:34:
                    65:d2:67:b6:94:e7:60:d5:b0:ce:ed:09:02:93:55:
                    be:ea:f2:93:ce:ab:c2:74:89:d6:92:a2:e2:84:a3:
                    3f:b4:ae:c0:0f:ed:61:e7:20:ef:cc:8a:d2:52:a2:
                    74:e1:a8:db:d9:8a:f5:2d:92:6b:38:0c:cf:2d:e9:
                    af:aa:be:82:20:03:6b:3e:57:ce:13:bf:bc:d1:8a:
                    30:de:10:da:b9:2e:03:26:4c:b5:cb:a0:45:db:21:
                    54:f2:14:2d:bb:16:ce:38:d3:f6:88:45:58:30:c4:
                    d4:e1:a2:e9:df:32:06:c7:f3:e8:da:1e:80:a5:7f:
                    71:99:3b:4b:e2:5d:66:ac:f4:8b:e3:28:df:65:7d:
                    59:2e:6d:7b:42:83:91:23:13:1b:5a:ff:d9:bd:4e:
                    1e:a7:ee:37:6e:32:c8:ef:38:62:e3:7c:af:33:15:
                    fa:98:1f:0c:d2:54:1c:1b:e1:47:2f:62:9e:87:6b:
                    d1:c0:1b:12:b0:44:27:48:31:66:57:76:10:06:a9:
                    29:31:7c:42:61:da:43:58:5d:bf:4a:45:73:9c:bf:
                    80:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:49:26:B1:DB:B3:B9:09:1B:53:93:B8:D3:5D:D9:BF:EF:F0:57:E0
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XEkmsduzuQkbU5O4013Zv-_wV-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:8e:3c:1e:71:f2:21:41:eb:82:2b:d6:de:f6:7a:13:de:6c:
         00:38:06:61:1b:d8:a6:0a:9a:12:e4:1e:3b:25:36:c8:d8:8b:
         da:3c:92:82:3b:04:43:d5:c0:e5:ab:61:d9:df:8e:1a:8e:44:
         b1:02:00:26:b5:48:5a:1c:bb:d4:f4:67:9d:db:e4:c4:f0:e1:
         ce:68:76:37:d0:40:f6:57:d2:5c:b9:7e:e1:ae:9a:9e:ed:1c:
         79:28:92:1a:5a:fe:de:9f:7a:6a:af:8c:f5:a9:9f:9f:70:e2:
         d2:d3:09:c0:26:ed:5b:d9:ec:d8:66:d9:a9:d5:c9:6b:82:53:
         53:55:2d:3f:a5:d5:7e:f1:bc:fa:4a:c6:84:e6:5f:6c:d6:d1:
         28:2e:88:72:ad:cd:e3:af:b0:1b:0e:cc:b8:db:30:82:6b:cd:
         c0:d3:13:fc:65:d9:85:1b:32:0d:f9:b0:c0:db:30:47:98:4d:
         94:1a:f6:1f:68:a4:29:94:16:52:c1:58:52:47:a1:81:a7:26:
         a6:95:8a:a2:ac:a3:40:3c:76:c6:1d:ed:2b:e1:d8:df:ba:9d:
         7e:8c:be:9c:81:7f:bb:10:85:b8:eb:d4:3a:41:a0:e2:08:e4:
         a4:fa:3a:6d:a4:40:3f:6d:0c:2d:d4:cc:f2:49:bd:89:2b:ab:
         38:65:f8:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFrUlUkbMvdYWMbGJa/BPjsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwODE5MTU0NzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzQ5MjZiMWRiYjNiOTA5MWI1MzkzYjhkMzVkZDliZmVmZjA1N2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncR1wdTKCySZ3D1VCMZdG5m/HpIV
3nVyVzZnmQkACfVZKYhXkJnxsxPYyTRl0me2lOdg1bDO7QkCk1W+6vKTzqvCdInW
kqLihKM/tK7AD+1h5yDvzIrSUqJ04ajb2Yr1LZJrOAzPLemvqr6CIANrPlfOE7+8
0Yow3hDauS4DJky1y6BF2yFU8hQtuxbOONP2iEVYMMTU4aLp3zIGx/Po2h6ApX9x
mTtL4l1mrPSL4yjfZX1ZLm17QoORIxMbWv/ZvU4ep+43bjLI7zhi43yvMxX6mB8M
0lQcG+FHL2Keh2vRwBsSsEQnSDFmV3YQBqkpMXxCYdpDWF2/SkVznL+ACQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxJJrHbs7kJG1OTuNNd2b/v8FfgMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWEVrbXNkdXp1UWtiVTVPNDAxM1p2LV93Vi1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpwIMA0G
CSqGSIb3DQEBCwUAA4IBAQCOjjwecfIhQeuCK9be9noT3mwAOAZhG9imCpoS5B47
JTbI2IvaPJKCOwRD1cDlq2HZ344ajkSxAgAmtUhaHLvU9Ged2+TE8OHOaHY30ED2
V9JcuX7hrpqe7Rx5KJIaWv7en3pqr4z1qZ+fcOLS0wnAJu1b2ezYZtmp1clrglNT
VS0/pdV+8bz6SsaE5l9s1tEoLohyrc3jr7AbDsy42zCCa83A0xP8ZdmFGzIN+bDA
2zBHmE2UGvYfaKQplBZSwVhSR6GBpyamlYqirKNAPHbGHe0r4djfup1+jL6cgX+7
EIW469Q6QaDiCOSk+jptpEA/bQwt1MzySb2JK6s4ZfjC
-----END CERTIFICATE-----