Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XKhnyMmVSD2EFZq5YYkPtvz8GDw.roa
File:                     XKhnyMmVSD2EFZq5YYkPtvz8GDw.roa (raw, json)
Hash identifier:          Fcar14ARW3F3+vk0yQHhs1vJ8dL0duLWdyablCzB1Pc=
Subject key identifier:   5C:A8:67:C8:C9:95:48:3D:84:15:9A:B9:61:89:0F:B6:FC:FC:18:3C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCEF3FD4D56F3E1F87EAD83EAC599D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XKhnyMmVSD2EFZq5YYkPtvz8GDw.roa
Signing time:             Tue 02 Jan 2024 06:29:31 +0000
ROA not before:           Tue 02 Jan 2024 06:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54252
IP address blocks:        83.219.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:ef:3f:d4:d5:6f:3e:1f:87:ea:d8:3e:ac:59:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ca867c8c995483d84159ab961890fb6fcfc183c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:3b:72:e3:ae:24:41:af:db:ea:80:d2:0c:95:
                    cd:ff:2a:23:78:6e:51:bd:6e:f1:6d:e1:a7:fc:be:
                    67:dd:dc:69:f1:79:cf:b0:21:d0:25:01:d2:05:ca:
                    d6:5f:38:73:1f:c1:fe:d2:fb:dd:1e:b9:78:e2:3c:
                    08:94:d6:27:be:11:47:ee:7c:9d:0b:9b:18:86:27:
                    ee:bb:86:f7:ab:be:2c:5d:58:df:80:70:9b:52:17:
                    f1:a8:dd:5f:41:be:78:59:cc:da:85:42:2c:a0:d6:
                    ae:72:5b:ad:45:c0:5b:d2:ad:a1:ac:68:db:76:81:
                    a8:15:83:3c:5d:f3:dd:4a:8d:ee:61:31:41:96:69:
                    27:78:7e:d5:a9:3b:65:62:47:5d:4e:db:cb:fa:8e:
                    dd:93:6f:7b:db:e3:48:53:24:2a:9c:42:72:59:26:
                    6f:fa:11:66:8e:1d:89:04:7b:f6:ad:98:c1:60:d5:
                    bb:69:dc:40:0a:24:be:5e:75:ed:20:62:79:cd:c1:
                    53:15:45:6a:4a:f7:d2:bf:d6:46:84:c7:db:37:e2:
                    83:50:12:f1:b8:c6:d9:d1:a4:d0:0c:a1:57:3b:30:
                    ee:e6:c7:ac:fd:61:3e:97:dd:7d:4f:3b:60:0f:f7:
                    95:33:d9:4a:4e:82:b1:64:52:15:bd:4d:26:99:8a:
                    42:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:A8:67:C8:C9:95:48:3D:84:15:9A:B9:61:89:0F:B6:FC:FC:18:3C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XKhnyMmVSD2EFZq5YYkPtvz8GDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.219.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:50:33:fc:f2:6a:4b:9d:14:0d:6a:e6:a0:ec:53:7c:c2:81:
         c2:b9:d9:4e:00:01:68:be:76:0e:f1:51:10:d1:2f:dc:34:2d:
         f0:c2:0b:01:55:be:3a:8d:e1:f8:c2:83:79:3d:6b:38:b1:89:
         90:9c:8f:29:7d:9e:00:f8:66:0f:12:82:a6:ad:5f:ed:15:bb:
         ec:f3:0b:49:53:cd:f4:9f:02:97:b0:79:62:11:96:e2:45:9b:
         46:d4:dc:d5:f8:b4:eb:97:c4:c1:45:67:ec:b5:94:fb:eb:3b:
         8d:51:d5:d6:05:86:e4:c5:3e:d7:e9:a8:f4:af:dd:5e:5d:8b:
         b7:05:82:e2:7d:67:f2:58:44:59:83:b2:ac:b3:2f:b7:52:90:
         2f:ec:3f:6f:b3:13:da:6d:11:3c:b1:a2:63:cc:f1:eb:5d:d5:
         09:c7:6d:41:e9:47:03:bb:98:85:12:ed:25:f6:0d:70:36:8b:
         fb:eb:0e:46:38:13:e9:9e:60:e3:c6:0c:89:ee:9e:18:e6:93:
         47:d9:f1:05:35:89:2a:35:55:75:5f:30:05:06:f0:9d:c9:84:
         69:73:e2:34:27:ec:11:2a:b0:f4:de:df:c5:6e:88:06:f0:aa:
         10:02:31:1e:e8:c5:bf:e4:48:59:12:20:fd:6b:69:9f:5c:df:
         31:88:90:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3O8/1NVvPh+H6tg+rFmdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2E4NjdjOGM5OTU0ODNkODQxNTlhYjk2MTg5MGZiNmZjZmMxODNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDty464kQa/b6oDSDJXN/yojeG5R
vW7xbeGn/L5n3dxp8XnPsCHQJQHSBcrWXzhzH8H+0vvdHrl44jwIlNYnvhFH7nyd
C5sYhifuu4b3q74sXVjfgHCbUhfxqN1fQb54WczahUIsoNauclutRcBb0q2hrGjb
doGoFYM8XfPdSo3uYTFBlmkneH7VqTtlYkddTtvL+o7dk2972+NIUyQqnEJyWSZv
+hFmjh2JBHv2rZjBYNW7adxACiS+XnXtIGJ5zcFTFUVqSvfSv9ZGhMfbN+KDUBLx
uMbZ0aTQDKFXOzDu5ses/WE+l919TztgD/eVM9lKToKxZFIVvU0mmYpCCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyoZ8jJlUg9hBWauWGJD7b8/Bg8MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWEtobnlNbVZTRDJFRlpxNVlZa1B0dno4R0R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU9tjMA0G
CSqGSIb3DQEBCwUAA4IBAQAmUDP88mpLnRQNauag7FN8woHCudlOAAFovnYO8VEQ
0S/cNC3wwgsBVb46jeH4woN5PWs4sYmQnI8pfZ4A+GYPEoKmrV/tFbvs8wtJU830
nwKXsHliEZbiRZtG1NzV+LTrl8TBRWfstZT76zuNUdXWBYbkxT7X6aj0r91eXYu3
BYLifWfyWERZg7Kssy+3UpAv7D9vsxPabRE8saJjzPHrXdUJx21B6UcDu5iFEu0l
9g1wNov76w5GOBPpnmDjxgyJ7p4Y5pNH2fEFNYkqNVV1XzAFBvCdyYRpc+I0J+wR
KrD03t/FbogG8KoQAjEe6MW/5EhZEiD9a2mfXN8xiJB0
-----END CERTIFICATE-----