Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZSs3kwBpMpKf6BDt4TyET1B4M0g.roa
File:                     ZSs3kwBpMpKf6BDt4TyET1B4M0g.roa (raw, json)
Hash identifier:          +zsYW9K6ZsvdTMT1+ppbR+N3k3q9U3qrD8SDZ9BAoJI=
Subject key identifier:   65:2B:37:93:00:69:32:92:9F:E8:10:ED:E1:3C:84:4F:50:78:33:48
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCF14C6A572E6ADD32FBEBDAF3D208
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZSs3kwBpMpKf6BDt4TyET1B4M0g.roa
Signing time:             Tue 02 Jan 2024 06:29:32 +0000
ROA not before:           Tue 02 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60117
IP address blocks:        193.222.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:f1:4c:6a:57:2e:6a:dd:32:fb:eb:da:f3:d2:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=652b3793006932929fe810ede13c844f50783348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:3c:27:ee:7c:86:a8:eb:96:ec:36:e3:6f:6a:
                    77:8e:09:fc:97:34:ff:84:a5:fb:7d:73:62:2a:c0:
                    c8:4c:0d:06:6b:4f:71:97:64:bb:8c:5a:be:ad:24:
                    8a:3a:77:04:cd:f0:86:f4:9a:2a:bc:6b:96:3d:33:
                    64:27:0a:4e:ad:26:ef:eb:af:c7:ef:c9:d4:3a:d9:
                    3e:3e:55:54:60:62:32:19:86:6f:4e:b8:28:16:94:
                    cf:c3:74:b6:bf:3f:da:5f:d5:ac:ef:b5:6c:e1:21:
                    0f:f1:b0:ac:d8:07:70:0d:c2:a1:b1:5d:0d:a3:8f:
                    84:d5:3d:73:8e:5e:a3:84:64:4e:86:d9:e1:f1:32:
                    10:4a:bc:67:77:78:02:ae:ca:6a:4f:6c:b4:e4:ea:
                    74:ed:b6:92:15:1a:1f:e3:1b:fe:5f:1b:ec:38:e9:
                    da:e7:33:42:92:0d:e4:98:7f:e2:93:9d:bc:5b:07:
                    3a:ab:8f:99:c9:0e:f1:e6:6e:17:0b:be:ea:5f:fa:
                    7c:44:33:92:90:0a:19:4a:e7:c7:9c:34:3e:b3:db:
                    2b:a2:3d:80:74:81:fd:12:70:fa:d8:69:aa:6f:aa:
                    8d:a1:c5:5f:e9:f4:c7:e7:e1:c4:1b:8f:8c:63:c5:
                    87:c5:f2:87:a9:87:fd:35:78:07:d6:04:45:b2:2d:
                    bc:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:2B:37:93:00:69:32:92:9F:E8:10:ED:E1:3C:84:4F:50:78:33:48
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZSs3kwBpMpKf6BDt4TyET1B4M0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:dd:c7:53:82:cf:fd:e7:76:77:a7:14:57:a9:76:d2:5f:ee:
         00:7a:a5:5a:a1:68:c5:95:bf:2c:87:4c:b1:b8:43:7b:ae:71:
         b5:d4:74:06:4f:b4:e4:5b:30:22:08:8f:73:78:9c:a4:73:03:
         7c:53:09:45:f9:20:21:6d:b3:5a:7a:ee:dc:67:5d:b4:e6:ec:
         d3:77:b8:35:06:9f:91:f2:5a:1c:50:16:e1:bf:bd:73:08:9d:
         40:d5:6b:21:5c:09:9d:e8:d1:77:42:19:91:8d:3f:9c:20:77:
         75:29:86:6d:ca:43:49:f7:44:02:8b:fa:f1:0f:44:21:50:18:
         4b:8e:ab:22:1a:df:a5:3e:b1:04:0d:c8:40:ac:d4:0f:dc:09:
         8d:d9:8b:74:30:41:d5:26:22:85:46:cf:35:35:83:7b:2e:84:
         87:a8:fa:86:ca:de:4c:a1:f7:59:99:27:bb:34:af:b5:4b:43:
         c7:52:d0:08:0d:bf:31:27:14:4b:cb:2c:56:2a:4d:22:f1:16:
         8e:3e:fd:c0:70:b9:7d:22:33:84:87:bd:78:26:69:7a:d5:b2:
         f7:d4:4b:14:e6:f8:c8:f2:10:57:4e:cf:a0:81:8e:5e:21:08:
         e9:08:31:25:39:fb:74:fe:b9:dc:c4:b2:de:46:16:8c:e6:9a:
         bd:84:2c:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3PFMalcuat0y++va89IIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTJiMzc5MzAwNjkzMjkyOWZlODEwZWRlMTNjODQ0ZjUwNzgzMzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzwn7nyGqOuW7Dbjb2p3jgn8lzT/
hKX7fXNiKsDITA0Ga09xl2S7jFq+rSSKOncEzfCG9JoqvGuWPTNkJwpOrSbv66/H
78nUOtk+PlVUYGIyGYZvTrgoFpTPw3S2vz/aX9Ws77Vs4SEP8bCs2AdwDcKhsV0N
o4+E1T1zjl6jhGROhtnh8TIQSrxnd3gCrspqT2y05Op07baSFRof4xv+XxvsOOna
5zNCkg3kmH/ik528Wwc6q4+ZyQ7x5m4XC77qX/p8RDOSkAoZSufHnDQ+s9sroj2A
dIH9EnD62Gmqb6qNocVf6fTH5+HEG4+MY8WHxfKHqYf9NXgH1gRFsi28oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUrN5MAaTKSn+gQ7eE8hE9QeDNIMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWlNzM2t3QnBNcEtmNkJEdDRUeUVUMUI0TTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd5iMA0G
CSqGSIb3DQEBCwUAA4IBAQCu3cdTgs/953Z3pxRXqXbSX+4AeqVaoWjFlb8sh0yx
uEN7rnG11HQGT7TkWzAiCI9zeJykcwN8UwlF+SAhbbNaeu7cZ1205uzTd7g1Bp+R
8locUBbhv71zCJ1A1WshXAmd6NF3QhmRjT+cIHd1KYZtykNJ90QCi/rxD0QhUBhL
jqsiGt+lPrEEDchArNQP3AmN2Yt0MEHVJiKFRs81NYN7LoSHqPqGyt5MofdZmSe7
NK+1S0PHUtAIDb8xJxRLyyxWKk0i8RaOPv3AcLl9IjOEh714Jml61bL31EsU5vjI
8hBXTs+ggY5eIQjpCDElOft0/rncxLLeRhaM5pq9hCwc
-----END CERTIFICATE-----