Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZjAqRbqE6TM6Uq3g0fRRp4j7htw.roa
File:                     ZjAqRbqE6TM6Uq3g0fRRp4j7htw.roa (raw, json)
Hash identifier:          aBUSTERx+rSrsGOdiN9tMFWcY89KJVzq9Ydk58cJ8vs=
Subject key identifier:   66:30:2A:45:BA:84:E9:33:3A:52:AD:E0:D1:F4:51:A7:88:FB:86:DC
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCD6B70981EC46049DA5F3B6804539
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZjAqRbqE6TM6Uq3g0fRRp4j7htw.roa
Signing time:             Tue 02 Jan 2024 06:29:25 +0000
ROA not before:           Tue 02 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25374
IP address blocks:        87.120.244.0/23 maxlen: 23
                          87.120.244.0/24 maxlen: 24
                          87.120.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d6:b7:09:81:ec:46:04:9d:a5:f3:b6:80:45:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66302a45ba84e9333a52ade0d1f451a788fb86dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c2:13:3a:e4:8a:4c:04:42:0b:ab:d0:0a:24:
                    9a:e8:70:46:d5:3b:a3:32:cd:70:65:49:2f:a8:07:
                    09:a7:b1:65:f5:08:87:66:93:3d:42:58:2d:9a:eb:
                    d2:7d:56:70:2c:2d:a0:76:2d:fa:c9:e7:fe:12:86:
                    ae:90:21:b0:22:e1:3c:58:2e:12:4e:0b:8e:61:b5:
                    ee:36:97:3e:1b:9f:52:b3:d1:cf:26:4b:bc:ab:b8:
                    80:c6:77:ce:a9:7c:8d:d4:a7:8a:a4:13:1e:54:8b:
                    67:95:7b:9a:8e:42:c8:07:03:df:99:0a:d1:12:df:
                    d2:3d:86:5c:8c:38:15:1f:bf:8a:0b:09:f0:32:16:
                    69:23:c3:56:06:cb:23:fa:57:dd:77:c8:40:ee:e1:
                    f4:2e:b3:4e:1c:63:d7:fb:00:b5:f3:94:97:0c:ac:
                    c6:9e:c8:7f:f3:3a:ca:65:6b:e9:28:09:e7:10:86:
                    da:f3:23:bd:55:ec:0e:1f:d2:7c:31:7d:6a:04:c0:
                    85:11:b0:bc:ef:5d:cd:6a:2d:d2:72:99:dd:3a:8a:
                    2a:b6:4a:23:fe:be:60:ae:e5:c7:54:18:37:1f:ab:
                    57:af:6f:1e:fd:bd:b0:f7:89:b5:11:e4:11:53:8c:
                    7b:01:e6:08:2c:8e:96:f5:f7:95:c7:88:0b:25:47:
                    50:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:30:2A:45:BA:84:E9:33:3A:52:AD:E0:D1:F4:51:A7:88:FB:86:DC
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZjAqRbqE6TM6Uq3g0fRRp4j7htw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:1d:0e:24:02:6a:2c:3b:e8:4e:b9:97:a5:c8:10:76:a4:31:
         c5:71:23:39:87:4c:d2:b0:0a:d4:81:be:dc:73:de:51:71:4c:
         13:21:ca:09:f0:8f:ab:03:16:b9:c1:0c:f0:7c:11:99:d1:1f:
         b4:c4:c0:74:99:48:fc:12:3b:e0:43:43:db:c0:a8:42:7f:5b:
         64:95:98:f6:27:6e:42:cc:88:e6:d8:7f:bb:b7:97:55:74:db:
         8d:df:ec:73:df:10:c6:68:58:8d:d3:c6:e4:73:7e:be:35:1e:
         dd:26:cf:4f:5d:b8:8f:35:28:a5:12:05:8a:7f:6e:15:8e:66:
         0f:b7:e9:c9:a8:bd:03:3d:62:60:36:ea:5c:e3:dd:1a:d1:6e:
         99:ac:77:bc:f1:81:52:2f:7e:71:e9:0f:77:fc:9d:13:5b:bb:
         89:75:5d:2c:ae:3d:cd:66:fc:98:7b:28:38:a0:bc:7d:68:43:
         38:69:ae:8d:3c:5e:ff:3b:91:d5:bb:b5:d0:c8:c0:65:54:d4:
         c8:c4:2b:78:f3:bc:96:44:49:be:2b:0d:91:ae:60:7d:7f:63:
         1b:6f:f7:83:42:2d:d8:21:6e:24:0d:40:2d:e8:07:b2:3c:2e:
         72:43:b2:22:9c:1e:44:51:19:ab:4e:c3:3d:56:62:46:cd:37:
         a0:e8:33:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3Na3CYHsRgSdpfO2gEU5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjMwMmE0NWJhODRlOTMzM2E1MmFkZTBkMWY0NTFhNzg4ZmI4NmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsITOuSKTARCC6vQCiSa6HBG1Tuj
Ms1wZUkvqAcJp7Fl9QiHZpM9QlgtmuvSfVZwLC2gdi36yef+EoaukCGwIuE8WC4S
TguOYbXuNpc+G59Ss9HPJku8q7iAxnfOqXyN1KeKpBMeVItnlXuajkLIBwPfmQrR
Et/SPYZcjDgVH7+KCwnwMhZpI8NWBssj+lfdd8hA7uH0LrNOHGPX+wC185SXDKzG
nsh/8zrKZWvpKAnnEIba8yO9VewOH9J8MX1qBMCFEbC8713Nai3ScpndOooqtkoj
/r5gruXHVBg3H6tXr28e/b2w94m1EeQRU4x7AeYILI6W9feVx4gLJUdQ9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGYwKkW6hOkzOlKt4NH0UaeI+4bcMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWmpBcVJicUU2VE02VXEzZzBmUlJwNGo3aHR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV3j0MA0G
CSqGSIb3DQEBCwUAA4IBAQCDHQ4kAmosO+hOuZelyBB2pDHFcSM5h0zSsArUgb7c
c95RcUwTIcoJ8I+rAxa5wQzwfBGZ0R+0xMB0mUj8EjvgQ0PbwKhCf1tklZj2J25C
zIjm2H+7t5dVdNuN3+xz3xDGaFiN08bkc36+NR7dJs9PXbiPNSilEgWKf24VjmYP
t+nJqL0DPWJgNupc490a0W6ZrHe88YFSL35x6Q93/J0TW7uJdV0srj3NZvyYeyg4
oLx9aEM4aa6NPF7/O5HVu7XQyMBlVNTIxCt487yWREm+Kw2RrmB9f2Mbb/eDQi3Y
IW4kDUAt6AeyPC5yQ7IinB5EURmrTsM9VmJGzTeg6DPq
-----END CERTIFICATE-----