Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_-WGzc1rPxUxNc5Tw6xEPbGVnRo.roa
File:                     _-WGzc1rPxUxNc5Tw6xEPbGVnRo.roa (raw, json)
Hash identifier:          LDFg0e542eTEK01T6enwBZcyedDkzTdF1svuyCL7mXY=
Subject key identifier:   FF:E5:86:CD:CD:6B:3F:15:31:35:CE:53:C3:AC:44:3D:B1:95:9D:1A
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01925D72AB83DB3E2044920B7E3FBCF455DE
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_-WGzc1rPxUxNc5Tw6xEPbGVnRo.roa
Signing time:             Sat 05 Oct 2024 16:10:49 +0000
ROA not before:           Sat 05 Oct 2024 16:10:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205220
IP address blocks:        194.180.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:5d:72:ab:83:db:3e:20:44:92:0b:7e:3f:bc:f4:55:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct  5 16:10:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffe586cdcd6b3f153135ce53c3ac443db1959d1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:a6:26:9c:b7:bd:fd:0e:41:05:c5:80:59:41:
                    e7:1b:70:f2:58:36:b0:ee:40:32:82:01:77:11:5f:
                    d0:f6:a1:a3:a3:6a:76:03:92:63:43:68:bc:76:32:
                    29:72:96:0d:e5:61:5e:5c:a0:e9:22:e6:d9:b5:e4:
                    8f:b8:74:61:01:a2:eb:86:82:1e:fa:95:ac:7f:12:
                    14:ae:d7:40:8e:ed:c4:6c:94:df:be:06:70:8b:b8:
                    c1:9f:a4:5c:f3:18:6c:72:82:55:9c:1b:9a:76:fc:
                    b3:01:10:2b:b4:52:77:be:50:ba:b6:1f:90:b7:1b:
                    78:ba:2b:74:80:29:d7:dc:bd:b0:7b:0b:38:a9:a3:
                    90:3a:25:83:68:c5:d4:55:4d:be:f6:ec:e3:1d:67:
                    28:f9:14:d0:03:66:70:3d:b9:5a:b0:0b:66:87:db:
                    48:c6:02:1d:58:62:66:c7:1a:b4:0f:64:ac:01:b3:
                    5f:48:b0:b8:4a:cd:a3:66:3a:2c:cf:a5:1a:1c:c7:
                    4e:7e:e5:8e:50:e4:e3:19:e0:a6:22:5e:e2:cb:33:
                    89:55:1d:d5:2e:41:b0:9d:42:5b:bc:e1:1c:c1:1c:
                    f7:56:76:4e:87:5e:b6:2f:11:23:67:49:2f:6a:87:
                    0d:c7:1a:70:64:1e:b8:c0:99:54:6f:aa:29:77:91:
                    b9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:E5:86:CD:CD:6B:3F:15:31:35:CE:53:C3:AC:44:3D:B1:95:9D:1A
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_-WGzc1rPxUxNc5Tw6xEPbGVnRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:a2:b2:c0:a0:13:48:36:83:d0:ba:23:32:29:79:12:11:7b:
         79:77:d7:d5:b2:8b:90:56:de:77:b6:e7:f5:47:04:aa:22:a6:
         cc:68:ce:f3:be:64:55:ec:b8:9d:30:dd:3b:35:60:06:44:73:
         c1:27:c2:8c:98:76:1a:22:70:a9:1b:e3:82:78:c8:bd:d9:10:
         c8:a9:41:b6:a1:7a:85:e0:f1:ec:16:38:53:af:e1:c5:09:e9:
         11:29:92:b3:17:b9:aa:2f:e3:2e:0e:bc:5c:f7:ad:2f:49:42:
         5f:3b:a7:4e:7c:13:27:1b:17:cc:97:c1:6a:20:d5:a4:dc:0a:
         93:3f:55:85:2d:c5:d0:00:56:26:d3:f0:52:60:08:e6:8b:4b:
         f3:ef:92:f4:e4:3e:25:48:9f:33:71:e7:79:11:1f:c4:ec:1b:
         91:84:31:a0:fa:2e:de:34:a5:2e:6c:3f:0c:c0:51:0b:de:7c:
         aa:b0:40:04:95:13:0c:f4:71:03:14:db:a9:18:ed:d5:15:d1:
         03:1b:32:c5:c6:76:9f:0f:49:fd:4f:fb:e9:6c:60:de:53:62:
         e7:cd:41:5b:dc:c7:fb:64:b0:e3:33:fd:93:09:64:16:6a:26:
         31:44:58:5c:e4:dc:3d:37:f5:f7:e8:24:7a:74:e9:89:8b:29:
         56:dc:22:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJdcquD2z4gRJILfj+89FXeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMDA1MTYxMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmU1ODZjZGNkNmIzZjE1MzEzNWNlNTNjM2FjNDQzZGIxOTU5ZDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4KYmnLe9/Q5BBcWAWUHnG3DyWDaw
7kAyggF3EV/Q9qGjo2p2A5JjQ2i8djIpcpYN5WFeXKDpIubZteSPuHRhAaLrhoIe
+pWsfxIUrtdAju3EbJTfvgZwi7jBn6Rc8xhscoJVnBuadvyzARArtFJ3vlC6th+Q
txt4uit0gCnX3L2wews4qaOQOiWDaMXUVU2+9uzjHWco+RTQA2ZwPblasAtmh9tI
xgIdWGJmxxq0D2SsAbNfSLC4Ss2jZjosz6UaHMdOfuWOUOTjGeCmIl7iyzOJVR3V
LkGwnUJbvOEcwRz3VnZOh162LxEjZ0kvaocNxxpwZB64wJlUb6opd5G5CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/lhs3Naz8VMTXOU8OsRD2xlZ0aMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvXy1XR3pjMXJQeFV4TmM1VHc2eEVQYkdWblJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrQlMA0G
CSqGSIb3DQEBCwUAA4IBAQA0orLAoBNINoPQuiMyKXkSEXt5d9fVsouQVt53tuf1
RwSqIqbMaM7zvmRV7LidMN07NWAGRHPBJ8KMmHYaInCpG+OCeMi92RDIqUG2oXqF
4PHsFjhTr+HFCekRKZKzF7mqL+MuDrxc960vSUJfO6dOfBMnGxfMl8FqINWk3AqT
P1WFLcXQAFYm0/BSYAjmi0vz75L05D4lSJ8zced5ER/E7BuRhDGg+i7eNKUubD8M
wFEL3nyqsEAElRMM9HEDFNupGO3VFdEDGzLFxnafD0n9T/vpbGDeU2LnzUFb3Mf7
ZLDjM/2TCWQWaiYxRFhc5Nw9N/X36CR6dOmJiylW3CIg
-----END CERTIFICATE-----