Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_0L03JCm_z2ZWCx87M7oLyM1m4c.roa
File:                     _0L03JCm_z2ZWCx87M7oLyM1m4c.roa (raw, json)
Hash identifier:          q6ZeXgEUrbm0KlKKLeaMWUGvZd2oJcSMK7iAk/3E55k=
Subject key identifier:   FF:42:F4:DC:90:A6:FF:3D:99:58:2C:7C:EC:CE:E8:2F:23:35:9B:87
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01932F46D0E5AD9F07868E6B3CF3BD5357AC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_0L03JCm_z2ZWCx87M7oLyM1m4c.roa
Signing time:             Fri 15 Nov 2024 10:03:10 +0000
ROA not before:           Fri 15 Nov 2024 10:03:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212219
IP address blocks:        212.87.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2f:46:d0:e5:ad:9f:07:86:8e:6b:3c:f3:bd:53:57:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov 15 10:03:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff42f4dc90a6ff3d99582c7ceccee82f23359b87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:e5:2a:46:55:56:99:60:47:bb:5c:44:0e:94:
                    17:4b:2c:c3:02:b7:54:ca:e1:19:f9:1f:7e:d7:cb:
                    71:b4:ea:2b:4d:9b:b1:12:2f:f2:d7:9f:f5:ee:e1:
                    e7:62:85:d6:73:7e:6c:ec:9f:c4:c7:1c:40:1b:1a:
                    05:95:02:f1:ee:0b:c9:79:e5:c8:da:05:2e:e3:72:
                    10:04:5f:5b:53:7d:55:a9:4f:af:0b:34:3c:92:99:
                    0d:fe:06:fb:b7:f8:31:18:1b:a9:6e:8e:c3:64:83:
                    73:93:37:19:61:a2:c2:bc:eb:44:44:35:66:44:49:
                    f4:5d:d6:aa:e6:e5:92:1a:24:29:1e:b0:05:20:68:
                    04:4c:1d:8a:62:53:14:85:f1:15:ad:9b:27:97:0a:
                    99:3c:33:81:0d:b2:5d:86:47:b1:b6:2d:8f:d5:5d:
                    99:e1:dd:e3:d9:91:50:02:21:c5:4b:5b:a3:01:85:
                    3d:01:fd:b4:79:f4:4c:65:b6:c5:40:3a:0a:7f:41:
                    c1:8e:52:c5:e2:b3:d2:81:78:82:60:31:e3:c7:b3:
                    be:c1:a3:ba:e8:68:38:ca:8d:00:85:a3:ae:cc:00:
                    fb:9e:d4:9e:b5:11:77:33:dc:26:14:50:10:ff:66:
                    a7:88:51:b0:1c:9a:f4:7c:81:38:72:e9:09:c1:3f:
                    66:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:42:F4:DC:90:A6:FF:3D:99:58:2C:7C:EC:CE:E8:2F:23:35:9B:87
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_0L03JCm_z2ZWCx87M7oLyM1m4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.87.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:94:00:f9:c1:04:31:2d:65:fb:8d:98:05:65:12:71:69:2a:
         1a:26:66:c1:9c:b4:f8:fb:61:43:4a:23:2f:f3:56:57:d4:65:
         e4:ca:e2:13:10:31:b6:8a:2a:9c:90:29:f5:e2:4c:64:d7:5b:
         82:90:50:e3:5d:a5:97:25:0c:77:f4:ec:a2:d2:3f:4d:c0:0d:
         92:a4:e8:ea:1f:aa:d5:5f:b8:dc:e1:dc:ea:77:da:cd:df:0b:
         35:da:68:40:b3:86:68:e9:38:7e:f5:81:ef:3e:7a:65:8a:8c:
         74:25:4b:fa:e8:09:83:4d:7c:0a:f8:e8:46:be:7e:c5:d5:66:
         ae:3c:ee:28:e6:2e:77:8c:e0:f8:ff:dd:78:76:fb:99:81:21:
         c8:68:e8:6f:dd:a2:fb:e6:9b:a1:ac:08:4c:93:b0:ab:b1:ec:
         c9:f8:21:57:12:e1:0f:88:84:d8:f0:f9:d7:3b:0e:7b:16:a7:
         e2:05:54:f5:ad:76:c3:98:e6:52:2e:ec:54:fc:fd:00:2d:a1:
         2e:a8:e4:8b:38:a4:38:26:f4:60:c9:7b:1d:05:95:80:c9:0e:
         02:13:1f:46:a1:49:63:3a:c8:1c:f0:e5:0f:08:76:fa:0f:30:
         06:74:31:0b:b5:61:f5:f0:8b:15:d0:30:86:c8:9d:31:25:f3:
         fd:f9:23:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMvRtDlrZ8Hho5rPPO9U1esMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMTE1MTAwMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjQyZjRkYzkwYTZmZjNkOTk1ODJjN2NlY2NlZTgyZjIzMzU5Yjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+UqRlVWmWBHu1xEDpQXSyzDArdU
yuEZ+R9+18txtOorTZuxEi/y15/17uHnYoXWc35s7J/ExxxAGxoFlQLx7gvJeeXI
2gUu43IQBF9bU31VqU+vCzQ8kpkN/gb7t/gxGBupbo7DZINzkzcZYaLCvOtERDVm
REn0Xdaq5uWSGiQpHrAFIGgETB2KYlMUhfEVrZsnlwqZPDOBDbJdhkexti2P1V2Z
4d3j2ZFQAiHFS1ujAYU9Af20efRMZbbFQDoKf0HBjlLF4rPSgXiCYDHjx7O+waO6
6Gg4yo0AhaOuzAD7ntSetRF3M9wmFFAQ/2aniFGwHJr0fIE4cukJwT9mEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP9C9NyQpv89mVgsfOzO6C8jNZuHMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvXzBMMDNKQ21fejJaV0N4ODdNN29MeU0xbTRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FfdMA0G
CSqGSIb3DQEBCwUAA4IBAQCklAD5wQQxLWX7jZgFZRJxaSoaJmbBnLT4+2FDSiMv
81ZX1GXkyuITEDG2iiqckCn14kxk11uCkFDjXaWXJQx39Oyi0j9NwA2SpOjqH6rV
X7jc4dzqd9rN3ws12mhAs4Zo6Th+9YHvPnpliox0JUv66AmDTXwK+OhGvn7F1Wau
PO4o5i53jOD4/914dvuZgSHIaOhv3aL75puhrAhMk7CrsezJ+CFXEuEPiITY8PnX
Ow57FqfiBVT1rXbDmOZSLuxU/P0ALaEuqOSLOKQ4JvRgyXsdBZWAyQ4CEx9GoUlj
Osgc8OUPCHb6DzAGdDELtWH18IsV0DCGyJ0xJfP9+SMi
-----END CERTIFICATE-----