Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_QdIhG_vF0NFH3Z2EZtwDkZSQsE.roa
File:                     _QdIhG_vF0NFH3Z2EZtwDkZSQsE.roa (raw, json)
Hash identifier:          m5VigjWhe1XZy9xTornI3pfC/mF8vps0CtAWcawu914=
Subject key identifier:   FD:07:48:84:6F:EF:17:43:45:1F:76:76:11:9B:70:0E:46:52:42:C1
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018E562BA7FE002E5A7FA89EA3E5FDFF7801
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_QdIhG_vF0NFH3Z2EZtwDkZSQsE.roa
Signing time:             Tue 19 Mar 2024 10:04:45 +0000
ROA not before:           Tue 19 Mar 2024 10:04:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400909
IP address blocks:        87.121.114.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:56:2b:a7:fe:00:2e:5a:7f:a8:9e:a3:e5:fd:ff:78:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 19 10:04:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd0748846fef1743451f7676119b700e465242c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2d:72:1f:68:a7:16:88:46:2e:84:8e:e1:51:
                    3d:34:44:93:00:f2:35:36:be:80:e3:bd:07:9e:e3:
                    d2:da:f1:ca:1a:99:b2:17:50:b7:f9:7a:a9:63:ea:
                    51:0e:ac:cc:de:8a:7f:7f:88:11:42:e6:73:fe:41:
                    d6:8d:0e:05:f1:98:fc:b5:53:5c:ee:36:21:54:b2:
                    b6:ed:15:6c:ce:63:bc:2d:b2:9d:c5:f6:05:df:6f:
                    7e:4d:74:a1:07:c8:bc:87:04:fb:13:14:ac:97:ed:
                    50:34:b2:25:e9:f8:bf:76:64:e5:48:49:b6:bc:7b:
                    74:eb:58:84:ba:76:f8:0b:0b:26:2d:9d:03:77:06:
                    30:3b:99:9d:57:41:97:fd:2b:64:55:77:77:c4:23:
                    e7:ac:60:4b:7a:e0:ec:3c:d5:2b:5c:c8:80:d1:d7:
                    81:a7:ea:b8:08:40:40:2a:47:e6:80:10:20:b5:d1:
                    83:09:f2:22:bb:2a:66:ed:33:4e:40:dd:40:48:e9:
                    32:33:f4:37:6e:b9:c0:4a:71:ee:46:3d:df:dc:d0:
                    19:30:a0:3b:8d:19:9c:1f:b9:7b:66:21:db:16:2d:
                    fc:0e:54:16:77:07:0c:36:69:8b:a3:79:e8:26:cc:
                    09:28:9c:38:81:cb:85:38:8e:9b:60:08:fa:52:36:
                    c7:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:07:48:84:6F:EF:17:43:45:1F:76:76:11:9B:70:0E:46:52:42:C1
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_QdIhG_vF0NFH3Z2EZtwDkZSQsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:75:6f:70:cc:82:87:8e:46:6e:7a:5f:8f:c0:ae:9a:2a:76:
         ad:6f:4d:37:7f:cd:b8:39:7f:25:64:64:c1:32:88:3b:9f:a2:
         bd:19:af:c1:36:6d:d6:b7:4b:e7:ce:59:4d:0c:e6:f8:48:a5:
         55:53:06:52:9d:6c:e4:d5:60:97:5a:27:97:dc:e1:b5:98:43:
         1a:53:d5:61:44:00:08:b0:65:6e:11:2e:7c:44:50:a0:10:50:
         d4:10:55:d1:d6:af:22:24:f5:17:a8:8a:41:f6:8b:2f:fe:5f:
         e6:de:68:99:ca:46:b1:76:cf:a9:48:64:33:cb:0e:10:20:e9:
         e0:a3:6f:4a:5e:1d:73:fd:8d:46:ad:0c:77:76:33:b4:07:f8:
         5c:85:ec:c0:8c:77:90:07:cf:0e:a0:6f:8b:64:38:27:6c:06:
         ef:f0:f2:4c:2b:78:ea:d1:fd:ae:e1:9e:70:c4:86:57:7c:23:
         41:ba:aa:d4:6b:46:a6:37:14:20:34:db:23:88:bb:1c:b5:4c:
         b6:7f:60:87:85:68:ee:fc:e4:f1:00:d3:48:60:4e:c6:ed:63:
         0f:d2:be:eb:a8:5f:09:04:63:e7:fa:4f:80:a7:dd:33:33:a7:
         90:3b:dc:b6:1f:b1:58:07:c9:cc:81:65:f3:dc:ab:79:3a:f3:
         0a:0a:0c:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5WK6f+AC5af6ieo+X9/3gBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzE5MTAwNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDA3NDg4NDZmZWYxNzQzNDUxZjc2NzYxMTliNzAwZTQ2NTI0MmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAty1yH2inFohGLoSO4VE9NESTAPI1
Nr6A470HnuPS2vHKGpmyF1C3+XqpY+pRDqzM3op/f4gRQuZz/kHWjQ4F8Zj8tVNc
7jYhVLK27RVszmO8LbKdxfYF329+TXShB8i8hwT7ExSsl+1QNLIl6fi/dmTlSEm2
vHt061iEunb4CwsmLZ0DdwYwO5mdV0GX/StkVXd3xCPnrGBLeuDsPNUrXMiA0deB
p+q4CEBAKkfmgBAgtdGDCfIiuypm7TNOQN1ASOkyM/Q3brnASnHuRj3f3NAZMKA7
jRmcH7l7ZiHbFi38DlQWdwcMNmmLo3noJswJKJw4gcuFOI6bYAj6UjbHoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0HSIRv7xdDRR92dhGbcA5GUkLBMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvX1FkSWhHX3ZGME5GSDNaMkVadHdEa1pTUXNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV3lyMA0G
CSqGSIb3DQEBCwUAA4IBAQCjdW9wzIKHjkZuel+PwK6aKnatb003f824OX8lZGTB
Mog7n6K9Ga/BNm3Wt0vnzllNDOb4SKVVUwZSnWzk1WCXWieX3OG1mEMaU9VhRAAI
sGVuES58RFCgEFDUEFXR1q8iJPUXqIpB9osv/l/m3miZykaxds+pSGQzyw4QIOng
o29KXh1z/Y1GrQx3djO0B/hchezAjHeQB88OoG+LZDgnbAbv8PJMK3jq0f2u4Z5w
xIZXfCNBuqrUa0amNxQgNNsjiLsctUy2f2CHhWju/OTxANNIYE7G7WMP0r7rqF8J
BGPn+k+Ap90zM6eQO9y2H7FYB8nMgWXz3Kt5OvMKCgwX
-----END CERTIFICATE-----