Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_SZKDLYJuvNcvCT5e-OQ7ABIpIo.roa
File:                     _SZKDLYJuvNcvCT5e-OQ7ABIpIo.roa (raw, json)
Hash identifier:          lbbr2KxDmjETEqeTgKtoS2TnMFPOS42AhJT+6sWgORM=
Subject key identifier:   FD:26:4A:0C:B6:09:BA:F3:5C:BC:24:F9:7B:E3:90:EC:00:48:A4:8A
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D3F8B53D5A05AD0E737D10822CD9FA37F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_SZKDLYJuvNcvCT5e-OQ7ABIpIo.roa
Signing time:             Thu 25 Jan 2024 07:35:11 +0000
ROA not before:           Thu 25 Jan 2024 07:35:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35197
IP address blocks:        185.226.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3f:8b:53:d5:a0:5a:d0:e7:37:d1:08:22:cd:9f:a3:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 25 07:35:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd264a0cb609baf35cbc24f97be390ec0048a48a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ef:f0:35:e9:cc:d7:f4:72:db:e1:af:aa:90:
                    2f:00:5c:80:00:5f:49:f4:5d:c0:0c:ed:41:60:b1:
                    01:1f:ba:9f:ad:b9:85:ad:d7:5d:91:27:31:ff:a0:
                    f8:b0:ef:55:d0:89:e7:20:0f:b6:a4:93:f8:66:0c:
                    bb:61:72:b4:88:b0:4e:34:05:19:33:7d:de:d1:3f:
                    78:5d:19:19:17:68:d0:a5:12:ac:3b:91:8e:71:af:
                    7d:a6:17:85:fe:84:5b:df:93:82:57:05:4b:e2:f3:
                    b6:20:2f:1a:6a:23:97:b5:a4:77:04:f4:be:ec:54:
                    c8:50:c6:5f:0f:74:2e:3b:72:d3:f7:58:5c:2f:fb:
                    7a:b3:b8:7f:88:0a:1d:94:49:73:75:a4:2b:0c:7d:
                    4a:59:ee:64:d5:aa:17:e4:2d:41:00:12:ed:b2:6c:
                    d7:bc:fd:53:0a:aa:5e:86:28:8d:95:62:bd:3b:0f:
                    71:1b:75:ce:bf:bd:01:d8:da:b2:51:8d:f3:c5:b5:
                    1c:16:8e:fa:c9:4f:c9:4e:e4:00:48:b1:83:a3:f2:
                    55:64:db:71:ab:c2:16:63:d4:29:31:2a:de:ad:d1:
                    d9:4c:57:ac:1f:8b:70:a4:23:ad:ba:67:4d:aa:35:
                    9c:e7:4e:23:f5:82:2f:18:da:51:74:fc:9d:28:b2:
                    f2:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:26:4A:0C:B6:09:BA:F3:5C:BC:24:F9:7B:E3:90:EC:00:48:A4:8A
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_SZKDLYJuvNcvCT5e-OQ7ABIpIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:44:19:de:89:85:f8:69:a3:bb:81:c0:48:c2:0c:61:db:7d:
         b2:a8:0b:b2:c2:e1:a7:ec:18:cf:e2:eb:02:a4:60:24:11:7b:
         b7:eb:f8:3b:03:3c:94:02:af:b5:6e:57:bd:4f:2c:a9:bc:dd:
         15:1c:4a:d4:57:cc:f4:c0:e6:8c:2a:b2:2b:a0:03:cd:f8:88:
         34:aa:d6:33:d6:40:96:13:82:55:56:f1:af:17:08:9b:38:2c:
         cb:68:48:03:d6:a7:6b:ed:dc:c0:c1:d7:d7:44:94:18:9e:81:
         98:89:fe:51:ad:44:39:96:c2:d7:30:64:ff:7e:cb:bc:65:6e:
         be:ab:fb:5d:9b:73:6f:67:09:f0:3a:96:72:26:c9:a9:58:8d:
         ac:f3:eb:ba:fe:6a:44:ea:45:6b:b7:8c:7e:d0:53:16:81:c7:
         1b:86:4e:75:f7:8f:a2:2a:4f:1c:1c:b9:29:7c:fa:b4:47:7e:
         1a:d3:cc:e0:7d:28:9d:17:97:da:83:a0:67:a0:f8:aa:a2:21:
         a2:6c:53:9f:6a:96:de:b0:76:ba:84:72:41:bc:74:19:f6:5b:
         81:94:c1:af:9e:f3:10:55:07:e0:0c:84:a6:7f:28:55:ab:81:
         db:09:24:be:36:a5:94:c9:7b:4e:41:c7:5b:fa:42:cd:f6:84:
         81:e3:bc:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0/i1PVoFrQ5zfRCCLNn6N/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTI1MDczNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDI2NGEwY2I2MDliYWYzNWNiYzI0Zjk3YmUzOTBlYzAwNDhhNDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApO/wNenM1/Ry2+GvqpAvAFyAAF9J
9F3ADO1BYLEBH7qfrbmFrdddkScx/6D4sO9V0InnIA+2pJP4Zgy7YXK0iLBONAUZ
M33e0T94XRkZF2jQpRKsO5GOca99pheF/oRb35OCVwVL4vO2IC8aaiOXtaR3BPS+
7FTIUMZfD3QuO3LT91hcL/t6s7h/iAodlElzdaQrDH1KWe5k1aoX5C1BABLtsmzX
vP1TCqpehiiNlWK9Ow9xG3XOv70B2NqyUY3zxbUcFo76yU/JTuQASLGDo/JVZNtx
q8IWY9QpMSrerdHZTFesH4twpCOtumdNqjWc504j9YIvGNpRdPydKLLyJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0mSgy2CbrzXLwk+XvjkOwASKSKMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvX1NaS0RMWUp1dk5jdkNUNWUtT1E3QUJJcElvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueKvMA0G
CSqGSIb3DQEBCwUAA4IBAQAwRBneiYX4aaO7gcBIwgxh232yqAuywuGn7BjP4usC
pGAkEXu36/g7AzyUAq+1ble9TyypvN0VHErUV8z0wOaMKrIroAPN+Ig0qtYz1kCW
E4JVVvGvFwibOCzLaEgD1qdr7dzAwdfXRJQYnoGYif5RrUQ5lsLXMGT/fsu8ZW6+
q/tdm3NvZwnwOpZyJsmpWI2s8+u6/mpE6kVrt4x+0FMWgccbhk5194+iKk8cHLkp
fPq0R34a08zgfSidF5fag6BnoPiqoiGibFOfapbesHa6hHJBvHQZ9luBlMGvnvMQ
VQfgDISmfyhVq4HbCSS+NqWUyXtOQcdb+kLN9oSB47zS
-----END CERTIFICATE-----