Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_WstzpBl0PxYA7hPyB16qUPBg14.roa
File:                     _WstzpBl0PxYA7hPyB16qUPBg14.roa (raw, json)
Hash identifier:          JvJ6S/K3GhDRQ3LgHjZmGRcTSNGyUSgYq7lzFcbxNFQ=
Subject key identifier:   FD:6B:2D:CE:90:65:D0:FC:58:03:B8:4F:C8:1D:7A:A9:43:C1:83:5E
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01942824DC1A0E2A5FE937E33B337B14C222
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_WstzpBl0PxYA7hPyB16qUPBg14.roa
Signing time:             Thu 02 Jan 2025 17:51:31 +0000
ROA not before:           Thu 02 Jan 2025 17:51:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401475
IP address blocks:        45.8.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:dc:1a:0e:2a:5f:e9:37:e3:3b:33:7b:14:c2:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd6b2dce9065d0fc5803b84fc81d7aa943c1835e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b3:d4:45:e5:06:11:63:95:09:65:e1:8d:ab:
                    52:08:51:17:c4:ef:ad:25:23:aa:7a:62:53:8a:b8:
                    3d:5c:2b:dd:50:8d:5c:60:03:2d:7a:09:75:fb:7e:
                    0c:bf:14:ff:b6:69:17:04:c5:5a:93:4f:6c:cb:41:
                    2f:dc:28:67:4a:16:b1:ac:c1:04:72:db:94:db:3f:
                    fd:2d:40:38:d5:da:e1:3d:47:9a:ad:1c:e9:92:d2:
                    43:8f:4a:a7:19:72:90:39:39:d0:d3:c8:ca:fe:43:
                    92:d6:8f:b2:22:e8:66:d2:3e:a3:13:2b:71:b7:93:
                    57:92:f4:60:86:c3:18:52:ac:91:e0:d8:8f:bd:3d:
                    58:ef:da:85:be:f9:27:18:75:42:d5:56:da:45:c0:
                    63:9a:03:c2:83:3b:66:b7:3f:42:43:0f:d4:2b:68:
                    87:be:a3:a6:f3:01:5b:42:23:6c:40:a6:9f:75:05:
                    6e:12:d4:bb:8a:b8:d9:92:5e:cb:44:c4:8b:63:ec:
                    c3:ff:95:93:75:20:0c:c0:e7:7a:10:59:e2:12:0f:
                    8f:bb:35:2a:d0:60:ae:e8:76:39:83:c1:72:e4:c4:
                    9e:09:cb:85:5d:c6:3d:80:d7:f5:41:a7:78:dd:b1:
                    63:63:3e:e9:65:cd:a4:68:45:b0:a6:fd:46:aa:25:
                    60:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:6B:2D:CE:90:65:D0:FC:58:03:B8:4F:C8:1D:7A:A9:43:C1:83:5E
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_WstzpBl0PxYA7hPyB16qUPBg14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:8e:4e:c4:bc:3a:1a:7b:c2:0c:ea:0d:76:b4:0b:15:17:bc:
         8b:7e:2e:e2:37:f0:2a:30:1d:52:14:14:65:a2:55:a1:5e:d4:
         b0:8c:d0:1e:6d:7b:02:99:99:36:e9:4e:26:1a:75:4c:fe:db:
         98:08:6d:9a:b1:9a:80:9c:f3:fc:38:2e:3e:cd:33:c8:9f:c3:
         85:5f:68:69:fc:84:5d:03:75:02:03:4e:96:f9:aa:d5:a5:11:
         09:16:68:89:ff:94:75:7a:b8:41:5f:ad:0d:3c:f6:6c:9c:cf:
         05:65:70:ee:5a:85:b5:b5:77:7e:54:39:91:b2:07:1d:67:7b:
         ed:f9:6e:d0:c0:c6:9e:0d:a9:a6:11:c8:a6:92:24:8a:bf:2d:
         59:41:08:f7:70:d2:25:41:ba:8c:49:aa:08:c2:a7:6e:d3:8c:
         11:e0:90:6b:cc:44:18:9c:ac:12:0c:53:79:de:5b:c0:1c:3b:
         cf:3b:17:03:6e:60:3b:98:99:fe:60:8e:32:47:01:1b:8b:98:
         ab:d6:df:c9:61:8f:5f:53:43:54:c3:4a:8c:8d:5d:b7:c9:b9:
         1c:ac:be:80:bf:b1:f3:ec:bf:0a:bd:32:28:a1:25:d0:84:26:
         8b:cd:bb:b5:05:fd:6c:be:64:56:d4:66:22:0b:45:4c:87:b1:
         08:e6:79:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJNwaDipf6TfjOzN7FMIiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDZiMmRjZTkwNjVkMGZjNTgwM2I4NGZjODFkN2FhOTQzYzE4MzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7PUReUGEWOVCWXhjatSCFEXxO+t
JSOqemJTirg9XCvdUI1cYAMtegl1+34MvxT/tmkXBMVak09sy0Ev3ChnShaxrMEE
ctuU2z/9LUA41drhPUearRzpktJDj0qnGXKQOTnQ08jK/kOS1o+yIuhm0j6jEytx
t5NXkvRghsMYUqyR4NiPvT1Y79qFvvknGHVC1VbaRcBjmgPCgztmtz9CQw/UK2iH
vqOm8wFbQiNsQKafdQVuEtS7irjZkl7LRMSLY+zD/5WTdSAMwOd6EFniEg+PuzUq
0GCu6HY5g8Fy5MSeCcuFXcY9gNf1Qad43bFjYz7pZc2kaEWwpv1GqiVgaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1rLc6QZdD8WAO4T8gdeqlDwYNeMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvX1dzdHpwQmwwUHhZQTdoUHlCMTZxVVBCZzE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQhdMA0G
CSqGSIb3DQEBCwUAA4IBAQCijk7EvDoae8IM6g12tAsVF7yLfi7iN/AqMB1SFBRl
olWhXtSwjNAebXsCmZk26U4mGnVM/tuYCG2asZqAnPP8OC4+zTPIn8OFX2hp/IRd
A3UCA06W+arVpREJFmiJ/5R1erhBX60NPPZsnM8FZXDuWoW1tXd+VDmRsgcdZ3vt
+W7QwMaeDammEcimkiSKvy1ZQQj3cNIlQbqMSaoIwqdu04wR4JBrzEQYnKwSDFN5
3lvAHDvPOxcDbmA7mJn+YI4yRwEbi5ir1t/JYY9fU0NUw0qMjV23ybkcrL6Av7Hz
7L8KvTIooSXQhCaLzbu1Bf1svmRW1GYiC0VMh7EI5nns
-----END CERTIFICATE-----