Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_wTcHLqWm79xpsnqwNZpMFylWn0.roa
File:                     _wTcHLqWm79xpsnqwNZpMFylWn0.roa (raw, json)
Hash identifier:          AVSVxXY+x9Nekz2Zyv0aN+ZRb4ZPtMFt1qWKzbedPxI=
Subject key identifier:   FF:04:DC:1C:BA:96:9B:BF:71:A6:C9:EA:C0:D6:69:30:5C:A5:5A:7D
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCFAC691190EAE19B76CB2FD91C77A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_wTcHLqWm79xpsnqwNZpMFylWn0.roa
Signing time:             Tue 02 Jan 2024 06:29:34 +0000
ROA not before:           Tue 02 Jan 2024 06:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199818
IP address blocks:        87.121.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:fa:c6:91:19:0e:ae:19:b7:6c:b2:fd:91:c7:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff04dc1cba969bbf71a6c9eac0d669305ca55a7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:eb:43:d3:e3:b8:b0:06:eb:82:4e:13:58:ff:
                    f1:bf:02:ca:f6:92:78:34:76:76:ef:0b:80:64:78:
                    a9:2c:08:ac:6c:c7:a6:b2:03:0f:0e:f7:e4:dd:9e:
                    df:37:87:5b:19:37:25:f0:37:cc:a9:8c:49:71:17:
                    5e:0c:bd:98:a9:bd:5a:7f:28:35:31:7d:7d:b9:f0:
                    2e:7f:71:7c:3d:a3:93:b5:f1:60:82:de:06:da:c1:
                    6f:dd:f4:cd:72:7a:bd:49:97:51:f0:fd:c5:22:43:
                    e8:05:d5:29:9c:97:ed:86:52:5e:2f:40:69:97:80:
                    65:3d:27:f7:bd:c1:81:d4:33:93:cf:d8:de:cd:da:
                    4d:d7:2f:ce:c8:20:6d:f7:1b:de:b7:7b:86:90:7d:
                    b9:99:9d:09:23:77:15:ca:6b:a0:97:75:30:42:d9:
                    b8:9d:35:6d:9c:d0:ed:9a:9f:f2:f0:31:c1:96:29:
                    cd:69:50:14:ed:5d:33:f2:bd:36:b1:ad:49:82:a0:
                    f4:e4:c2:42:2d:a6:3e:af:07:e7:b2:b7:4f:2e:13:
                    57:60:eb:8b:4a:10:8c:e0:c3:9d:10:16:73:0a:b3:
                    f6:e5:e2:33:a5:0b:c5:e3:d7:82:e6:10:98:b4:b2:
                    77:64:aa:f5:7d:48:81:c9:0d:b8:59:80:d3:d4:af:
                    c6:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:04:DC:1C:BA:96:9B:BF:71:A6:C9:EA:C0:D6:69:30:5C:A5:5A:7D
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_wTcHLqWm79xpsnqwNZpMFylWn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:b1:10:5b:f1:11:b1:62:07:6e:f4:57:55:cc:b1:b3:e4:e8:
         09:2b:cc:c4:d3:17:0c:fa:76:66:ef:53:f1:70:5e:0c:59:7a:
         03:39:29:c0:26:dc:9b:97:1d:47:1d:ee:32:61:55:eb:d3:24:
         0f:50:ec:e3:20:23:72:a7:08:09:64:28:94:ae:25:cd:ea:f9:
         15:54:24:59:26:d0:03:14:a0:38:19:f6:7b:e5:77:52:dc:0f:
         78:d7:54:20:0c:88:b3:7f:68:5c:8d:78:f4:59:2a:6e:d9:e6:
         54:e1:5d:01:52:74:79:c1:c8:9c:b8:05:2e:8a:37:d8:65:9d:
         97:4c:77:03:89:e9:64:1b:67:dd:f6:25:6e:38:36:0d:08:28:
         29:5d:96:47:20:59:2f:95:97:67:61:8e:91:68:59:03:4d:f4:
         ff:2b:d1:d5:24:c1:06:4f:a6:a4:de:c4:d3:30:c1:3a:73:dc:
         e3:12:bb:cb:c8:4b:60:70:8b:67:91:a6:bf:1b:07:80:40:bf:
         ff:e6:c1:ee:a0:af:5f:89:c4:0a:86:f0:d8:b3:18:81:88:c9:
         b8:fb:57:80:87:9e:1d:f6:f0:b7:d3:70:af:b9:77:40:22:b1:
         b9:d2:1b:bd:1e:0e:a5:8f:f0:74:02:0a:60:05:14:60:e3:7b:
         98:57:00:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3PrGkRkOrhm3bLL9kcd6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjA0ZGMxY2JhOTY5YmJmNzFhNmM5ZWFjMGQ2NjkzMDVjYTU1YTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApetD0+O4sAbrgk4TWP/xvwLK9pJ4
NHZ27wuAZHipLAisbMemsgMPDvfk3Z7fN4dbGTcl8DfMqYxJcRdeDL2Yqb1afyg1
MX19ufAuf3F8PaOTtfFggt4G2sFv3fTNcnq9SZdR8P3FIkPoBdUpnJfthlJeL0Bp
l4BlPSf3vcGB1DOTz9jezdpN1y/OyCBt9xvet3uGkH25mZ0JI3cVymugl3UwQtm4
nTVtnNDtmp/y8DHBlinNaVAU7V0z8r02sa1JgqD05MJCLaY+rwfnsrdPLhNXYOuL
ShCM4MOdEBZzCrP25eIzpQvF49eC5hCYtLJ3ZKr1fUiByQ24WYDT1K/GjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8E3By6lpu/cabJ6sDWaTBcpVp9MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvX3dUY0hMcVdtNzl4cHNucXdOWnBNRnlsV24wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3krMA0G
CSqGSIb3DQEBCwUAA4IBAQAqsRBb8RGxYgdu9FdVzLGz5OgJK8zE0xcM+nZm71Px
cF4MWXoDOSnAJtyblx1HHe4yYVXr0yQPUOzjICNypwgJZCiUriXN6vkVVCRZJtAD
FKA4GfZ75XdS3A9411QgDIizf2hcjXj0WSpu2eZU4V0BUnR5wcicuAUuijfYZZ2X
THcDielkG2fd9iVuODYNCCgpXZZHIFkvlZdnYY6RaFkDTfT/K9HVJMEGT6ak3sTT
MME6c9zjErvLyEtgcItnkaa/GweAQL//5sHuoK9ficQKhvDYsxiBiMm4+1eAh54d
9vC303CvuXdAIrG50hu9Hg6lj/B0AgpgBRRg43uYVwD/
-----END CERTIFICATE-----