Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/erKO3UwSsFKcPR5SLETiFuRbb7c.roa
File:                     erKO3UwSsFKcPR5SLETiFuRbb7c.roa (raw, json)
Hash identifier:          JWyfkQCOGoNWrsd4vKfnyMpAHov2QhF99VKxZBQM0bo=
Subject key identifier:   7A:B2:8E:DD:4C:12:B0:52:9C:3D:1E:52:2C:44:E2:16:E4:5B:6F:B7
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0191D0FCF08B9060E223B27E3846B0E5B6DD
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/erKO3UwSsFKcPR5SLETiFuRbb7c.roa
Signing time:             Sun 08 Sep 2024 09:35:23 +0000
ROA not before:           Sun 08 Sep 2024 09:35:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215292
IP address blocks:        87.121.104.0/24 maxlen: 24
                          193.25.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d0:fc:f0:8b:90:60:e2:23:b2:7e:38:46:b0:e5:b6:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep  8 09:35:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ab28edd4c12b0529c3d1e522c44e216e45b6fb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:94:64:fe:ee:bd:29:5e:8b:fe:d0:7d:51:f2:
                    a3:dc:78:64:1a:50:0e:59:27:65:55:10:90:2f:97:
                    9d:a1:fb:42:6f:de:b3:94:d6:59:10:b1:6e:10:43:
                    79:2e:cd:5d:db:17:6a:19:a7:bd:21:a1:ca:42:59:
                    76:25:1c:a1:8e:2f:e3:13:72:83:15:4d:f5:bb:5c:
                    a4:24:00:06:dc:cf:cc:86:93:61:2f:38:21:35:02:
                    82:71:ae:f0:93:9c:88:5b:f4:10:86:8b:45:f8:a5:
                    16:70:0f:cc:80:92:13:54:fd:e9:62:fc:3c:e7:22:
                    5c:86:6a:ce:40:59:aa:56:7a:c9:ca:7d:3b:08:c8:
                    92:90:fb:f6:e4:7a:ac:2f:e0:b9:4e:45:bc:fe:41:
                    46:27:ba:04:cd:ce:19:33:cc:99:2d:8a:cb:88:21:
                    c4:6b:76:96:45:6f:4e:f8:65:16:14:ac:e9:a9:49:
                    a5:3e:ea:c0:44:62:04:2d:6b:fe:90:26:2a:27:55:
                    f5:75:b2:8c:31:28:34:8c:df:8b:bd:14:bc:16:55:
                    7b:af:e6:20:61:d5:8e:9e:58:a4:33:40:1d:cb:4e:
                    7a:69:25:50:19:3b:02:19:71:57:26:ac:8e:20:f5:
                    7a:cb:f6:b1:ef:35:38:ca:af:87:5c:be:d9:d9:f6:
                    32:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:B2:8E:DD:4C:12:B0:52:9C:3D:1E:52:2C:44:E2:16:E4:5B:6F:B7
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/erKO3UwSsFKcPR5SLETiFuRbb7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.104.0/24
                  193.25.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:bf:28:62:23:b4:00:16:57:ac:a1:63:a2:c0:a5:5c:a1:a8:
         67:01:38:01:aa:8f:a1:80:9f:26:0b:68:83:d7:6d:45:31:44:
         16:d7:ff:19:19:b0:63:06:95:b0:68:2f:62:11:c7:74:14:52:
         06:e1:ce:4e:64:57:fe:8d:c8:ea:d9:6a:10:3d:a0:31:7e:bb:
         2c:b0:8e:25:ff:d6:35:ce:c4:02:7f:69:cf:dc:a7:4e:16:25:
         2c:64:93:dc:b5:1d:c1:1d:53:95:2d:d1:35:0d:cf:01:f5:6a:
         9a:93:ef:3e:27:ed:7f:be:62:38:bc:e2:37:04:50:81:c4:31:
         9c:6f:ea:fb:bf:e6:37:ec:20:b7:a3:77:f9:30:80:fc:1a:26:
         74:dc:1d:a6:48:21:0f:95:06:46:11:d0:1b:ad:a7:48:2a:a5:
         9f:fb:7a:c4:94:6a:a2:e9:15:be:91:16:a6:04:36:d2:6b:d8:
         ad:a1:7d:60:85:37:21:92:23:38:e3:bc:4d:be:96:9d:63:2e:
         22:b5:49:a0:11:eb:9b:2e:ae:2d:4b:28:62:71:5d:d5:94:9d:
         18:4d:44:a1:5b:58:b7:d8:a8:14:27:80:e4:cf:dd:b3:a2:00:
         fb:33:a4:af:3a:b8:04:bd:63:39:49:4a:3d:a5:39:72:ca:55:
         7c:38:b0:f9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZHQ/PCLkGDiI7J+OEaw5bbdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwOTA4MDkzNTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWIyOGVkZDRjMTJiMDUyOWMzZDFlNTIyYzQ0ZTIxNmU0NWI2ZmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JRk/u69KV6L/tB9UfKj3HhkGlAO
WSdlVRCQL5edoftCb96zlNZZELFuEEN5Ls1d2xdqGae9IaHKQll2JRyhji/jE3KD
FU31u1ykJAAG3M/MhpNhLzghNQKCca7wk5yIW/QQhotF+KUWcA/MgJITVP3pYvw8
5yJchmrOQFmqVnrJyn07CMiSkPv25HqsL+C5TkW8/kFGJ7oEzc4ZM8yZLYrLiCHE
a3aWRW9O+GUWFKzpqUmlPurARGIELWv+kCYqJ1X1dbKMMSg0jN+LvRS8FlV7r+Yg
YdWOnlikM0Ady056aSVQGTsCGXFXJqyOIPV6y/ax7zU4yq+HXL7Z2fYyTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHqyjt1MErBSnD0eUixE4hbkW2+3MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZXJLTzNVd1NzRktjUFI1U0xFVGlGdVJiYjdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV3loAwQA
wRnZMA0GCSqGSIb3DQEBCwUAA4IBAQA/vyhiI7QAFlesoWOiwKVcoahnATgBqo+h
gJ8mC2iD121FMUQW1/8ZGbBjBpWwaC9iEcd0FFIG4c5OZFf+jcjq2WoQPaAxfrss
sI4l/9Y1zsQCf2nP3KdOFiUsZJPctR3BHVOVLdE1Dc8B9Wqak+8+J+1/vmI4vOI3
BFCBxDGcb+r7v+Y37CC3o3f5MID8GiZ03B2mSCEPlQZGEdAbradIKqWf+3rElGqi
6RW+kRamBDbSa9itoX1ghTchkiM447xNvpadYy4itUmgEeubLq4tSyhicV3VlJ0Y
TUShW1i32KgUJ4Dkz92zogD7M6SvOrgEvWM5SUo9pTlyylV8OLD5
-----END CERTIFICATE-----