Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fBbO4UEYlxFP5K33_VqJ7NOdLDg.roa
File:                     fBbO4UEYlxFP5K33_VqJ7NOdLDg.roa (raw, json)
Hash identifier:          56jKL6/Mhft6NVwGPqCC0psIBTqzMewzsTvi+4TyGns=
Subject key identifier:   7C:16:CE:E1:41:18:97:11:4F:E4:AD:F7:FD:5A:89:EC:D3:9D:2C:38
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DD0D7267E655F62E150C1261828E68
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fBbO4UEYlxFP5K33_VqJ7NOdLDg.roa
Signing time:             Tue 02 Jan 2024 06:29:39 +0000
ROA not before:           Tue 02 Jan 2024 06:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211437
IP address blocks:        87.120.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:0d:72:67:e6:55:f6:2e:15:0c:12:61:82:8e:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c16cee1411897114fe4adf7fd5a89ecd39d2c38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d0:fa:ff:32:5d:05:cd:78:b2:35:2d:e0:a6:
                    57:d5:fb:7f:72:d5:a1:ed:f2:70:b0:23:6d:ea:c9:
                    3b:af:38:36:c6:41:82:70:00:d2:0c:23:48:bb:8f:
                    c2:8f:b1:ce:62:1f:02:a6:10:07:0b:27:80:0e:89:
                    d3:97:75:4c:2b:83:96:46:29:6a:2f:28:c7:4e:24:
                    6b:d5:58:e4:cc:ed:54:8b:c7:f1:ce:54:a5:9c:2c:
                    68:ae:d4:6f:aa:33:56:97:72:ea:0e:93:3e:ec:75:
                    09:3b:5f:3d:f5:58:9e:83:88:1d:11:8f:2f:2b:1f:
                    c7:fe:29:9a:f0:37:88:93:11:2c:27:de:f2:06:18:
                    50:54:53:91:75:d3:b3:a9:19:35:5c:51:6c:76:ba:
                    7a:2d:91:10:0b:c9:31:a5:79:78:31:3c:27:24:2c:
                    d4:3c:bf:7d:31:96:f6:7a:28:67:79:4b:f9:b9:22:
                    fc:07:8d:1d:e7:6c:8c:2a:b3:6d:2e:71:53:41:b1:
                    de:92:2f:b0:e0:86:a3:ef:1c:f4:1b:0f:4f:7a:65:
                    a4:7f:38:45:f1:dd:fb:a1:03:b1:da:50:7c:4c:38:
                    90:b0:4e:a8:17:f4:3d:9f:88:2f:fc:74:b8:6b:31:
                    5d:4e:cd:80:bf:b2:d3:77:4b:33:03:80:9f:32:86:
                    34:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:16:CE:E1:41:18:97:11:4F:E4:AD:F7:FD:5A:89:EC:D3:9D:2C:38
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fBbO4UEYlxFP5K33_VqJ7NOdLDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:48:5c:f0:58:42:94:1c:2b:65:20:c6:9b:cb:1d:ef:b0:e7:
         b7:eb:01:4b:bc:3e:8a:47:8d:be:4e:b3:3c:8c:77:fb:02:1b:
         5e:39:77:08:90:34:02:e0:b1:a8:3b:fb:b0:79:22:60:26:a7:
         2d:47:09:c9:5a:a0:60:80:6c:7a:ee:28:b0:18:b9:6e:10:19:
         99:94:f8:dc:3a:d9:99:c5:99:e2:5b:f6:c3:df:33:be:02:a0:
         c1:e9:b2:46:6f:f5:b3:48:5f:0f:d6:37:91:8f:56:66:f0:9d:
         cd:f5:3d:a0:3c:11:f8:ce:3a:e3:44:a8:0d:c1:46:d0:b4:c8:
         cd:89:ee:88:67:48:fa:a1:69:53:8a:0b:d6:a4:fc:d6:2a:35:
         1d:bf:81:d5:62:b0:9f:fb:24:92:ef:c0:d9:79:bb:22:72:68:
         cf:4f:64:f0:64:81:b0:c8:39:4f:bf:71:a0:b4:bd:49:dd:87:
         d2:b5:71:98:02:db:43:7e:45:70:3e:dd:64:8d:e2:a8:7b:c2:
         31:74:8b:96:03:1b:a4:4f:c7:a8:b6:c0:a8:c9:51:16:d6:7f:
         f9:a4:2e:40:be:26:ce:5f:e7:df:0e:88:a2:12:0c:7e:d7:1a:
         ad:6c:17:44:84:6d:80:f2:b9:35:a8:80:c2:f5:f3:9a:bc:09:
         4c:e5:c3:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3Q1yZ+ZV9i4VDBJhgo5oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzE2Y2VlMTQxMTg5NzExNGZlNGFkZjdmZDVhODllY2QzOWQyYzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudD6/zJdBc14sjUt4KZX1ft/ctWh
7fJwsCNt6sk7rzg2xkGCcADSDCNIu4/Cj7HOYh8CphAHCyeADonTl3VMK4OWRilq
LyjHTiRr1VjkzO1Ui8fxzlSlnCxortRvqjNWl3LqDpM+7HUJO1899Vieg4gdEY8v
Kx/H/ima8DeIkxEsJ97yBhhQVFORddOzqRk1XFFsdrp6LZEQC8kxpXl4MTwnJCzU
PL99MZb2eihneUv5uSL8B40d52yMKrNtLnFTQbHeki+w4Iaj7xz0Gw9PemWkfzhF
8d37oQOx2lB8TDiQsE6oF/Q9n4gv/HS4azFdTs2Av7LTd0szA4CfMoY0FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHwWzuFBGJcRT+St9/1aiezTnSw4MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZkJiTzRVRVlseEZQNUszM19WcUo3Tk9kTERnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3gFMA0G
CSqGSIb3DQEBCwUAA4IBAQAbSFzwWEKUHCtlIMabyx3vsOe36wFLvD6KR42+TrM8
jHf7AhteOXcIkDQC4LGoO/uweSJgJqctRwnJWqBggGx67iiwGLluEBmZlPjcOtmZ
xZniW/bD3zO+AqDB6bJGb/WzSF8P1jeRj1Zm8J3N9T2gPBH4zjrjRKgNwUbQtMjN
ie6IZ0j6oWlTigvWpPzWKjUdv4HVYrCf+ySS78DZebsicmjPT2TwZIGwyDlPv3Gg
tL1J3YfStXGYAttDfkVwPt1kjeKoe8IxdIuWAxukT8eotsCoyVEW1n/5pC5AvibO
X+ffDoiiEgx+1xqtbBdEhG2A8rk1qIDC9fOavAlM5cPD
-----END CERTIFICATE-----