Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fKnirJ_StiUz39bjqKR5YDo58IM.roa
File:                     fKnirJ_StiUz39bjqKR5YDo58IM.roa (raw, json)
Hash identifier:          PrAPUZUnoMBfAVQDCUr0NUBrzOb/aKYcbhdY5K8Qj90=
Subject key identifier:   7C:A9:E2:AC:9F:D2:B6:25:33:DF:D6:E3:A8:A4:79:60:3A:39:F0:83
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D5EF87DD33729F9A37905CAF0C4FA86B8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fKnirJ_StiUz39bjqKR5YDo58IM.roa
Signing time:             Wed 31 Jan 2024 10:02:39 +0000
ROA not before:           Wed 31 Jan 2024 10:02:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43824
IP address blocks:        185.226.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5e:f8:7d:d3:37:29:f9:a3:79:05:ca:f0:c4:fa:86:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 31 10:02:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ca9e2ac9fd2b62533dfd6e3a8a479603a39f083
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:23:19:17:ce:69:f4:52:04:54:0f:83:7a:5d:
                    d9:0f:d6:a4:e7:99:aa:ac:65:c9:e2:bc:19:da:83:
                    f4:9a:cf:34:4e:8b:82:b0:f9:d1:69:6a:34:29:b0:
                    75:2e:73:b9:39:a7:28:d7:1c:27:ba:17:45:79:4d:
                    9b:9c:43:9c:d8:63:45:e5:12:1c:7e:52:6c:35:9d:
                    11:1d:c8:57:c8:3a:08:a5:3d:2a:8a:e4:d6:4d:0b:
                    4e:e5:13:49:f6:70:62:2e:e4:bd:db:1e:a3:d3:90:
                    10:01:e6:33:98:8c:ea:0b:6a:34:42:75:80:3a:7c:
                    6d:28:70:20:92:46:9b:46:5a:98:15:93:c8:a6:af:
                    b0:12:f3:1e:b5:39:d5:c9:3a:33:20:71:59:39:ef:
                    5b:2c:2d:7b:4e:6f:d2:2e:e0:f5:82:6c:da:b5:45:
                    51:ac:d9:24:eb:69:ef:8d:dd:59:63:10:da:a0:7b:
                    9c:77:c2:98:ec:0f:5b:66:bf:44:b8:d6:a9:a4:63:
                    09:43:1e:1e:07:8c:7d:8f:3e:89:4d:c4:40:e4:e6:
                    f7:dc:6f:fd:59:97:67:f7:d6:af:29:92:6c:bf:9a:
                    a3:3c:23:34:20:92:a3:24:d3:cf:f7:af:59:41:c0:
                    b7:7b:6e:d3:45:3d:f3:35:f3:66:76:3c:32:53:1b:
                    63:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:A9:E2:AC:9F:D2:B6:25:33:DF:D6:E3:A8:A4:79:60:3A:39:F0:83
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fKnirJ_StiUz39bjqKR5YDo58IM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:5c:de:a6:4c:80:0d:e1:4b:f8:c3:36:24:69:cc:7f:96:11:
         33:48:8e:d5:ab:83:5d:9b:67:b7:c6:cd:c1:50:7b:39:ab:7b:
         02:71:bb:f6:da:8e:11:99:91:87:18:3f:b4:79:47:cb:51:7c:
         21:62:3b:91:41:3c:a5:2f:76:3d:2f:c8:ea:fc:77:b7:a4:62:
         92:77:81:4f:af:35:60:38:c3:e4:bc:aa:63:ce:3c:05:44:f8:
         72:6d:df:67:c0:67:55:e9:20:89:6d:ad:bd:14:7f:41:82:05:
         e5:bc:0a:d1:08:fa:c2:97:95:71:61:0f:86:5e:6c:c6:f1:02:
         33:9f:fd:6c:68:8e:ef:34:c6:a1:19:c2:23:b2:24:0c:69:b0:
         88:85:98:0f:28:68:e0:e6:1a:fc:18:f6:35:a9:58:77:1b:01:
         d8:6f:22:aa:b6:82:b6:19:41:87:68:c3:e6:e1:28:38:d8:a7:
         48:8a:3e:ea:d8:3f:40:7a:95:84:38:ae:d6:34:59:35:7d:60:
         a1:1f:7e:ac:7d:61:af:8e:88:26:b3:27:80:df:d1:a5:59:72:
         6d:09:de:89:b5:f9:48:88:fa:b4:be:9d:55:92:02:9a:64:67:
         eb:95:46:5c:3a:a3:82:43:3e:c6:1d:d9:16:bd:ce:5a:bd:dd:
         c3:01:72:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1e+H3TNyn5o3kFyvDE+oa4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTMxMTAwMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2E5ZTJhYzlmZDJiNjI1MzNkZmQ2ZTNhOGE0Nzk2MDNhMzlmMDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSMZF85p9FIEVA+Del3ZD9ak55mq
rGXJ4rwZ2oP0ms80TouCsPnRaWo0KbB1LnO5Oaco1xwnuhdFeU2bnEOc2GNF5RIc
flJsNZ0RHchXyDoIpT0qiuTWTQtO5RNJ9nBiLuS92x6j05AQAeYzmIzqC2o0QnWA
OnxtKHAgkkabRlqYFZPIpq+wEvMetTnVyTozIHFZOe9bLC17Tm/SLuD1gmzatUVR
rNkk62nvjd1ZYxDaoHucd8KY7A9bZr9EuNappGMJQx4eB4x9jz6JTcRA5Ob33G/9
WZdn99avKZJsv5qjPCM0IJKjJNPP969ZQcC3e27TRT3zNfNmdjwyUxtj0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHyp4qyf0rYlM9/W46ikeWA6OfCDMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZktuaXJKX1N0aVV6MzlianFLUjVZRG81OElNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueKvMA0G
CSqGSIb3DQEBCwUAA4IBAQAOXN6mTIAN4Uv4wzYkacx/lhEzSI7Vq4Ndm2e3xs3B
UHs5q3sCcbv22o4RmZGHGD+0eUfLUXwhYjuRQTylL3Y9L8jq/He3pGKSd4FPrzVg
OMPkvKpjzjwFRPhybd9nwGdV6SCJba29FH9BggXlvArRCPrCl5VxYQ+GXmzG8QIz
n/1saI7vNMahGcIjsiQMabCIhZgPKGjg5hr8GPY1qVh3GwHYbyKqtoK2GUGHaMPm
4Sg42KdIij7q2D9AepWEOK7WNFk1fWChH36sfWGvjogmsyeA39GlWXJtCd6JtflI
iPq0vp1VkgKaZGfrlUZcOqOCQz7GHdkWvc5avd3DAXLV
-----END CERTIFICATE-----