Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iFI4r3AuHaXz_nMouwFx9rMoXxI.roa
File:                     iFI4r3AuHaXz_nMouwFx9rMoXxI.roa (raw, json)
Hash identifier:          UKZLau+GsLoI9lqfi5SSEzr9d7u57M97Gy2CGiltwhg=
Subject key identifier:   88:52:38:AF:70:2E:1D:A5:F3:FE:73:28:BB:01:71:F6:B3:28:5F:12
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018EBD2CB09DABB53AE6BBC3A71C5CD5AE11
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iFI4r3AuHaXz_nMouwFx9rMoXxI.roa
Signing time:             Mon 08 Apr 2024 10:06:46 +0000
ROA not before:           Mon 08 Apr 2024 10:06:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        94.156.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:2c:b0:9d:ab:b5:3a:e6:bb:c3:a7:1c:5c:d5:ae:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr  8 10:06:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=885238af702e1da5f3fe7328bb0171f6b3285f12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:6e:84:ca:3d:b8:18:24:1e:67:39:02:04:79:
                    bc:9e:66:82:ac:7c:b8:8a:ed:6f:45:33:d8:88:1e:
                    f5:99:a5:1d:aa:86:03:15:7b:4f:6a:cc:1d:2c:5b:
                    6b:92:8a:8e:d2:0c:a6:1f:69:cf:6e:38:3f:54:5b:
                    0d:ab:1b:40:b7:83:52:63:e0:95:69:61:8d:5d:f1:
                    53:72:ea:e4:61:11:25:25:61:87:60:96:fe:bd:38:
                    ff:7e:7b:05:a1:61:d4:43:ed:18:cd:a4:96:a0:12:
                    7b:63:7f:a2:8a:52:e8:db:29:87:08:6e:fa:bc:5a:
                    e8:2c:d1:7f:1e:d1:1d:99:fa:bf:cf:4d:dd:2f:f2:
                    30:5e:95:93:9a:a9:55:c3:cc:fa:62:fc:48:de:b1:
                    54:cd:64:27:a0:ed:ee:68:d1:d9:b7:c7:4e:45:b1:
                    35:42:ea:9a:c8:e8:04:47:69:5b:23:f1:43:fa:0f:
                    11:bf:a0:ea:f2:d3:a4:0e:33:d9:95:f4:e3:fd:29:
                    d4:17:54:d5:bb:12:68:bd:a8:5d:df:4f:4c:0e:10:
                    b7:55:ab:3e:4f:58:dc:59:2e:bd:f2:3d:75:37:10:
                    a1:45:77:12:d6:ea:f0:9a:5b:ea:94:bc:8d:9e:57:
                    58:8d:07:82:ad:27:ba:c4:53:1c:df:5e:3b:68:92:
                    ff:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:52:38:AF:70:2E:1D:A5:F3:FE:73:28:BB:01:71:F6:B3:28:5F:12
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iFI4r3AuHaXz_nMouwFx9rMoXxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:56:15:2e:19:2e:b7:74:6d:c3:38:1b:bb:94:d3:21:c6:c5:
         f9:ed:a9:f8:66:41:9e:dc:73:6e:2f:4a:c6:3f:f1:b0:e2:1b:
         59:14:2c:1a:a7:f6:a1:c7:f2:17:bd:5c:4a:17:41:43:84:80:
         01:f0:fa:a4:cd:48:85:87:f1:07:35:ef:ee:44:3f:ea:5f:00:
         88:63:db:ad:cd:a4:03:36:42:1b:14:e0:8f:8c:6c:8d:d9:d8:
         be:d5:48:71:d8:e7:b4:c2:c4:f6:60:3d:5c:e3:fa:58:fa:b8:
         fa:5b:2a:90:2b:7b:57:ae:96:1a:a2:a0:78:1d:8b:34:da:83:
         db:c5:64:00:86:71:56:3f:03:8a:47:4b:09:df:b6:36:34:0e:
         10:1d:cb:16:83:56:80:b4:56:87:06:f6:d5:b9:14:cf:a4:16:
         ef:3b:55:45:99:26:07:84:fa:34:d0:c0:b9:75:ed:ad:70:5b:
         39:0f:5c:b5:46:a3:0e:36:85:61:22:11:92:f1:0c:bc:0a:74:
         a5:dc:28:1e:f1:e6:60:d6:ea:dc:0b:5c:88:79:11:64:ed:f7:
         7d:cf:ca:07:26:f9:41:85:4f:f0:9f:61:95:98:01:94:cb:a8:
         4c:99:ea:d7:26:00:75:f7:dd:8b:f8:c2:01:4f:c1:fe:ce:4f:
         a8:8f:00:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY69LLCdq7U65rvDpxxc1a4RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNDA4MTAwNjQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODUyMzhhZjcwMmUxZGE1ZjNmZTczMjhiYjAxNzFmNmIzMjg1ZjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3W6Eyj24GCQeZzkCBHm8nmaCrHy4
iu1vRTPYiB71maUdqoYDFXtPaswdLFtrkoqO0gymH2nPbjg/VFsNqxtAt4NSY+CV
aWGNXfFTcurkYRElJWGHYJb+vTj/fnsFoWHUQ+0YzaSWoBJ7Y3+iilLo2ymHCG76
vFroLNF/HtEdmfq/z03dL/IwXpWTmqlVw8z6YvxI3rFUzWQnoO3uaNHZt8dORbE1
QuqayOgER2lbI/FD+g8Rv6Dq8tOkDjPZlfTj/SnUF1TVuxJovahd309MDhC3Vas+
T1jcWS698j11NxChRXcS1urwmlvqlLyNnldYjQeCrSe6xFMc3147aJL/bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIhSOK9wLh2l8/5zKLsBcfazKF8SMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaUZJNHIzQXVIYVh6X25Nb3V3Rng5ck1vWHhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpywMA0G
CSqGSIb3DQEBCwUAA4IBAQB0VhUuGS63dG3DOBu7lNMhxsX57an4ZkGe3HNuL0rG
P/Gw4htZFCwap/ahx/IXvVxKF0FDhIAB8PqkzUiFh/EHNe/uRD/qXwCIY9utzaQD
NkIbFOCPjGyN2di+1Uhx2Oe0wsT2YD1c4/pY+rj6WyqQK3tXrpYaoqB4HYs02oPb
xWQAhnFWPwOKR0sJ37Y2NA4QHcsWg1aAtFaHBvbVuRTPpBbvO1VFmSYHhPo00MC5
de2tcFs5D1y1RqMONoVhIhGS8Qy8CnSl3Cge8eZg1urcC1yIeRFk7fd9z8oHJvlB
hU/wn2GVmAGUy6hMmerXJgB1992L+MIBT8H+zk+ojwA7
-----END CERTIFICATE-----