Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lZgGcUwL3JeYVE2W_UyqRCTxjmQ.roa
File:                     lZgGcUwL3JeYVE2W_UyqRCTxjmQ.roa (raw, json)
Hash identifier:          aHaWUngdr+82s4EYdpCEqxn5mbc47LZKvywAVpNuY3A=
Subject key identifier:   95:98:06:71:4C:0B:DC:97:98:54:4D:96:FD:4C:AA:44:24:F1:8E:64
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01927FE0CEBF3A879C284C0D13E012DD6624
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lZgGcUwL3JeYVE2W_UyqRCTxjmQ.roa
Signing time:             Sat 12 Oct 2024 08:38:12 +0000
ROA not before:           Sat 12 Oct 2024 08:38:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4760
IP address blocks:        87.121.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7f:e0:ce:bf:3a:87:9c:28:4c:0d:13:e0:12:dd:66:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct 12 08:38:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=959806714c0bdc9798544d96fd4caa4424f18e64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:91:84:63:bf:85:50:e0:9d:d4:8c:51:66:a4:
                    ee:5a:59:04:25:da:de:7c:d6:17:2f:08:49:53:97:
                    ee:2c:d4:83:9b:1d:d8:ae:37:63:5d:8f:35:ea:aa:
                    fb:a6:f3:04:3a:8b:61:e6:12:19:ed:d4:b8:6f:73:
                    a6:4b:86:e3:8f:05:bf:b7:8d:c7:b0:e4:c6:d9:6d:
                    59:68:0b:20:ab:92:d9:b0:4b:e9:07:ee:50:15:20:
                    46:0f:d0:54:0a:ab:96:84:29:56:52:bb:e0:a4:fd:
                    ff:c1:d2:f9:71:62:f1:e3:05:4f:01:31:0b:2c:a1:
                    33:19:b6:d3:5d:4b:9e:ec:f3:9d:2e:dc:bc:e5:2a:
                    eb:64:f7:9b:4b:cd:b0:5e:3b:79:ac:14:70:ee:2a:
                    3c:03:f6:6f:93:ea:92:e6:b2:6f:27:09:6d:52:fc:
                    f3:b8:64:08:19:0c:81:de:e2:99:0b:2d:8e:74:da:
                    39:18:20:68:8d:22:6c:a7:f3:11:f2:d7:fe:ea:6f:
                    51:61:a0:bf:d3:9f:77:f8:9a:6f:4c:96:6f:1d:43:
                    8a:20:69:9c:66:64:7b:c1:c3:2e:d5:31:bd:57:d5:
                    d0:f0:71:02:7d:03:7b:c8:d4:d9:d1:62:6b:e6:c7:
                    99:e6:80:f1:c6:ee:87:3d:ca:ed:2b:d2:c2:69:a5:
                    6d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:98:06:71:4C:0B:DC:97:98:54:4D:96:FD:4C:AA:44:24:F1:8E:64
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lZgGcUwL3JeYVE2W_UyqRCTxjmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:44:a9:17:ea:8a:4e:d3:5d:bf:ca:ac:f0:5e:7f:30:99:ab:
         fb:e3:bb:ef:f9:69:da:56:73:41:9a:0c:8c:c1:7d:30:fe:a5:
         b9:79:e7:3f:6b:93:f4:0b:e2:66:f4:4a:d8:53:35:5b:a0:49:
         d2:52:0c:0b:f3:c0:6d:e7:83:43:5b:87:15:bd:78:0f:99:29:
         9c:0c:22:49:49:46:a6:44:93:93:9f:1a:f7:6d:86:1e:28:ec:
         07:07:a5:cc:3c:9e:9b:e3:6e:b8:fe:30:df:05:16:4e:06:77:
         a9:28:14:84:56:09:bb:a7:5b:b1:a6:4b:50:4f:ba:b9:6f:8c:
         92:7e:9e:ff:e2:2d:39:e4:b8:72:ce:3c:0d:37:6d:2b:b3:a5:
         32:88:e3:3d:0f:0a:e7:95:19:60:f3:e5:ba:dc:fd:69:5c:5a:
         35:fe:28:10:74:77:d7:0c:ee:fe:e2:6c:22:0e:85:53:cd:17:
         09:7e:e6:42:7f:8e:53:7a:38:9f:18:91:95:5c:f8:3b:f6:e3:
         31:63:ea:2d:69:e0:55:1c:78:83:28:8d:88:b6:c6:c6:eb:1b:
         25:6c:4c:54:f3:04:a5:43:93:d1:8a:2a:ab:2d:cd:ee:71:b8:
         ca:01:01:0d:ae:5d:9b:92:15:54:22:86:d5:f0:c0:c4:45:6c:
         11:75:e9:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ/4M6/OoecKEwNE+AS3WYkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMDEyMDgzODEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTk4MDY3MTRjMGJkYzk3OTg1NDRkOTZmZDRjYWE0NDI0ZjE4ZTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZGEY7+FUOCd1IxRZqTuWlkEJdre
fNYXLwhJU5fuLNSDmx3YrjdjXY816qr7pvMEOoth5hIZ7dS4b3OmS4bjjwW/t43H
sOTG2W1ZaAsgq5LZsEvpB+5QFSBGD9BUCquWhClWUrvgpP3/wdL5cWLx4wVPATEL
LKEzGbbTXUue7POdLty85SrrZPebS82wXjt5rBRw7io8A/Zvk+qS5rJvJwltUvzz
uGQIGQyB3uKZCy2OdNo5GCBojSJsp/MR8tf+6m9RYaC/0593+JpvTJZvHUOKIGmc
ZmR7wcMu1TG9V9XQ8HECfQN7yNTZ0WJr5seZ5oDxxu6HPcrtK9LCaaVtfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWYBnFMC9yXmFRNlv1MqkQk8Y5kMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbFpnR2NVd0wzSmVZVkUyV19VeXFSQ1R4am1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3l9MA0G
CSqGSIb3DQEBCwUAA4IBAQAlRKkX6opO012/yqzwXn8wmav747vv+WnaVnNBmgyM
wX0w/qW5eec/a5P0C+Jm9ErYUzVboEnSUgwL88Bt54NDW4cVvXgPmSmcDCJJSUam
RJOTnxr3bYYeKOwHB6XMPJ6b4264/jDfBRZOBnepKBSEVgm7p1uxpktQT7q5b4yS
fp7/4i055LhyzjwNN20rs6UyiOM9DwrnlRlg8+W63P1pXFo1/igQdHfXDO7+4mwi
DoVTzRcJfuZCf45TejifGJGVXPg79uMxY+otaeBVHHiDKI2ItsbG6xslbExU8wSl
Q5PRiiqrLc3ucbjKAQENrl2bkhVUIobV8MDERWwRdekx
-----END CERTIFICATE-----