Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mAWoCHhEvrRQsT2SfV33zfOsMak.roa
File:                     mAWoCHhEvrRQsT2SfV33zfOsMak.roa (raw, json)
Hash identifier:          9p9P3Vl7M5MoWcuwuHjEJhvHPgx5KVb5ZZcSh0NCqgI=
Subject key identifier:   98:05:A8:08:78:44:BE:B4:50:B1:3D:92:7D:5D:F7:CD:F3:AC:31:A9
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0191BD7C90C4DAC43D813A1BDD162624275C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mAWoCHhEvrRQsT2SfV33zfOsMak.roa
Signing time:             Wed 04 Sep 2024 14:42:22 +0000
ROA not before:           Wed 04 Sep 2024 14:42:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197450
IP address blocks:        45.128.233.0/24 maxlen: 24
                          178.215.239.0/24 maxlen: 24
                          185.221.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bd:7c:90:c4:da:c4:3d:81:3a:1b:dd:16:26:24:27:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep  4 14:42:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9805a8087844beb450b13d927d5df7cdf3ac31a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a1:5c:d5:71:0d:53:18:0c:44:5f:48:e9:e0:
                    aa:5f:30:f3:b3:00:1e:1e:d8:c4:0c:f8:c8:1f:2d:
                    b9:84:7b:d9:b7:66:ac:26:fb:83:ec:73:78:de:c1:
                    f4:5f:d7:9f:9d:da:8b:26:f2:67:4d:e9:b1:2f:a0:
                    14:c1:00:7d:37:04:de:74:84:e1:65:e2:99:29:1a:
                    f2:07:f1:37:0c:da:0a:fb:2d:62:4c:09:72:45:3d:
                    bf:d8:a0:0f:72:c7:dc:7d:1c:67:84:32:b6:fc:80:
                    06:9a:64:13:9f:87:7c:ef:b0:81:7b:69:e0:ad:21:
                    15:8b:d9:22:c4:a4:e3:a2:02:64:53:1e:e9:59:1a:
                    00:03:45:9b:51:7b:08:ca:79:8d:13:93:31:00:fd:
                    77:ab:48:82:c9:b8:2b:ee:d0:13:0b:42:65:64:fa:
                    57:7d:d1:0d:a9:4b:ad:dd:84:bd:0b:84:c9:29:82:
                    8d:41:08:92:9d:a0:92:01:4c:f2:bf:df:4c:22:ad:
                    04:1e:41:69:3e:1e:10:a9:58:0a:dc:e8:7b:d4:92:
                    f2:68:b3:e7:b3:79:b6:fd:05:10:d2:4e:49:0a:28:
                    24:df:30:1c:1a:12:fa:2d:41:6e:0a:e1:5b:17:5b:
                    dd:97:d3:09:05:15:86:e8:43:2c:22:f9:0f:c4:df:
                    83:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:05:A8:08:78:44:BE:B4:50:B1:3D:92:7D:5D:F7:CD:F3:AC:31:A9
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mAWoCHhEvrRQsT2SfV33zfOsMak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.233.0/24
                  178.215.239.0/24
                  185.221.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:ba:16:02:22:ce:cb:77:bf:53:07:33:71:f9:87:48:a4:b9:
         a3:70:9a:27:37:0c:26:39:1a:a5:56:c3:7c:da:9f:21:8a:22:
         2b:9a:a4:c8:f6:6e:7b:d6:f6:72:a2:ac:19:65:80:ca:1d:52:
         99:f7:a1:5f:db:6e:05:7a:13:38:62:e9:01:52:01:4f:c2:c5:
         3f:ba:29:26:5d:34:63:7e:09:97:04:be:89:a5:3a:f7:c4:91:
         10:ee:e8:23:a3:0a:b6:3c:c6:92:ab:69:67:12:54:67:f4:ac:
         01:f0:4d:30:8e:1e:42:cf:1c:c5:79:71:12:7d:a9:82:34:73:
         9c:22:27:e0:ba:6f:e2:56:c6:83:55:86:70:43:d9:9f:90:f3:
         25:77:71:98:76:74:8c:83:9d:de:d6:f0:3b:d1:1f:45:72:ee:
         8b:dc:4b:dd:97:f5:c8:47:e4:68:70:ca:45:c1:b5:04:0c:8c:
         49:45:38:20:e3:33:ba:36:a6:26:5b:01:cf:22:8c:a1:79:c0:
         79:72:50:d1:2e:0c:36:5c:d5:1a:7e:06:30:26:60:d2:9a:c0:
         ad:08:da:f9:78:7b:a1:17:b1:9f:95:89:65:ca:d5:ea:40:01:
         02:6c:05:0c:f0:db:90:26:cb:3e:fe:8b:57:95:c9:60:0a:bd:
         2a:75:cd:39
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZG9fJDE2sQ9gTob3RYmJCdcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwOTA0MTQ0MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODA1YTgwODc4NDRiZWI0NTBiMTNkOTI3ZDVkZjdjZGYzYWMzMWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6Fc1XENUxgMRF9I6eCqXzDzswAe
HtjEDPjIHy25hHvZt2asJvuD7HN43sH0X9efndqLJvJnTemxL6AUwQB9NwTedITh
ZeKZKRryB/E3DNoK+y1iTAlyRT2/2KAPcsfcfRxnhDK2/IAGmmQTn4d877CBe2ng
rSEVi9kixKTjogJkUx7pWRoAA0WbUXsIynmNE5MxAP13q0iCybgr7tATC0JlZPpX
fdENqUut3YS9C4TJKYKNQQiSnaCSAUzyv99MIq0EHkFpPh4QqVgK3Oh71JLyaLPn
s3m2/QUQ0k5JCigk3zAcGhL6LUFuCuFbF1vdl9MJBRWG6EMsIvkPxN+DcQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJgFqAh4RL60ULE9kn1d983zrDGpMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbUFXb0NIaEV2clJRc1QyU2ZWMzN6Zk9zTWFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYDpAwQA
stfvAwQAud1AMA0GCSqGSIb3DQEBCwUAA4IBAQAhuhYCIs7Ld79TBzNx+YdIpLmj
cJonNwwmORqlVsN82p8hiiIrmqTI9m571vZyoqwZZYDKHVKZ96Ff224FehM4YukB
UgFPwsU/uikmXTRjfgmXBL6JpTr3xJEQ7ugjowq2PMaSq2lnElRn9KwB8E0wjh5C
zxzFeXESfamCNHOcIifgum/iVsaDVYZwQ9mfkPMld3GYdnSMg53e1vA70R9Fcu6L
3Evdl/XIR+RocMpFwbUEDIxJRTgg4zO6NqYmWwHPIoyhecB5clDRLgw2XNUafgYw
JmDSmsCtCNr5eHuhF7GflYllytXqQAECbAUM8NuQJss+/otXlclgCr0qdc05
-----END CERTIFICATE-----