Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mGREVVGzSCIWOPJAozvZDE_oSQk.roa
File:                     mGREVVGzSCIWOPJAozvZDE_oSQk.roa (raw, json)
Hash identifier:          LmmZDN1uyGflx5KzDaFfNoB1y8QY3MGJ3LKVJjwaa80=
Subject key identifier:   98:64:44:55:51:B3:48:22:16:38:F2:40:A3:3B:D9:0C:4F:E8:49:09
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D7881EAC2E18DBF93C9C827ECFF811F9C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mGREVVGzSCIWOPJAozvZDE_oSQk.roa
Signing time:             Mon 05 Feb 2024 09:03:16 +0000
ROA not before:           Mon 05 Feb 2024 09:03:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60701
IP address blocks:        94.156.103.0/24 maxlen: 24
                          194.180.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:81:ea:c2:e1:8d:bf:93:c9:c8:27:ec:ff:81:1f:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb  5 09:03:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9864445551b348221638f240a33bd90c4fe84909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:db:67:7f:13:6d:32:bb:8f:e3:a4:da:1c:1c:
                    a8:3c:d7:3a:3b:34:12:c3:c9:74:e9:d8:6e:d3:2f:
                    fb:13:a2:1f:6f:0d:78:98:12:16:ea:b3:35:ff:2e:
                    d9:e3:0b:33:15:e1:34:81:42:35:0d:d3:2e:4d:39:
                    72:4b:b5:5d:3c:1b:47:a2:53:10:e8:d5:71:75:bb:
                    b6:6d:93:b7:8d:9d:3f:dc:3a:35:c9:d1:30:d2:34:
                    58:1f:28:1f:80:24:41:d6:32:a4:4d:1c:2f:f3:a1:
                    b4:54:bd:d8:5a:f1:1c:6d:36:60:50:5b:ae:c1:5e:
                    2d:48:9b:8c:cb:54:06:5a:85:9b:15:a0:41:29:d7:
                    54:84:78:46:5a:5d:f3:57:cb:23:0d:8a:f1:c3:a2:
                    2b:ce:73:5a:f9:d5:38:46:62:ea:8d:18:45:6d:b7:
                    06:24:ee:58:c1:ca:f1:6c:e2:1b:7b:e0:07:85:bd:
                    72:0e:03:75:ac:59:82:98:2a:8f:d2:2b:b5:ea:54:
                    02:7a:c0:5d:18:51:12:d9:d6:20:0d:c6:81:52:78:
                    94:44:c5:ae:be:f8:88:71:9d:cc:63:ab:69:80:90:
                    49:7c:39:b5:ce:e3:ae:43:cb:bd:d6:fc:45:33:6e:
                    d7:e0:f4:3f:e5:ab:f4:08:f6:68:dd:cb:df:47:77:
                    24:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:64:44:55:51:B3:48:22:16:38:F2:40:A3:3B:D9:0C:4F:E8:49:09
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mGREVVGzSCIWOPJAozvZDE_oSQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.103.0/24
                  194.180.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:41:0a:d4:38:0e:8e:ec:80:05:f4:1e:bf:c8:fc:74:2a:11:
         7b:4e:d2:84:43:7c:3d:b4:cc:ec:1c:1c:bd:9c:e3:0a:2d:46:
         06:68:2b:16:bd:da:d4:b7:55:24:27:c9:07:ef:69:c7:96:7a:
         2b:af:a8:33:f2:ee:a4:10:47:69:0d:a5:86:98:e7:6b:2c:70:
         ff:c5:2d:be:08:a6:b5:57:0b:7a:45:ff:a7:47:a2:28:36:2c:
         5c:66:2f:98:fc:9c:2e:bb:89:b2:da:2c:0e:c1:35:36:25:93:
         a2:8e:f8:d2:ff:2c:34:4d:fb:a8:97:01:92:ed:ca:87:33:88:
         8c:67:89:56:aa:d6:74:96:ea:16:8e:1b:77:5b:9b:53:77:c9:
         b4:99:68:46:e5:08:cc:c8:1b:3a:e5:97:be:a0:e2:fc:28:5e:
         51:06:fb:8e:72:21:ee:25:b6:48:dd:cf:b2:17:87:37:70:d0:
         76:11:99:f2:29:31:1b:e8:21:50:aa:94:dd:5f:9b:c9:59:e4:
         d6:37:31:dc:f6:36:f4:8c:21:20:a6:c5:32:e0:44:9c:26:ee:
         2f:cd:7f:33:a0:46:cf:7a:dc:55:f3:53:de:3e:19:e1:c7:f6:
         9f:91:24:f7:df:10:0b:db:99:78:a0:aa:2e:38:05:63:92:29:
         7e:0b:ad:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY14gerC4Y2/k8nIJ+z/gR+cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjA1MDkwMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODY0NDQ1NTUxYjM0ODIyMTYzOGYyNDBhMzNiZDkwYzRmZTg0OTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhttnfxNtMruP46TaHByoPNc6OzQS
w8l06dhu0y/7E6Ifbw14mBIW6rM1/y7Z4wszFeE0gUI1DdMuTTlyS7VdPBtHolMQ
6NVxdbu2bZO3jZ0/3Do1ydEw0jRYHygfgCRB1jKkTRwv86G0VL3YWvEcbTZgUFuu
wV4tSJuMy1QGWoWbFaBBKddUhHhGWl3zV8sjDYrxw6IrznNa+dU4RmLqjRhFbbcG
JO5YwcrxbOIbe+AHhb1yDgN1rFmCmCqP0iu16lQCesBdGFES2dYgDcaBUniURMWu
vviIcZ3MY6tpgJBJfDm1zuOuQ8u91vxFM27X4PQ/5av0CPZo3cvfR3ckYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJhkRFVRs0giFjjyQKM72QxP6EkJMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbUdSRVZWR3pTQ0lXT1BKQW96dlpERV9vU1FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXpxnAwQA
wrQnMA0GCSqGSIb3DQEBCwUAA4IBAQBLQQrUOA6O7IAF9B6/yPx0KhF7TtKEQ3w9
tMzsHBy9nOMKLUYGaCsWvdrUt1UkJ8kH72nHlnorr6gz8u6kEEdpDaWGmOdrLHD/
xS2+CKa1Vwt6Rf+nR6IoNixcZi+Y/Jwuu4my2iwOwTU2JZOijvjS/yw0TfuolwGS
7cqHM4iMZ4lWqtZ0luoWjht3W5tTd8m0mWhG5QjMyBs65Ze+oOL8KF5RBvuOciHu
JbZI3c+yF4c3cNB2EZnyKTEb6CFQqpTdX5vJWeTWNzHc9jb0jCEgpsUy4EScJu4v
zX8zoEbPetxV81PePhnhx/afkST33xAL25l4oKouOAVjkil+C61H
-----END CERTIFICATE-----