Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mV22q8LvpL74Umkfugwzii_E264.roa
File:                     mV22q8LvpL74Umkfugwzii_E264.roa (raw, json)
Hash identifier:          rubQyg9xs7BxFbRqkuQQIs71rgAEKjBQs03jgLtPv0E=
Subject key identifier:   99:5D:B6:AB:C2:EF:A4:BE:F8:52:69:1F:BA:0C:33:8A:2F:C4:DB:AE
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCCF7D7105424439E4A59827F5C583
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mV22q8LvpL74Umkfugwzii_E264.roa
Signing time:             Tue 02 Jan 2024 06:29:23 +0000
ROA not before:           Tue 02 Jan 2024 06:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8717
IP address blocks:        87.121.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:cf:7d:71:05:42:44:39:e4:a5:98:27:f5:c5:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=995db6abc2efa4bef852691fba0c338a2fc4dbae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:68:86:1c:c7:04:91:13:1b:10:1a:e9:9f:37:
                    85:13:40:6d:49:e0:5a:8a:27:b2:fb:d0:39:a9:c3:
                    20:c8:fe:3d:33:c4:e2:65:fc:35:e0:d3:18:26:6a:
                    cf:70:4c:f7:25:91:9e:fa:90:d7:1f:9c:d8:d5:ed:
                    58:e5:6b:57:74:47:71:6c:89:0c:15:f4:69:e7:ae:
                    01:d8:dc:b9:22:42:23:09:43:e9:5e:d7:7d:71:a4:
                    e8:f0:6f:19:43:d6:35:7a:48:6c:80:5b:5d:96:f8:
                    1f:3e:8d:c1:ca:d8:86:41:6c:c2:5c:48:a9:51:d0:
                    b0:ec:b4:f0:64:ea:1a:4f:59:17:79:cf:0c:36:84:
                    8d:b1:65:09:11:6a:ed:c7:67:6f:7a:75:48:a0:e8:
                    0b:d7:67:70:64:15:b8:fc:20:c8:a6:0b:29:0a:67:
                    29:c7:e7:b5:a2:83:23:49:52:1a:4d:d4:39:7c:8f:
                    a1:8f:6b:fb:fb:d8:34:cd:a3:09:df:e6:b7:35:a4:
                    32:25:83:aa:a3:a7:fc:26:aa:12:9d:12:69:ff:e0:
                    fb:41:ca:13:27:d3:c1:8c:bf:8f:bf:de:ce:49:df:
                    43:76:d6:13:07:59:be:73:8d:26:9e:5c:c6:bb:ae:
                    b2:30:6d:da:cf:42:b6:8d:b4:95:40:a7:fd:07:51:
                    6d:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:5D:B6:AB:C2:EF:A4:BE:F8:52:69:1F:BA:0C:33:8A:2F:C4:DB:AE
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mV22q8LvpL74Umkfugwzii_E264.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:d5:b5:ca:43:4c:7b:8c:b3:30:04:a9:6c:90:05:eb:71:ff:
         86:f9:e6:93:0d:30:74:1d:88:fb:f1:23:e3:65:1d:d2:29:a0:
         a9:0c:3a:ed:6a:5b:b3:8b:d6:3b:5e:34:49:61:17:21:24:25:
         a0:5e:56:71:75:ed:5e:63:ec:2c:39:43:bd:4e:9d:06:56:e5:
         8c:10:4b:f9:52:bb:38:32:5d:dd:c7:e9:bf:1f:be:ef:3b:86:
         8d:3c:9e:f9:da:52:cd:23:32:f8:4f:0e:e6:dc:f3:ec:66:db:
         1a:b8:e7:17:1a:28:42:88:37:0c:e1:45:2a:14:dc:10:e3:0d:
         03:5a:77:43:a9:93:b3:d0:90:ef:85:a8:93:20:eb:3e:c6:47:
         90:74:69:a9:7f:01:81:c0:97:9e:c3:05:19:3b:6f:b9:02:ea:
         a3:ac:72:e6:d4:b4:0d:db:a7:e4:c2:22:50:c8:ef:aa:70:33:
         14:ba:22:c2:88:ca:cd:67:7d:71:77:69:ed:38:a6:87:f3:f6:
         8c:73:10:f5:31:18:eb:4a:1d:e4:07:e2:8b:aa:2b:3e:f1:3f:
         9b:ad:fa:66:a8:28:cf:2c:eb:c1:e3:a5:7f:fa:93:0d:52:8d:
         fb:37:da:59:f1:6e:75:73:7e:cb:bd:a3:b5:38:c8:92:5c:ad:
         ec:4c:31:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3M99cQVCRDnkpZgn9cWDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTVkYjZhYmMyZWZhNGJlZjg1MjY5MWZiYTBjMzM4YTJmYzRkYmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2iGHMcEkRMbEBrpnzeFE0BtSeBa
iiey+9A5qcMgyP49M8TiZfw14NMYJmrPcEz3JZGe+pDXH5zY1e1Y5WtXdEdxbIkM
FfRp564B2Ny5IkIjCUPpXtd9caTo8G8ZQ9Y1ekhsgFtdlvgfPo3BytiGQWzCXEip
UdCw7LTwZOoaT1kXec8MNoSNsWUJEWrtx2dvenVIoOgL12dwZBW4/CDIpgspCmcp
x+e1ooMjSVIaTdQ5fI+hj2v7+9g0zaMJ3+a3NaQyJYOqo6f8JqoSnRJp/+D7QcoT
J9PBjL+Pv97OSd9DdtYTB1m+c40mnlzGu66yMG3az0K2jbSVQKf9B1FtaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJldtqvC76S++FJpH7oMM4ovxNuuMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbVYyMnE4THZwTDc0VW1rZnVnd3ppaV9FMjY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3nfMA0G
CSqGSIb3DQEBCwUAA4IBAQCZ1bXKQ0x7jLMwBKlskAXrcf+G+eaTDTB0HYj78SPj
ZR3SKaCpDDrtaluzi9Y7XjRJYRchJCWgXlZxde1eY+wsOUO9Tp0GVuWMEEv5Urs4
Ml3dx+m/H77vO4aNPJ752lLNIzL4Tw7m3PPsZtsauOcXGihCiDcM4UUqFNwQ4w0D
WndDqZOz0JDvhaiTIOs+xkeQdGmpfwGBwJeewwUZO2+5AuqjrHLm1LQN26fkwiJQ
yO+qcDMUuiLCiMrNZ31xd2ntOKaH8/aMcxD1MRjrSh3kB+KLqis+8T+brfpmqCjP
LOvB46V/+pMNUo37N9pZ8W51c37LvaO1OMiSXK3sTDEC
-----END CERTIFICATE-----