Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oEzXsxkUtSKMTep7d22ItBEF4DA.roa
File:                     oEzXsxkUtSKMTep7d22ItBEF4DA.roa (raw, json)
Hash identifier:          MLWh7wipeQQi9BEFbYrtH9LqfYadXylEl62LEjQ+G6M=
Subject key identifier:   A0:4C:D7:B3:19:14:B5:22:8C:4D:EA:7B:77:6D:88:B4:11:05:E0:30
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCD51C5281C71A247839821FCAF3E2
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oEzXsxkUtSKMTep7d22ItBEF4DA.roa
Signing time:             Tue 02 Jan 2024 06:29:24 +0000
ROA not before:           Tue 02 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23470
IP address blocks:        94.156.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d5:1c:52:81:c7:1a:24:78:39:82:1f:ca:f3:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a04cd7b31914b5228c4dea7b776d88b41105e030
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:4a:59:48:25:10:54:1f:a3:d2:21:aa:c4:dd:
                    df:a4:ae:c2:7a:ea:b8:17:8c:ea:4a:83:d3:1f:50:
                    de:35:93:73:9a:31:c7:4b:44:96:9f:1a:e5:9f:08:
                    91:13:3c:4f:80:de:71:f8:d2:8c:07:ee:a3:ef:03:
                    9c:f7:26:eb:7f:92:92:21:a8:f2:c9:c1:b9:6b:2f:
                    36:e2:b7:ff:a1:34:19:89:ce:bc:34:9c:50:77:63:
                    e3:6e:81:5f:b6:68:06:62:90:7e:33:f8:74:98:ed:
                    d4:dc:85:e7:df:63:00:9b:29:14:d6:4d:54:82:23:
                    c3:c0:2c:41:ed:c3:ba:ad:40:93:de:21:64:a9:46:
                    27:6b:da:76:d4:47:ae:98:7a:ee:ba:fa:59:af:71:
                    5b:e0:91:12:3a:b6:a9:fa:79:c1:87:ea:0c:be:b4:
                    a2:22:1b:1d:b5:7e:9d:ca:6c:fe:59:b6:8f:2a:fd:
                    d7:f0:fa:07:3d:8f:89:4c:21:51:9c:f3:62:ab:ac:
                    b5:2e:ba:04:11:66:9d:de:87:2d:aa:b1:8d:91:58:
                    bd:9b:df:bd:c1:a3:e5:b1:66:df:d2:e8:bd:26:55:
                    f1:42:31:ce:5d:4e:cc:e8:ab:37:36:34:b3:a7:f2:
                    53:32:16:aa:98:11:3a:99:d9:54:72:f5:73:ef:02:
                    55:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:4C:D7:B3:19:14:B5:22:8C:4D:EA:7B:77:6D:88:B4:11:05:E0:30
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oEzXsxkUtSKMTep7d22ItBEF4DA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:59:15:aa:eb:e9:42:e3:fc:0a:23:8d:22:be:d7:19:8d:ba:
         36:61:73:50:92:6e:bf:c5:a1:ec:fe:b7:3a:88:5b:59:9d:9b:
         f8:a3:94:01:af:fe:54:e2:80:88:11:55:eb:cb:bf:09:5c:e2:
         f3:d5:97:8c:ec:77:fb:a2:77:6a:4d:27:a2:bd:08:bf:04:4f:
         3b:c4:0a:2c:ed:cf:5a:ed:ca:db:30:88:a5:48:9c:ca:d3:c5:
         7b:f2:64:64:76:aa:24:f2:f0:e3:63:56:aa:5f:c0:6e:ac:ed:
         75:1e:20:37:dd:24:9a:70:f9:fa:a4:f5:02:64:da:b7:e8:b4:
         3e:61:a2:26:8d:83:e3:72:b6:f6:0f:cc:10:16:f6:24:2d:a2:
         61:ba:b2:62:fb:e0:5d:a0:14:c6:3b:df:2e:2c:ab:99:32:7a:
         bd:63:03:7a:0a:72:3e:0e:29:7e:c2:6b:ae:a2:52:39:2e:ff:
         7c:83:c2:8d:6a:71:0e:3a:df:37:7e:be:0d:38:7a:98:5c:c1:
         f4:86:9f:c2:b2:bc:0c:6d:40:20:e7:45:65:e6:22:46:5d:b9:
         c2:18:09:7d:32:d2:33:ff:dc:d2:26:4f:1a:22:d0:37:2c:22:
         f3:55:3a:d9:be:bc:f8:12:16:e0:4a:a7:e7:58:92:04:0e:17:
         10:01:c3:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3NUcUoHHGiR4OYIfyvPiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDRjZDdiMzE5MTRiNTIyOGM0ZGVhN2I3NzZkODhiNDExMDVlMDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4kpZSCUQVB+j0iGqxN3fpK7Ceuq4
F4zqSoPTH1DeNZNzmjHHS0SWnxrlnwiREzxPgN5x+NKMB+6j7wOc9ybrf5KSIajy
ycG5ay824rf/oTQZic68NJxQd2PjboFftmgGYpB+M/h0mO3U3IXn32MAmykU1k1U
giPDwCxB7cO6rUCT3iFkqUYna9p21EeumHruuvpZr3Fb4JESOrap+nnBh+oMvrSi
IhsdtX6dymz+WbaPKv3X8PoHPY+JTCFRnPNiq6y1LroEEWad3octqrGNkVi9m9+9
waPlsWbf0ui9JlXxQjHOXU7M6Ks3NjSzp/JTMhaqmBE6mdlUcvVz7wJVkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKBM17MZFLUijE3qe3dtiLQRBeAwMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvb0V6WHN4a1V0U0tNVGVwN2QyMkl0QkVGNERBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpwOMA0G
CSqGSIb3DQEBCwUAA4IBAQApWRWq6+lC4/wKI40ivtcZjbo2YXNQkm6/xaHs/rc6
iFtZnZv4o5QBr/5U4oCIEVXry78JXOLz1ZeM7Hf7ondqTSeivQi/BE87xAos7c9a
7crbMIilSJzK08V78mRkdqok8vDjY1aqX8BurO11HiA33SSacPn6pPUCZNq36LQ+
YaImjYPjcrb2D8wQFvYkLaJhurJi++BdoBTGO98uLKuZMnq9YwN6CnI+Dil+wmuu
olI5Lv98g8KNanEOOt83fr4NOHqYXMH0hp/CsrwMbUAg50Vl5iJGXbnCGAl9MtIz
/9zSJk8aItA3LCLzVTrZvrz4EhbgSqfnWJIEDhcQAcMr
-----END CERTIFICATE-----