Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oUYDl4Cm014SKQk9uLg0UQOmzGo.roa
File:                     oUYDl4Cm014SKQk9uLg0UQOmzGo.roa (raw, json)
Hash identifier:          L6MJHbxh0AjaUcvkj7UQn6gKO5XKQ5QhzaDjq48dZko=
Subject key identifier:   A1:46:03:97:80:A6:D3:5E:12:29:09:3D:B8:B8:34:51:03:A6:CC:6A
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0193297BAA0F03C490FF7812C84D39E917B7
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oUYDl4Cm014SKQk9uLg0UQOmzGo.roa
Signing time:             Thu 14 Nov 2024 07:03:10 +0000
ROA not before:           Thu 14 Nov 2024 07:03:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207957
IP address blocks:        45.149.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:29:7b:aa:0f:03:c4:90:ff:78:12:c8:4d:39:e9:17:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov 14 07:03:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a146039780a6d35e1229093db8b8345103a6cc6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8a:3c:2c:53:99:e6:2d:95:8e:ef:11:2e:f1:
                    ed:21:42:d6:34:79:96:88:9a:4b:99:dc:5f:d4:59:
                    89:89:ec:33:66:74:ef:0e:07:91:8b:7d:97:5c:c3:
                    c1:bb:8b:77:a7:1a:d1:74:b6:54:31:17:44:19:d1:
                    0a:0d:b0:99:7d:24:ad:20:b1:36:d2:a6:3f:87:14:
                    34:a1:14:07:50:4d:7c:b0:e9:e2:b5:4e:4b:e3:9e:
                    41:b5:b8:75:44:16:a9:f4:dd:b3:95:8d:8f:67:59:
                    cf:70:14:6d:ae:90:84:90:3b:3f:78:11:d4:46:b9:
                    87:dd:04:82:7e:3b:cd:31:26:2e:bf:a7:38:3d:9b:
                    61:53:bd:b4:69:a6:e4:ba:da:f6:00:25:f2:0b:b5:
                    b3:2a:ac:ae:d3:6c:74:82:f4:07:23:24:ec:a4:be:
                    ef:b8:a5:ef:ee:ea:fc:a8:d0:6a:19:0d:40:5a:c1:
                    c0:1b:c3:40:f6:8f:0a:e6:bb:73:24:d0:43:7d:b7:
                    43:2f:2a:2e:18:27:dd:e8:53:fe:3d:f3:0c:23:9f:
                    b6:b5:a3:89:af:c0:07:9a:37:14:95:c6:21:42:80:
                    1c:0e:e4:32:2b:34:9c:63:20:86:14:10:57:35:01:
                    ce:30:62:81:0b:70:dc:05:ed:f5:d4:a0:87:b1:83:
                    c5:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:46:03:97:80:A6:D3:5E:12:29:09:3D:B8:B8:34:51:03:A6:CC:6A
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oUYDl4Cm014SKQk9uLg0UQOmzGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:44:ff:9c:76:1f:eb:82:ec:30:85:1a:e4:4c:45:d3:ef:3f:
         4e:6e:74:2d:ff:06:78:32:15:ea:bd:56:58:c8:7e:56:fa:47:
         1d:17:6a:7e:70:5d:a5:84:d6:d3:35:1e:5a:e4:a3:d6:52:51:
         80:07:ca:90:ba:f0:57:56:da:d5:a5:4d:21:70:5f:cb:49:a5:
         8b:39:a6:fe:e3:a0:7e:fa:50:f3:f2:26:85:a4:77:d0:65:0b:
         66:d4:87:29:db:46:04:03:5e:cd:fc:68:a5:c3:2b:5f:10:f0:
         cc:3e:ef:24:bf:65:43:c1:a4:14:f5:92:7c:ef:a0:1c:7d:f7:
         69:27:22:d0:7b:43:6e:87:5f:12:c4:e3:b2:cc:bb:dc:32:b2:
         24:2a:e3:bf:85:cd:42:29:d2:ed:ca:92:93:98:ca:20:49:9a:
         f8:d2:13:47:4f:41:24:e9:3f:31:69:58:f5:c4:49:89:e0:27:
         90:d8:91:37:09:d3:b5:46:cf:b3:b2:d8:c3:1f:0a:fc:9c:70:
         65:86:4e:70:1a:09:96:64:47:da:bf:8a:71:79:f2:b0:9f:ac:
         96:d5:37:cf:dd:12:7c:34:9c:7e:8c:68:79:03:33:b6:64:40:
         10:79:41:30:5e:d5:4d:88:fe:b7:06:bc:ef:f7:e2:ae:20:ab:
         4e:08:aa:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMpe6oPA8SQ/3gSyE056Re3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMTE0MDcwMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTQ2MDM5NzgwYTZkMzVlMTIyOTA5M2RiOGI4MzQ1MTAzYTZjYzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYo8LFOZ5i2Vju8RLvHtIULWNHmW
iJpLmdxf1FmJiewzZnTvDgeRi32XXMPBu4t3pxrRdLZUMRdEGdEKDbCZfSStILE2
0qY/hxQ0oRQHUE18sOnitU5L455Btbh1RBap9N2zlY2PZ1nPcBRtrpCEkDs/eBHU
RrmH3QSCfjvNMSYuv6c4PZthU720aabkutr2ACXyC7WzKqyu02x0gvQHIyTspL7v
uKXv7ur8qNBqGQ1AWsHAG8NA9o8K5rtzJNBDfbdDLyouGCfd6FP+PfMMI5+2taOJ
r8AHmjcUlcYhQoAcDuQyKzScYyCGFBBXNQHOMGKBC3DcBe311KCHsYPFQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKFGA5eAptNeEikJPbi4NFEDpsxqMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvb1VZRGw0Q20wMTRTS1FrOXVMZzBVUU9tekdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZXrMA0G
CSqGSIb3DQEBCwUAA4IBAQC0RP+cdh/rguwwhRrkTEXT7z9ObnQt/wZ4MhXqvVZY
yH5W+kcdF2p+cF2lhNbTNR5a5KPWUlGAB8qQuvBXVtrVpU0hcF/LSaWLOab+46B+
+lDz8iaFpHfQZQtm1Icp20YEA17N/GilwytfEPDMPu8kv2VDwaQU9ZJ876Acffdp
JyLQe0Nuh18SxOOyzLvcMrIkKuO/hc1CKdLtypKTmMogSZr40hNHT0Ek6T8xaVj1
xEmJ4CeQ2JE3CdO1Rs+zstjDHwr8nHBlhk5wGgmWZEfav4pxefKwn6yW1TfP3RJ8
NJx+jGh5AzO2ZEAQeUEwXtVNiP63Brzv9+KuIKtOCKpm
-----END CERTIFICATE-----