Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pUQeSRO_4P6_TOklfoZ19OAQE7Q.roa
File:                     pUQeSRO_4P6_TOklfoZ19OAQE7Q.roa (raw, json)
Hash identifier:          m93qplWx2FDJ58Chc61Wm10Plhctasc9zJ/tBrpO+o0=
Subject key identifier:   A5:44:1E:49:13:BF:E0:FE:BF:4C:E9:25:7E:86:75:F4:E0:10:13:B4
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019428246DE73138C39D1BEAF93045481D86
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pUQeSRO_4P6_TOklfoZ19OAQE7Q.roa
Signing time:             Thu 02 Jan 2025 17:51:03 +0000
ROA not before:           Thu 02 Jan 2025 17:51:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31083
IP address blocks:        87.120.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:6d:e7:31:38:c3:9d:1b:ea:f9:30:45:48:1d:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5441e4913bfe0febf4ce9257e8675f4e01013b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:75:ad:75:04:55:4a:15:de:ee:9b:64:d5:29:
                    06:9c:d5:71:66:40:a9:a2:ce:93:86:e2:a4:c1:88:
                    c1:89:5b:ae:30:e7:c7:2c:72:69:f6:eb:cc:30:91:
                    4e:0e:88:a9:da:f7:80:f8:a1:ea:85:52:96:81:ec:
                    4a:4a:29:88:c6:71:61:07:9a:6b:3d:a2:e7:c1:23:
                    1b:19:c1:9a:8c:14:89:17:22:3e:87:99:3b:f1:8e:
                    fa:7d:d4:ee:a5:17:b6:97:26:b6:21:ee:c9:01:8f:
                    30:19:69:af:bb:57:10:69:d3:25:dd:3e:c0:ea:06:
                    56:73:2d:49:d8:6a:e9:78:f4:db:6f:39:74:5b:15:
                    6b:27:ca:bc:06:88:81:e3:90:96:4a:fa:85:0e:f3:
                    2e:7e:61:3a:e9:50:52:e9:e4:48:b7:68:6b:67:58:
                    d3:65:ff:8b:90:c1:2a:e2:00:dc:c1:10:6e:05:3f:
                    cc:b0:0e:4e:45:30:15:55:90:ad:dd:f8:77:ef:6f:
                    88:96:35:95:0c:07:1e:62:23:ac:46:e5:2f:2f:1a:
                    af:8c:eb:04:ce:02:5e:77:3d:85:24:07:57:74:36:
                    b0:df:aa:ac:cd:a5:f1:20:54:99:96:ee:e4:72:3b:
                    7b:fe:9a:fb:0c:8d:8d:73:8c:b4:e6:66:a9:62:80:
                    68:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:44:1E:49:13:BF:E0:FE:BF:4C:E9:25:7E:86:75:F4:E0:10:13:B4
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pUQeSRO_4P6_TOklfoZ19OAQE7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:12:8a:1b:0e:99:34:58:4b:8e:8e:fa:cd:38:10:9c:0f:ba:
         50:c1:ed:45:03:98:bc:cd:f3:db:c8:e9:b2:e3:59:74:6d:c7:
         69:f6:fd:56:bd:ed:52:d1:a3:b7:f1:0c:94:df:2d:8e:72:bd:
         46:70:0d:37:52:76:b5:d2:c2:e7:90:8e:45:dc:25:dd:46:f8:
         de:b3:b2:53:bc:98:89:37:ae:88:04:96:04:b6:27:9d:1a:55:
         c7:a5:ac:8d:f8:1b:96:0a:97:61:96:db:62:d6:94:fe:af:17:
         8e:f9:3c:a7:bb:10:e3:34:70:94:25:eb:d0:03:64:37:73:cf:
         04:7a:f1:88:26:9d:32:8c:55:cf:09:d9:04:c9:5f:e6:99:b1:
         2a:a7:3f:51:a0:1a:ef:15:bc:59:0a:ec:c7:3b:ad:67:6f:d6:
         6b:40:d7:df:11:41:99:d1:9e:3c:67:6e:98:c1:3e:64:ab:9a:
         f1:d6:04:83:02:47:f4:b8:59:1a:3f:e4:5c:81:8e:de:aa:b8:
         13:21:90:e4:8a:d1:1f:43:30:4d:2f:d4:2d:4d:ab:f1:a3:b1:
         2a:cc:e5:54:f6:22:13:49:56:5b:1e:8c:c2:9b:cd:a5:30:65:
         63:91:57:00:58:30:d7:dc:78:05:3b:f7:54:b0:b1:11:6a:0e:
         e3:8c:f2:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJG3nMTjDnRvq+TBFSB2GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTQ0MWU0OTEzYmZlMGZlYmY0Y2U5MjU3ZTg2NzVmNGUwMTAxM2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnWtdQRVShXe7ptk1SkGnNVxZkCp
os6ThuKkwYjBiVuuMOfHLHJp9uvMMJFODoip2veA+KHqhVKWgexKSimIxnFhB5pr
PaLnwSMbGcGajBSJFyI+h5k78Y76fdTupRe2lya2Ie7JAY8wGWmvu1cQadMl3T7A
6gZWcy1J2GrpePTbbzl0WxVrJ8q8BoiB45CWSvqFDvMufmE66VBS6eRIt2hrZ1jT
Zf+LkMEq4gDcwRBuBT/MsA5ORTAVVZCt3fh372+IljWVDAceYiOsRuUvLxqvjOsE
zgJedz2FJAdXdDaw36qszaXxIFSZlu7kcjt7/pr7DI2Nc4y05mapYoBo5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVEHkkTv+D+v0zpJX6GdfTgEBO0MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcFVRZVNST180UDZfVE9rbGZvWjE5T0FRRTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3gpMA0G
CSqGSIb3DQEBCwUAA4IBAQCaEoobDpk0WEuOjvrNOBCcD7pQwe1FA5i8zfPbyOmy
41l0bcdp9v1Wve1S0aO38QyU3y2Ocr1GcA03Una10sLnkI5F3CXdRvjes7JTvJiJ
N66IBJYEtiedGlXHpayN+BuWCpdhltti1pT+rxeO+TynuxDjNHCUJevQA2Q3c88E
evGIJp0yjFXPCdkEyV/mmbEqpz9RoBrvFbxZCuzHO61nb9ZrQNffEUGZ0Z48Z26Y
wT5kq5rx1gSDAkf0uFkaP+RcgY7eqrgTIZDkitEfQzBNL9QtTavxo7EqzOVU9iIT
SVZbHozCm82lMGVjkVcAWDDX3HgFO/dUsLERag7jjPKa
-----END CERTIFICATE-----