Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/r3m7OXxLNXOoU8fuSnclRZzqrn4.roa
File:                     r3m7OXxLNXOoU8fuSnclRZzqrn4.roa (raw, json)
Hash identifier:          J+RyOhM/SdIYd6+905gwFjzhY1IaNaJrj4R95rCI2SY=
Subject key identifier:   AF:79:BB:39:7C:4B:35:73:A8:53:C7:EE:4A:77:25:45:9C:EA:AE:7E
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018DA7E1FDCFAAE388022D94420456FF342A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/r3m7OXxLNXOoU8fuSnclRZzqrn4.roa
Signing time:             Wed 14 Feb 2024 13:50:22 +0000
ROA not before:           Wed 14 Feb 2024 13:50:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6079
IP address blocks:        185.252.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:e1:fd:cf:aa:e3:88:02:2d:94:42:04:56:ff:34:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 14 13:50:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af79bb397c4b3573a853c7ee4a7725459ceaae7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e4:9a:6e:c7:9d:26:61:2b:91:88:db:1a:37:
                    1a:56:32:b6:77:e0:54:e6:55:7c:47:cd:e8:55:5c:
                    fe:46:f5:24:8f:f4:90:4b:80:9c:a4:35:08:88:1f:
                    b4:05:95:ff:63:ef:63:b3:2e:f5:c6:b6:be:22:1a:
                    98:90:b0:c2:97:32:07:9a:e1:0d:4a:b1:3c:e7:85:
                    5d:7e:9e:0b:57:c1:a9:ca:5c:14:91:cf:ed:9c:82:
                    1f:7e:12:a5:2c:e6:ad:83:d3:c3:49:20:42:29:c0:
                    f7:d9:29:2b:45:42:f3:1c:1e:0c:9c:16:de:12:ee:
                    91:36:f2:84:fe:58:1f:a3:ff:03:60:5b:98:7c:10:
                    80:87:72:29:72:7e:e9:5d:97:d5:dd:b8:e5:ec:cd:
                    57:d1:53:cd:a5:80:6c:13:24:22:f0:46:78:d5:96:
                    79:55:ce:54:60:7c:c1:35:00:dd:32:c3:39:1c:06:
                    05:a7:e4:bd:3c:f2:9a:9d:e2:52:eb:79:20:2d:8a:
                    be:61:41:7c:f3:45:93:c8:4a:4b:9e:32:0a:3e:c1:
                    ad:28:5c:dc:3d:53:fa:4e:7f:fa:28:b5:93:fb:5d:
                    01:b1:41:52:ef:b8:6a:a9:21:87:51:22:d5:88:d6:
                    e9:2f:cf:04:b0:e4:35:4e:d7:f9:1b:0d:08:1b:0b:
                    40:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:79:BB:39:7C:4B:35:73:A8:53:C7:EE:4A:77:25:45:9C:EA:AE:7E
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/r3m7OXxLNXOoU8fuSnclRZzqrn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:2e:ce:be:00:40:2a:b2:2d:8c:e9:fc:77:91:83:67:c2:f8:
         ec:7b:43:91:9a:f3:c5:de:b4:89:e5:f5:59:a2:47:68:ec:bd:
         19:59:3d:f5:a9:7a:af:0f:40:94:07:06:b6:1b:18:70:6a:ce:
         05:8a:ac:2d:66:50:d3:2b:af:3e:0f:5f:80:60:c8:d3:a0:55:
         f3:a2:dd:0a:10:75:de:a4:e3:45:dd:c7:7a:ac:e6:5f:bd:38:
         9e:56:ac:a3:ad:e1:f0:e2:60:e9:be:07:1f:3f:17:f6:88:de:
         f5:32:ba:3c:ad:f3:22:52:e5:3c:ab:81:7a:b9:d1:1d:8b:5b:
         57:3e:a4:ff:3d:2d:38:76:f2:a0:79:c9:2d:de:73:1b:41:87:
         3a:66:55:b3:c6:8d:fa:5c:cb:34:d1:5e:9a:8c:c3:f2:50:26:
         ab:1c:32:75:c0:d0:4e:7e:b1:ef:41:42:46:0a:2f:bb:c9:b1:
         46:de:66:2c:2a:51:c2:f0:db:48:04:ef:c5:c7:04:a2:81:2c:
         75:a6:8c:b7:44:96:b8:83:35:26:e2:32:7e:b0:a8:8e:01:58:
         29:c0:d1:e7:7c:9f:77:28:9d:0d:e9:a7:90:f1:59:04:dc:c1:
         c0:9e:ff:bc:5a:3f:23:3b:7a:12:db:39:6c:0b:96:51:37:fa:
         1c:9c:18:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2n4f3PquOIAi2UQgRW/zQqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjE0MTM1MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjc5YmIzOTdjNGIzNTczYTg1M2M3ZWU0YTc3MjU0NTljZWFhZTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+SabsedJmErkYjbGjcaVjK2d+BU
5lV8R83oVVz+RvUkj/SQS4CcpDUIiB+0BZX/Y+9jsy71xra+IhqYkLDClzIHmuEN
SrE854Vdfp4LV8GpylwUkc/tnIIffhKlLOatg9PDSSBCKcD32SkrRULzHB4MnBbe
Eu6RNvKE/lgfo/8DYFuYfBCAh3Ipcn7pXZfV3bjl7M1X0VPNpYBsEyQi8EZ41ZZ5
Vc5UYHzBNQDdMsM5HAYFp+S9PPKaneJS63kgLYq+YUF880WTyEpLnjIKPsGtKFzc
PVP6Tn/6KLWT+10BsUFS77hqqSGHUSLViNbpL88EsOQ1Ttf5Gw0IGwtA3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK95uzl8SzVzqFPH7kp3JUWc6q5+MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcjNtN09YeExOWE9vVThmdVNuY2xSWnpxcm40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufyiMA0G
CSqGSIb3DQEBCwUAA4IBAQCJLs6+AEAqsi2M6fx3kYNnwvjse0ORmvPF3rSJ5fVZ
okdo7L0ZWT31qXqvD0CUBwa2Gxhwas4FiqwtZlDTK68+D1+AYMjToFXzot0KEHXe
pONF3cd6rOZfvTieVqyjreHw4mDpvgcfPxf2iN71Mro8rfMiUuU8q4F6udEdi1tX
PqT/PS04dvKgeckt3nMbQYc6ZlWzxo36XMs00V6ajMPyUCarHDJ1wNBOfrHvQUJG
Ci+7ybFG3mYsKlHC8NtIBO/FxwSigSx1poy3RJa4gzUm4jJ+sKiOAVgpwNHnfJ93
KJ0N6aeQ8VkE3MHAnv+8Wj8jO3oS2zlsC5ZRN/ocnBhO
-----END CERTIFICATE-----