Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rskFAArsjt4TnBJ4fISCnifiBZI.roa
File:                     rskFAArsjt4TnBJ4fISCnifiBZI.roa (raw, json)
Hash identifier:          fkwlUXhNwVB0CB4fI1bsftzeq/RLRG22WXNLopTFry8=
Subject key identifier:   AE:C9:05:00:0A:EC:8E:DE:13:9C:12:78:7C:84:82:9E:27:E2:05:92
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0196F802CD3BC4FE6B41D153249A4D5C3EE0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rskFAArsjt4TnBJ4fISCnifiBZI.roa
Signing time:             Thu 22 May 2025 12:40:55 +0000
ROA not before:           Thu 22 May 2025 12:40:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59993
IP address blocks:        194.169.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 00:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f8:02:cd:3b:c4:fe:6b:41:d1:53:24:9a:4d:5c:3e:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 22 12:40:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aec905000aec8ede139c12787c84829e27e20592
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:9a:fd:07:e9:3b:7c:94:8b:da:d4:58:4e:67:
                    b0:fc:f2:16:a1:f5:7c:7e:23:57:c8:79:24:d5:02:
                    bd:0b:fa:3f:9f:9d:ad:76:d9:4d:61:de:db:7f:b9:
                    9b:9f:f7:89:82:9c:8e:1b:73:51:a2:35:42:89:c6:
                    6c:35:53:2d:18:aa:21:68:aa:e6:37:5a:6b:84:40:
                    ce:3a:93:ca:53:24:96:ce:40:37:23:1d:97:9a:b6:
                    3b:a8:78:bc:34:4d:bb:0c:c5:12:71:35:ec:b2:69:
                    73:e3:45:8f:25:8a:fc:b7:59:09:fd:7e:b4:f2:58:
                    89:56:8f:d7:61:a2:92:a8:22:40:c2:6c:54:48:46:
                    bd:06:c6:cd:26:0a:bd:f1:24:31:db:2e:40:f6:50:
                    a0:fe:22:d9:3c:c6:22:64:25:6e:bb:e1:13:ca:f9:
                    02:67:9e:fd:6e:74:ca:de:da:4d:df:70:47:8c:6d:
                    95:a6:30:1e:ba:d9:c4:3b:ae:54:4c:ef:0c:cf:51:
                    34:6d:e7:04:30:7f:f0:5a:29:d9:c6:da:ba:2f:fc:
                    7c:d4:12:be:cd:f9:91:eb:68:c9:4a:06:cb:d6:3b:
                    a5:3f:82:d8:19:51:7b:b5:3d:6f:26:6f:ea:f1:07:
                    eb:8e:13:b6:79:60:b6:bc:ea:be:8b:8f:6f:16:a2:
                    a3:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:C9:05:00:0A:EC:8E:DE:13:9C:12:78:7C:84:82:9E:27:E2:05:92
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rskFAArsjt4TnBJ4fISCnifiBZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:35:62:a4:41:35:b6:b4:c5:d3:d0:53:a2:7a:cd:66:44:fc:
         d5:6d:41:a1:d4:dc:ce:12:75:5a:87:f3:30:72:bd:5a:4b:b2:
         23:4f:66:ca:df:7e:5b:df:7c:6e:5e:14:9e:4b:6d:cf:e4:0d:
         f5:97:0d:ea:e7:cb:c2:e6:52:39:4a:ff:dc:a3:ea:95:be:cb:
         4d:1f:29:29:55:07:3e:32:78:b7:93:60:3e:3c:f1:24:99:20:
         c6:a6:25:7f:9f:1f:e5:5d:94:b2:1a:55:94:98:09:b9:2a:be:
         87:bc:f3:68:a2:a7:cf:2a:28:01:aa:21:e9:f2:6b:fe:c9:59:
         68:f8:8f:4b:6c:dc:65:e7:d8:05:ff:06:6d:19:7d:58:ef:ca:
         f6:d8:6f:56:4c:0b:d8:b6:2d:bc:3c:11:b2:ea:c0:a7:ca:1a:
         8a:b2:c4:2a:cd:f7:f8:30:f2:52:f8:ba:28:4f:aa:91:dd:87:
         c0:6f:e3:df:a1:24:4c:58:eb:ad:ce:e3:38:c6:7b:01:9d:f0:
         00:fa:7d:32:5b:54:59:71:44:ab:21:5b:49:67:cc:05:79:c7:
         4d:ae:db:e0:e4:ce:62:b1:1c:af:f0:45:9a:86:d2:f7:46:23:
         b0:bf:b3:fb:6f:ce:87:18:9d:c5:05:eb:f1:71:7f:b5:b2:51:
         1d:9f:e2:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb4As07xP5rQdFTJJpNXD7gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNTIyMTI0MDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWM5MDUwMDBhZWM4ZWRlMTM5YzEyNzg3Yzg0ODI5ZTI3ZTIwNTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJr9B+k7fJSL2tRYTmew/PIWofV8
fiNXyHkk1QK9C/o/n52tdtlNYd7bf7mbn/eJgpyOG3NRojVCicZsNVMtGKohaKrm
N1prhEDOOpPKUySWzkA3Ix2XmrY7qHi8NE27DMUScTXssmlz40WPJYr8t1kJ/X60
8liJVo/XYaKSqCJAwmxUSEa9BsbNJgq98SQx2y5A9lCg/iLZPMYiZCVuu+ETyvkC
Z579bnTK3tpN33BHjG2VpjAeutnEO65UTO8Mz1E0becEMH/wWinZxtq6L/x81BK+
zfmR62jJSgbL1julP4LYGVF7tT1vJm/q8QfrjhO2eWC2vOq+i49vFqKjOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK7JBQAK7I7eE5wSeHyEgp4n4gWSMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcnNrRkFBcnNqdDRUbkJKNGZJU0NuaWZpQlpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqmsMA0G
CSqGSIb3DQEBCwUAA4IBAQB6NWKkQTW2tMXT0FOies1mRPzVbUGh1NzOEnVah/Mw
cr1aS7IjT2bK335b33xuXhSeS23P5A31lw3q58vC5lI5Sv/co+qVvstNHykpVQc+
Mni3k2A+PPEkmSDGpiV/nx/lXZSyGlWUmAm5Kr6HvPNooqfPKigBqiHp8mv+yVlo
+I9LbNxl59gF/wZtGX1Y78r22G9WTAvYti28PBGy6sCnyhqKssQqzff4MPJS+Loo
T6qR3YfAb+PfoSRMWOutzuM4xnsBnfAA+n0yW1RZcUSrIVtJZ8wFecdNrtvg5M5i
sRyv8EWahtL3RiOwv7P7b86HGJ3FBevxcX+1slEdn+J/
-----END CERTIFICATE-----