Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sooiqF0KR_RbiqF1vIg2C3M3QMk.roa
File:                     sooiqF0KR_RbiqF1vIg2C3M3QMk.roa (raw, json)
Hash identifier:          IYz8N3sQci51bFddGg4yjA68ddzOw5yRBqsWyyCycBU=
Subject key identifier:   B2:8A:22:A8:5D:0A:47:F4:5B:8A:A1:75:BC:88:36:0B:73:37:40:C9
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018EEC27AACB804B53700759321017BCAE29
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sooiqF0KR_RbiqF1vIg2C3M3QMk.roa
Signing time:             Wed 17 Apr 2024 13:03:26 +0000
ROA not before:           Wed 17 Apr 2024 13:03:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        45.8.72.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ec:27:aa:cb:80:4b:53:70:07:59:32:10:17:bc:ae:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 17 13:03:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b28a22a85d0a47f45b8aa175bc88360b733740c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:de:dc:af:05:19:ae:a4:00:be:15:1d:e5:f1:
                    a2:78:1d:c3:2c:80:67:70:b0:8a:f7:9f:fe:f3:be:
                    39:fd:31:e9:2b:c2:45:27:eb:59:32:98:0a:a3:7f:
                    24:c9:a0:07:d5:4e:c7:58:d6:4f:9d:8b:92:12:c1:
                    50:f3:85:bc:69:24:eb:68:a9:0c:69:0b:54:56:86:
                    a0:53:04:4c:ad:b9:17:08:ca:df:b3:7d:38:e2:b9:
                    39:69:88:41:fb:a4:2c:fe:1a:8a:9a:20:48:83:bc:
                    60:25:c8:f4:8e:41:b1:ee:c7:c2:92:6d:7b:f2:0f:
                    f5:86:83:64:eb:2d:ab:a7:c4:35:96:67:08:e0:c7:
                    19:fd:e2:6f:6f:24:33:26:2f:ed:09:5c:71:41:75:
                    5c:cf:7c:58:0c:1e:bd:ee:4a:15:75:3d:65:ea:eb:
                    e7:0e:b5:0c:0b:3a:25:b6:20:d0:f5:d0:23:c4:c7:
                    75:fd:2b:7b:18:d6:2b:b2:a1:ff:d1:c5:39:e7:1f:
                    9e:b7:f5:46:80:5d:45:7c:36:6c:5e:f0:1f:29:df:
                    a6:46:e7:7b:c8:01:62:bd:6d:2c:fc:29:73:ee:93:
                    57:9a:9a:47:92:6a:47:8c:9c:b7:64:e5:13:76:2e:
                    72:21:15:01:08:0b:01:be:44:75:08:37:27:cd:85:
                    72:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:8A:22:A8:5D:0A:47:F4:5B:8A:A1:75:BC:88:36:0B:73:37:40:C9
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sooiqF0KR_RbiqF1vIg2C3M3QMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:69:9b:65:94:2b:cb:4e:93:d1:34:4a:c4:bc:0d:48:cc:97:
         2a:3b:cd:fc:1c:1a:7b:ae:95:f4:36:fe:49:b1:21:ea:bb:99:
         04:3d:c4:50:2e:ef:c3:2c:c3:d2:a2:0b:2d:ac:c6:bd:2b:6e:
         d5:f5:3a:94:04:ca:b2:7c:0f:0c:ac:db:01:a1:f2:7b:7d:18:
         99:e0:9c:24:a8:ff:53:d6:7a:44:51:1e:ef:a5:e4:8b:f7:bc:
         0d:b3:68:99:f6:97:b3:33:36:e9:06:85:a9:c7:22:89:10:29:
         10:6e:18:68:c2:ea:88:fb:4e:6f:ff:72:3f:62:df:55:bb:42:
         59:4e:fc:ec:53:42:ad:c6:c2:ba:a9:19:25:44:c3:34:9d:16:
         c3:9c:49:ec:17:cb:ae:b6:2d:d7:eb:c4:13:c6:af:32:b2:94:
         12:10:a8:67:06:50:53:7c:07:cf:0d:6b:60:1f:4d:43:f1:ec:
         1b:c3:13:78:b6:4f:23:ba:40:28:52:17:fd:26:f8:9d:03:e2:
         e0:9f:9b:42:5b:dc:2c:a2:a0:7e:fe:73:e9:47:c1:af:d3:83:
         25:f5:da:ab:55:f4:bd:69:e4:cf:9f:1c:b3:05:5a:0d:67:52:
         51:69:a1:9b:ac:41:7b:ed:ab:4a:06:f2:2a:35:f2:16:6c:32:
         6d:17:3d:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7sJ6rLgEtTcAdZMhAXvK4pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNDE3MTMwMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjhhMjJhODVkMGE0N2Y0NWI4YWExNzViYzg4MzYwYjczMzc0MGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh97crwUZrqQAvhUd5fGieB3DLIBn
cLCK95/+8745/THpK8JFJ+tZMpgKo38kyaAH1U7HWNZPnYuSEsFQ84W8aSTraKkM
aQtUVoagUwRMrbkXCMrfs3044rk5aYhB+6Qs/hqKmiBIg7xgJcj0jkGx7sfCkm17
8g/1hoNk6y2rp8Q1lmcI4McZ/eJvbyQzJi/tCVxxQXVcz3xYDB697koVdT1l6uvn
DrUMCzoltiDQ9dAjxMd1/St7GNYrsqH/0cU55x+et/VGgF1FfDZsXvAfKd+mRud7
yAFivW0s/Clz7pNXmppHkmpHjJy3ZOUTdi5yIRUBCAsBvkR1CDcnzYVyUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKKIqhdCkf0W4qhdbyINgtzN0DJMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvc29vaXFGMEtSX1JiaXFGMXZJZzJDM00zUU1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLQhIMA0G
CSqGSIb3DQEBCwUAA4IBAQB7aZtllCvLTpPRNErEvA1IzJcqO838HBp7rpX0Nv5J
sSHqu5kEPcRQLu/DLMPSogstrMa9K27V9TqUBMqyfA8MrNsBofJ7fRiZ4JwkqP9T
1npEUR7vpeSL97wNs2iZ9pezMzbpBoWpxyKJECkQbhhowuqI+05v/3I/Yt9Vu0JZ
TvzsU0KtxsK6qRklRMM0nRbDnEnsF8uuti3X68QTxq8yspQSEKhnBlBTfAfPDWtg
H01D8ewbwxN4tk8jukAoUhf9JvidA+Lgn5tCW9wsoqB+/nPpR8Gv04Ml9dqrVfS9
aeTPnxyzBVoNZ1JRaaGbrEF77atKBvIqNfIWbDJtFz1k
-----END CERTIFICATE-----