Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tO_bsryl3kTJGfzKgSOl83fDzAA.roa
File:                     tO_bsryl3kTJGfzKgSOl83fDzAA.roa (raw, json)
Hash identifier:          JmTNUHpz/V/lB6fcsq6RcuD6Ht2Np789CdW0eUf7tI8=
Subject key identifier:   B4:EF:DB:B2:BC:A5:DE:44:C9:19:FC:CA:81:23:A5:F3:77:C3:CC:00
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0193297BA990446D705FF2903213A38F4239
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tO_bsryl3kTJGfzKgSOl83fDzAA.roa
Signing time:             Thu 14 Nov 2024 07:03:10 +0000
ROA not before:           Thu 14 Nov 2024 07:03:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198178
IP address blocks:        45.128.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:29:7b:a9:90:44:6d:70:5f:f2:90:32:13:a3:8f:42:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov 14 07:03:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4efdbb2bca5de44c919fcca8123a5f377c3cc00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ad:26:b1:36:a7:f1:e3:ed:91:13:3c:90:1f:
                    54:74:b0:fa:f6:ea:14:46:75:27:4b:b8:b8:be:00:
                    83:98:5a:80:4e:ea:83:a9:58:ef:96:b8:9b:5f:4c:
                    fd:f1:8b:c6:9e:df:52:9c:a3:08:b0:f2:2c:63:dc:
                    da:d9:3e:08:62:be:a5:90:8f:75:25:1a:a4:e0:b9:
                    5c:3c:ca:de:44:1e:cb:a5:f6:6f:27:7e:36:7f:9d:
                    5a:bf:31:70:1e:2b:95:67:02:14:f2:5e:33:f4:57:
                    cc:bc:53:98:76:59:1c:ab:d1:7b:1a:04:48:2e:a0:
                    b9:5d:39:ec:50:de:22:7c:e4:66:5d:00:ca:6e:37:
                    0a:75:2b:d7:2a:f9:10:78:8e:a5:98:e0:27:11:0f:
                    5e:0f:47:e5:a5:e1:9d:1e:82:43:4f:4e:a3:74:82:
                    f5:c1:83:8d:25:dd:4e:59:2b:fd:e5:9f:8f:2c:20:
                    80:e0:7f:8f:6f:5f:31:b1:be:9c:42:63:97:7e:80:
                    b9:55:a2:5d:ff:f9:76:d1:4e:05:01:27:a8:7a:9c:
                    cf:b2:b1:c0:19:c8:3f:ff:eb:02:2d:f4:03:aa:b7:
                    34:ff:b1:53:c5:b1:ad:81:99:cf:ea:d1:65:79:21:
                    8f:56:ad:11:62:58:0a:2d:a9:82:d2:b4:00:60:51:
                    c6:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:EF:DB:B2:BC:A5:DE:44:C9:19:FC:CA:81:23:A5:F3:77:C3:CC:00
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tO_bsryl3kTJGfzKgSOl83fDzAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:6a:8a:d9:c5:05:92:d2:47:9a:8e:d0:81:87:b1:51:25:58:
         97:25:53:04:1d:2f:c7:82:de:cb:fb:96:cd:29:37:11:b8:e3:
         06:38:7b:2f:28:6d:28:d4:5e:92:89:c4:ec:38:1f:00:26:6f:
         1f:68:2e:9b:75:34:eb:88:00:51:04:07:ea:ca:b2:00:27:6b:
         25:af:59:e1:82:6f:e6:e9:be:3b:b3:95:a0:5b:e1:9f:b0:97:
         a3:ca:93:e1:b4:c9:7d:fb:a7:23:76:e3:2c:b0:f3:b6:58:61:
         23:d5:92:81:d8:64:59:c0:73:71:a2:1b:a5:3d:2f:2e:5a:dd:
         d3:ca:87:2a:77:81:0a:f5:0a:c0:40:f4:9b:2e:23:91:75:bf:
         97:3a:8a:bd:4f:6e:ce:10:18:86:ba:3f:29:ea:21:a6:7f:ab:
         2e:64:c1:21:47:c4:e7:9b:e1:49:c0:83:a4:c4:52:1b:42:a1:
         0b:8f:a3:be:9e:68:44:0a:45:31:0a:f2:2e:39:c3:30:79:de:
         4a:ee:41:d5:85:34:36:b1:fc:cd:51:93:49:50:19:a6:27:a1:
         05:c9:21:e6:52:cd:a4:58:c5:3b:ea:ae:2f:f8:e0:42:16:c3:
         6e:8d:14:13:67:11:aa:0a:cb:56:84:73:c4:53:42:7a:cf:cd:
         f2:80:17:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMpe6mQRG1wX/KQMhOjj0I5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMTE0MDcwMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGVmZGJiMmJjYTVkZTQ0YzkxOWZjY2E4MTIzYTVmMzc3YzNjYzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApK0msTan8ePtkRM8kB9UdLD69uoU
RnUnS7i4vgCDmFqATuqDqVjvlribX0z98YvGnt9SnKMIsPIsY9za2T4IYr6lkI91
JRqk4LlcPMreRB7LpfZvJ342f51avzFwHiuVZwIU8l4z9FfMvFOYdlkcq9F7GgRI
LqC5XTnsUN4ifORmXQDKbjcKdSvXKvkQeI6lmOAnEQ9eD0flpeGdHoJDT06jdIL1
wYONJd1OWSv95Z+PLCCA4H+Pb18xsb6cQmOXfoC5VaJd//l20U4FASeoepzPsrHA
Gcg//+sCLfQDqrc0/7FTxbGtgZnP6tFleSGPVq0RYlgKLamC0rQAYFHGjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTv27K8pd5EyRn8yoEjpfN3w8wAMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdE9fYnNyeWwza1RKR2Z6S2dTT2w4M2ZEekFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYBjMA0G
CSqGSIb3DQEBCwUAA4IBAQBIaorZxQWS0keajtCBh7FRJViXJVMEHS/Hgt7L+5bN
KTcRuOMGOHsvKG0o1F6SicTsOB8AJm8faC6bdTTriABRBAfqyrIAJ2slr1nhgm/m
6b47s5WgW+GfsJejypPhtMl9+6cjduMssPO2WGEj1ZKB2GRZwHNxohulPS8uWt3T
yocqd4EK9QrAQPSbLiORdb+XOoq9T27OEBiGuj8p6iGmf6suZMEhR8Tnm+FJwIOk
xFIbQqELj6O+nmhECkUxCvIuOcMwed5K7kHVhTQ2sfzNUZNJUBmmJ6EFySHmUs2k
WMU76q4v+OBCFsNujRQTZxGqCstWhHPEU0J6z83ygBcJ
-----END CERTIFICATE-----