Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tXDILM0V7Rw6S8DrJ7kT8Bc_PrM.roa
File:                     tXDILM0V7Rw6S8DrJ7kT8Bc_PrM.roa (raw, json)
Hash identifier:          EcNy7M3uI/HAmFRhK9mSWnTw9QNc0X0kdKxXyKEaDEc=
Subject key identifier:   B5:70:C8:2C:CD:15:ED:1C:3A:4B:C0:EB:27:B9:13:F0:17:3F:3E:B3
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DD151225AD8909D768494B6D5E452C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tXDILM0V7Rw6S8DrJ7kT8Bc_PrM.roa
Signing time:             Tue 02 Jan 2024 06:29:41 +0000
ROA not before:           Tue 02 Jan 2024 06:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397423
IP address blocks:        94.103.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:15:12:25:ad:89:09:d7:68:49:4b:6d:5e:45:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b570c82ccd15ed1c3a4bc0eb27b913f0173f3eb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:30:20:36:74:b0:27:fc:2e:e5:54:d9:c4:c8:
                    a5:87:ca:9e:7f:ce:f3:41:9d:f9:8f:98:73:75:84:
                    be:21:53:09:b8:1c:05:9f:23:f2:66:5f:81:d4:f9:
                    b5:3e:b9:ca:91:6b:67:36:b1:55:ab:97:a4:0b:89:
                    d1:d3:ff:71:5b:63:57:b6:ee:b1:4d:74:9d:3f:b9:
                    59:3b:96:cc:6b:8e:d2:90:f8:d2:9a:37:85:71:a2:
                    1e:82:fd:d0:c6:a3:0b:55:8c:85:3b:b5:3c:1a:89:
                    99:ba:38:f6:86:1f:8a:4c:c3:9b:c2:28:e8:bd:ae:
                    e4:9a:71:eb:05:7c:2d:88:fe:5e:98:6a:39:0c:9b:
                    e8:ef:5b:72:79:16:93:0f:94:0c:02:50:fa:b1:22:
                    4a:20:c0:ae:dc:dc:09:27:92:a3:29:8e:74:5e:84:
                    44:20:f7:ad:81:70:c3:2b:f9:b0:23:33:4e:e5:da:
                    e3:3f:d3:72:a6:b5:77:0d:a6:c0:1e:cc:e5:f9:71:
                    17:37:39:3a:1c:55:2d:c0:1a:c4:d3:bd:77:91:1b:
                    e7:d1:6d:1d:0a:9a:0d:f0:30:75:37:62:44:c3:cf:
                    3d:60:d6:2c:ab:03:85:07:e3:70:91:a2:3d:60:1b:
                    1d:f2:0e:ca:68:16:f4:d9:b1:fb:fb:59:c4:4b:52:
                    a5:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:70:C8:2C:CD:15:ED:1C:3A:4B:C0:EB:27:B9:13:F0:17:3F:3E:B3
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tXDILM0V7Rw6S8DrJ7kT8Bc_PrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.103.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:a2:06:c1:07:c4:39:6d:3e:be:4b:31:2a:99:64:ab:38:74:
         a3:d1:e7:cb:09:78:61:d1:90:23:f6:35:e3:93:7d:bb:75:a3:
         76:7b:3b:3b:e2:de:a8:6e:47:2c:a4:74:bc:9b:d7:99:8c:3a:
         68:c4:90:41:c5:83:8d:fd:e8:54:52:0b:5f:49:01:b8:33:52:
         7b:0c:e0:b1:5f:40:51:23:47:b6:a4:1e:4a:e5:d2:be:62:9a:
         63:b6:b6:a0:09:a6:57:0d:1c:e3:1a:e0:6c:3f:57:fe:42:f0:
         1f:ae:52:42:c1:a3:a8:92:22:8f:62:bd:6e:44:00:33:d0:34:
         55:31:8f:09:c0:ea:ef:e9:4c:ee:3b:f0:47:03:0a:35:15:60:
         49:3d:ac:f2:a4:95:94:45:65:bb:04:82:e6:cc:1f:9d:96:09:
         db:ac:02:7c:37:20:ca:54:cc:26:5a:a9:b3:fc:61:ce:8c:05:
         43:de:ec:f5:10:58:6e:de:ca:d1:a4:52:f7:74:ba:38:03:6a:
         03:eb:8f:0e:14:12:71:c7:fa:d8:f1:c9:d4:38:cb:32:fe:fd:
         49:c2:e3:51:ed:c9:72:e8:15:19:9e:86:c5:aa:5a:18:d6:08:
         a2:94:71:3a:04:14:7f:b7:77:3f:4a:37:23:e2:ed:9f:77:02:
         a6:19:1c:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3RUSJa2JCddoSUttXkUsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTcwYzgyY2NkMTVlZDFjM2E0YmMwZWIyN2I5MTNmMDE3M2YzZWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTAgNnSwJ/wu5VTZxMilh8qef87z
QZ35j5hzdYS+IVMJuBwFnyPyZl+B1Pm1PrnKkWtnNrFVq5ekC4nR0/9xW2NXtu6x
TXSdP7lZO5bMa47SkPjSmjeFcaIegv3QxqMLVYyFO7U8GomZujj2hh+KTMObwijo
va7kmnHrBXwtiP5emGo5DJvo71tyeRaTD5QMAlD6sSJKIMCu3NwJJ5KjKY50XoRE
IPetgXDDK/mwIzNO5drjP9NyprV3DabAHszl+XEXNzk6HFUtwBrE0713kRvn0W0d
CpoN8DB1N2JEw889YNYsqwOFB+NwkaI9YBsd8g7KaBb02bH7+1nES1KlRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVwyCzNFe0cOkvA6ye5E/AXPz6zMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdFhESUxNMFY3Unc2UzhEcko3a1Q4QmNfUHJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXmd/MA0G
CSqGSIb3DQEBCwUAA4IBAQCOogbBB8Q5bT6+SzEqmWSrOHSj0efLCXhh0ZAj9jXj
k327daN2ezs74t6obkcspHS8m9eZjDpoxJBBxYON/ehUUgtfSQG4M1J7DOCxX0BR
I0e2pB5K5dK+YppjtragCaZXDRzjGuBsP1f+QvAfrlJCwaOokiKPYr1uRAAz0DRV
MY8JwOrv6UzuO/BHAwo1FWBJPazypJWURWW7BILmzB+dlgnbrAJ8NyDKVMwmWqmz
/GHOjAVD3uz1EFhu3srRpFL3dLo4A2oD648OFBJxx/rY8cnUOMsy/v1JwuNR7cly
6BUZnobFqloY1giilHE6BBR/t3c/Sjcj4u2fdwKmGRzM
-----END CERTIFICATE-----