Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u2IOC-_KZF5fQP82yKBhyRXjy6I.roa
File:                     u2IOC-_KZF5fQP82yKBhyRXjy6I.roa (raw, json)
Hash identifier:          x9kWVfsxytiY9bFfCo7zo13RumZk9tAHco0JdPUcWhA=
Subject key identifier:   BB:62:0E:0B:EF:CA:64:5E:5F:40:FF:36:C8:A0:61:C9:15:E3:CB:A2
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0192C3902886D483DDC0BC50BB00164D9020
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u2IOC-_KZF5fQP82yKBhyRXjy6I.roa
Signing time:             Fri 25 Oct 2024 12:04:17 +0000
ROA not before:           Fri 25 Oct 2024 12:04:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8866
IP address blocks:        87.121.18.0/24 maxlen: 24
                          87.121.20.0/23 maxlen: 23
                          87.121.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c3:90:28:86:d4:83:dd:c0:bc:50:bb:00:16:4d:90:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct 25 12:04:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb620e0befca645e5f40ff36c8a061c915e3cba2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ca:42:04:be:13:a5:74:ab:d4:fc:c3:49:d8:
                    ae:ce:ce:16:a0:3e:91:b6:4b:29:91:c0:e3:d0:aa:
                    7f:21:ba:41:6e:41:df:8f:fa:4e:68:c8:41:58:75:
                    45:ff:bc:05:e7:2e:57:81:61:df:57:e2:e0:39:a2:
                    ca:87:5c:8f:a5:47:ec:d0:1c:cd:ed:1a:21:05:85:
                    ee:f7:da:f9:58:92:19:4e:bd:55:fa:c9:c3:82:bd:
                    50:d8:55:a2:9d:1d:88:8e:5b:75:40:57:8d:95:33:
                    a5:3f:23:a5:66:c9:ee:6e:ef:b3:e3:56:20:26:5b:
                    b4:f5:7c:2d:65:f4:bd:70:d2:bf:f5:8a:a6:54:c6:
                    98:5d:27:64:fa:5a:c1:b1:08:1d:42:24:2c:91:c3:
                    a7:06:25:6d:d4:16:ff:63:a2:8b:2d:84:f6:17:f3:
                    1b:71:7b:2f:e6:74:8d:18:5d:f5:57:dd:5a:d4:d6:
                    53:1e:79:69:ec:15:d7:8e:cd:66:f0:9f:65:09:29:
                    db:9a:b8:50:00:dd:57:cf:de:b9:1b:e5:98:d4:ef:
                    a3:eb:05:73:60:6f:b4:0a:6a:5c:fa:e9:70:52:28:
                    5b:38:ba:a3:ab:5f:6b:76:87:6e:00:ce:80:4a:96:
                    5a:50:dd:0f:9b:55:2e:5e:4a:e5:bf:38:7a:af:c0:
                    f7:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:62:0E:0B:EF:CA:64:5E:5F:40:FF:36:C8:A0:61:C9:15:E3:CB:A2
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u2IOC-_KZF5fQP82yKBhyRXjy6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.18.0/24
                  87.121.20.0-87.121.22.255

    Signature Algorithm: sha256WithRSAEncryption
         40:10:7a:91:d2:9e:63:c4:bf:c8:52:d4:22:3a:49:8e:59:6b:
         3c:df:98:de:aa:9d:30:33:b9:7c:c4:97:5b:8a:f6:65:a2:88:
         72:87:b7:fb:2a:0b:f7:6c:18:34:07:b7:b4:fc:70:6e:63:88:
         15:95:b7:2c:2d:7d:62:b2:09:dd:77:a5:52:87:99:77:72:82:
         fa:0f:f5:69:14:45:76:f1:3d:db:7c:8f:de:3a:7d:dc:a6:1c:
         f3:4b:80:15:09:ff:5a:cd:51:d5:08:cc:0c:dd:27:ee:3b:4b:
         b6:1a:61:e3:90:25:13:6b:79:35:3d:e8:be:67:87:2a:85:0a:
         36:49:dc:54:83:92:0c:f8:e1:78:44:ea:4f:09:8c:fe:4a:de:
         8c:f1:8b:5f:56:22:f6:f7:b3:fb:e7:5f:b8:0f:cd:6f:05:4d:
         fc:ca:8f:63:4d:cd:92:6d:e4:1f:58:3f:27:a1:a5:8f:1e:92:
         b5:37:fe:3d:e1:af:56:90:84:ab:01:36:b7:89:26:39:8b:99:
         f0:f1:2f:d0:2e:d9:2e:99:08:62:a9:d8:4b:a6:a6:97:1e:4d:
         60:fb:cc:d0:72:cb:a2:4c:8d:58:f0:58:1b:44:46:ec:6e:6d:
         49:a3:fd:fa:0f:52:d6:78:fa:7a:1a:08:fa:9f:6b:bd:4b:81:
         ff:7a:61:4e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZLDkCiG1IPdwLxQuwAWTZAgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMDI1MTIwNDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjYyMGUwYmVmY2E2NDVlNWY0MGZmMzZjOGEwNjFjOTE1ZTNjYmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtspCBL4TpXSr1PzDSdiuzs4WoD6R
tkspkcDj0Kp/IbpBbkHfj/pOaMhBWHVF/7wF5y5XgWHfV+LgOaLKh1yPpUfs0BzN
7RohBYXu99r5WJIZTr1V+snDgr1Q2FWinR2Ijlt1QFeNlTOlPyOlZsnubu+z41Yg
Jlu09XwtZfS9cNK/9YqmVMaYXSdk+lrBsQgdQiQskcOnBiVt1Bb/Y6KLLYT2F/Mb
cXsv5nSNGF31V91a1NZTHnlp7BXXjs1m8J9lCSnbmrhQAN1Xz965G+WY1O+j6wVz
YG+0Cmpc+ulwUihbOLqjq19rdoduAM6ASpZaUN0Pm1UuXkrlvzh6r8D3LwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLtiDgvvymReX0D/NsigYckV48uiMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdTJJT0MtX0taRjVmUVA4MnlLQmh5UlhqeTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAV3kSMAwD
BAJXeRQDBABXeRYwDQYJKoZIhvcNAQELBQADggEBAEAQepHSnmPEv8hS1CI6SY5Z
azzfmN6qnTAzuXzEl1uK9mWiiHKHt/sqC/dsGDQHt7T8cG5jiBWVtywtfWKyCd13
pVKHmXdygvoP9WkURXbxPdt8j946fdymHPNLgBUJ/1rNUdUIzAzdJ+47S7YaYeOQ
JRNreTU96L5nhyqFCjZJ3FSDkgz44XhE6k8JjP5K3ozxi19WIvb3s/vnX7gPzW8F
TfzKj2NNzZJt5B9YPyehpY8ekrU3/j3hr1aQhKsBNreJJjmLmfDxL9Au2S6ZCGKp
2EumppceTWD7zNByy6JMjVjwWBtERuxubUmj/foPUtZ4+noaCPqfa71Lgf96YU4=
-----END CERTIFICATE-----