Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vI8qpmsaNvZZviwWyNaj2ZV3ha0.roa
File:                     vI8qpmsaNvZZviwWyNaj2ZV3ha0.roa (raw, json)
Hash identifier:          qobdlzrd9Y7A2lLlyzlR3P+Yi1pUAj8NP5ZJJitAYUs=
Subject key identifier:   BC:8F:2A:A6:6B:1A:36:F6:59:BE:2C:16:C8:D6:A3:D9:95:77:85:AD
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01942824D8350CD767BC9E602AB144B5E094
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vI8qpmsaNvZZviwWyNaj2ZV3ha0.roa
Signing time:             Thu 02 Jan 2025 17:51:30 +0000
ROA not before:           Thu 02 Jan 2025 17:51:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397423
IP address blocks:        91.92.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:d8:35:0c:d7:67:bc:9e:60:2a:b1:44:b5:e0:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc8f2aa66b1a36f659be2c16c8d6a3d9957785ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:28:25:36:42:72:62:32:e3:e0:a0:af:83:19:
                    dd:66:e7:16:02:ad:7e:54:9d:6f:f3:77:82:3d:0c:
                    f2:49:d8:ee:93:fe:96:10:ac:f1:53:c8:19:2f:ac:
                    4d:9b:c9:2f:4b:17:07:8e:84:3c:1a:a4:7c:0b:0f:
                    b1:f5:f8:dd:16:28:bf:cc:38:66:43:48:e0:c7:52:
                    e5:74:44:af:db:e4:76:d1:38:86:b5:be:f6:43:4c:
                    ee:61:f5:03:44:2d:d4:09:2f:ca:f0:b7:0f:49:00:
                    2c:e0:cd:01:eb:44:4e:6b:23:8b:97:2d:9a:2d:e5:
                    4d:b5:cf:07:a7:22:94:45:6a:fb:b8:ae:0d:4d:f1:
                    2d:7a:b1:d0:d8:2e:12:26:1c:b5:ef:59:cf:8f:5a:
                    0c:15:9f:b5:46:2b:3e:f7:ce:c6:5a:23:0d:64:62:
                    b3:3a:38:19:6e:b7:b5:af:fb:c4:49:a3:29:3c:d4:
                    28:05:6a:bd:c8:a4:a6:1b:3d:0e:95:b9:45:6b:1e:
                    4c:bf:e5:2d:a8:e0:9d:e2:c3:35:47:41:8e:9d:af:
                    6a:65:71:4b:2b:0c:0b:55:7b:d6:2f:53:6d:c1:88:
                    6c:b2:27:d6:c7:a5:82:6b:39:3a:c3:3d:c8:e3:38:
                    ac:1b:73:0a:0e:52:ed:2f:7d:a3:30:cf:bd:b7:d5:
                    db:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:8F:2A:A6:6B:1A:36:F6:59:BE:2C:16:C8:D6:A3:D9:95:77:85:AD
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vI8qpmsaNvZZviwWyNaj2ZV3ha0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:10:6d:f2:03:17:d2:5b:96:67:64:5d:e7:c4:a9:d2:7d:f8:
         dc:13:8f:f1:38:20:d2:37:da:38:17:70:b3:59:38:c1:eb:e6:
         34:ea:3e:29:50:c2:be:e2:87:67:44:79:e7:6c:77:e4:16:81:
         25:38:c7:33:fc:56:55:01:1e:53:0f:5c:50:80:c8:46:6d:2e:
         14:7c:03:9d:ae:b1:af:63:b8:ff:ae:1d:df:a9:01:5a:54:54:
         a5:bf:71:0b:5c:58:3d:17:2d:74:c0:0a:24:9c:4e:95:bf:76:
         a5:fd:60:28:30:f9:2c:d8:d2:55:59:f4:ce:b7:37:73:b1:43:
         22:3a:06:68:94:5c:19:28:45:e7:96:9e:71:40:0d:59:10:24:
         77:cf:a6:23:ff:a5:7c:3c:48:bd:d9:ad:38:07:ff:aa:14:e5:
         f8:de:17:ca:f4:8f:f9:53:89:e8:73:a6:c0:91:80:b9:29:78:
         66:f9:84:1a:f2:37:f5:58:09:f9:4c:3f:0d:7f:9d:97:0d:a8:
         14:8a:db:4e:63:55:a3:84:04:9d:c2:0a:aa:35:2e:b6:26:ec:
         f9:53:72:58:31:f1:f9:16:80:89:8c:a4:90:41:d4:58:4a:33:
         a5:a8:16:65:01:24:b2:cd:aa:3c:00:39:2a:f7:38:18:90:f2:
         02:2a:e5:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJNg1DNdnvJ5gKrFEteCUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzhmMmFhNjZiMWEzNmY2NTliZTJjMTZjOGQ2YTNkOTk1Nzc4NWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiglNkJyYjLj4KCvgxndZucWAq1+
VJ1v83eCPQzySdjuk/6WEKzxU8gZL6xNm8kvSxcHjoQ8GqR8Cw+x9fjdFii/zDhm
Q0jgx1LldESv2+R20TiGtb72Q0zuYfUDRC3UCS/K8LcPSQAs4M0B60ROayOLly2a
LeVNtc8HpyKURWr7uK4NTfEterHQ2C4SJhy171nPj1oMFZ+1Ris+987GWiMNZGKz
OjgZbre1r/vESaMpPNQoBWq9yKSmGz0OlblFax5Mv+UtqOCd4sM1R0GOna9qZXFL
KwwLVXvWL1NtwYhssifWx6WCazk6wz3I4zisG3MKDlLtL32jMM+9t9XbiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyPKqZrGjb2Wb4sFsjWo9mVd4WtMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdkk4cXBtc2FOdlpadml3V3lOYWoyWlYzaGEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW1zDMA0G
CSqGSIb3DQEBCwUAA4IBAQAnEG3yAxfSW5ZnZF3nxKnSffjcE4/xOCDSN9o4F3Cz
WTjB6+Y06j4pUMK+4odnRHnnbHfkFoElOMcz/FZVAR5TD1xQgMhGbS4UfAOdrrGv
Y7j/rh3fqQFaVFSlv3ELXFg9Fy10wAoknE6Vv3al/WAoMPks2NJVWfTOtzdzsUMi
OgZolFwZKEXnlp5xQA1ZECR3z6Yj/6V8PEi92a04B/+qFOX43hfK9I/5U4noc6bA
kYC5KXhm+YQa8jf1WAn5TD8Nf52XDagUittOY1WjhASdwgqqNS62Juz5U3JYMfH5
FoCJjKSQQdRYSjOlqBZlASSyzao8ADkq9zgYkPICKuWw
-----END CERTIFICATE-----