Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vVoYxdquDXk4mBvpnecFU33RJvA.roa
File:                     vVoYxdquDXk4mBvpnecFU33RJvA.roa (raw, json)
Hash identifier:          CMHCJYVOoAaLUO8osg8gtp3L767FQJBNyCDKJCQUYNU=
Subject key identifier:   BD:5A:18:C5:DA:AE:0D:79:38:98:1B:E9:9D:E7:05:53:7D:D1:26:F0
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01934A1C04D3B14D5689ED1DBF23544ABDD4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vVoYxdquDXk4mBvpnecFU33RJvA.roa
Signing time:             Wed 20 Nov 2024 15:06:10 +0000
ROA not before:           Wed 20 Nov 2024 15:06:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152878
IP address blocks:        45.8.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4a:1c:04:d3:b1:4d:56:89:ed:1d:bf:23:54:4a:bd:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov 20 15:06:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd5a18c5daae0d7938981be99de705537dd126f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:93:c6:99:eb:b0:6a:5b:5c:d4:78:a0:73:01:
                    d8:8e:1d:b5:90:6d:a6:6b:43:22:73:5c:21:de:ed:
                    eb:67:79:29:95:0e:f7:11:e6:df:9e:72:ae:b0:55:
                    93:ac:d3:87:15:2a:94:ec:8f:54:68:fa:75:06:36:
                    7b:d1:30:66:62:07:5c:d3:4a:81:34:e7:2d:a0:d0:
                    2c:2e:ee:45:5d:03:db:38:9f:e3:b1:13:04:af:f7:
                    28:1d:53:9e:f7:60:a3:e0:2d:3a:83:4d:d3:27:7d:
                    fa:6c:b8:a0:c8:78:98:9b:8c:4d:5c:be:16:32:43:
                    07:f6:cc:50:31:f4:2e:e5:46:6b:24:e5:54:c6:dd:
                    75:91:1f:5f:e2:91:78:79:80:d3:43:30:55:27:9c:
                    cf:eb:48:ed:fb:05:05:ce:7a:64:14:50:f8:7c:c6:
                    eb:10:7d:7d:9d:99:28:4e:7c:2d:97:92:e7:af:c2:
                    f4:d4:cc:5e:84:8b:63:fd:98:19:43:01:1f:b1:af:
                    0e:72:4e:43:bf:e3:eb:37:0f:60:bc:b4:05:ff:f5:
                    d3:8c:1b:ca:e5:2c:23:63:27:6b:c7:a6:85:c4:41:
                    c5:39:bd:96:43:3a:0e:1d:5f:f9:a2:42:d5:41:b8:
                    c0:0b:05:2e:67:04:ab:04:1d:25:7e:41:91:3e:f3:
                    48:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:5A:18:C5:DA:AE:0D:79:38:98:1B:E9:9D:E7:05:53:7D:D1:26:F0
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vVoYxdquDXk4mBvpnecFU33RJvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:4f:fe:47:9b:18:0c:28:38:7b:c7:1e:22:5b:ec:c8:d8:7c:
         22:ce:fa:06:44:9a:d5:73:8f:80:7c:d0:d1:d3:c5:24:f2:87:
         7c:5e:f9:ab:ca:3d:94:c0:c3:1e:6f:0f:83:54:c4:60:b6:ff:
         88:7d:b0:43:77:c4:db:d0:42:9c:1b:7f:57:e1:5c:63:61:ed:
         b2:20:9f:95:06:d7:4c:3b:92:0c:ab:06:38:ef:a9:2e:a2:83:
         98:44:c9:6e:d1:58:e7:05:4f:f3:a9:32:3e:b7:e7:d0:7b:a3:
         0b:9e:1f:52:a3:1a:a6:a0:1c:ed:61:30:83:1d:c7:cc:c8:c8:
         67:ed:5c:6d:c0:dc:4b:a7:09:6f:e8:3d:27:69:76:81:95:7e:
         65:76:a2:97:19:a8:7a:c9:93:f2:8c:69:2e:bd:05:87:80:a5:
         e8:7e:c8:76:64:f8:76:da:1b:08:7b:de:e1:27:fa:74:74:c4:
         e1:ef:d9:26:02:3c:2c:bd:e6:4e:ae:8a:65:d2:56:61:1a:93:
         6e:37:c0:5b:21:0d:42:40:47:60:7e:66:1b:7a:d1:17:00:5c:
         08:7c:33:a8:9e:07:69:24:b9:3d:84:60:d2:fa:e0:40:81:ae:
         0e:78:03:e4:11:bc:0b:a6:a8:94:fd:d2:86:cc:4f:a3:cd:05:
         a8:29:8c:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNKHATTsU1Wie0dvyNUSr3UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMTIwMTUwNjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDVhMThjNWRhYWUwZDc5Mzg5ODFiZTk5ZGU3MDU1MzdkZDEyNmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZPGmeuwaltc1HigcwHYjh21kG2m
a0Mic1wh3u3rZ3kplQ73EebfnnKusFWTrNOHFSqU7I9UaPp1BjZ70TBmYgdc00qB
NOctoNAsLu5FXQPbOJ/jsRMEr/coHVOe92Cj4C06g03TJ336bLigyHiYm4xNXL4W
MkMH9sxQMfQu5UZrJOVUxt11kR9f4pF4eYDTQzBVJ5zP60jt+wUFznpkFFD4fMbr
EH19nZkoTnwtl5Lnr8L01MxehItj/ZgZQwEfsa8Ock5Dv+PrNw9gvLQF//XTjBvK
5SwjYydrx6aFxEHFOb2WQzoOHV/5okLVQbjACwUuZwSrBB0lfkGRPvNIlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1aGMXarg15OJgb6Z3nBVN90SbwMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdlZvWXhkcXVEWGs0bUJ2cG5lY0ZVMzNSSnZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQhdMA0G
CSqGSIb3DQEBCwUAA4IBAQBlT/5HmxgMKDh7xx4iW+zI2HwizvoGRJrVc4+AfNDR
08Uk8od8Xvmryj2UwMMebw+DVMRgtv+IfbBDd8Tb0EKcG39X4VxjYe2yIJ+VBtdM
O5IMqwY476kuooOYRMlu0VjnBU/zqTI+t+fQe6MLnh9SoxqmoBztYTCDHcfMyMhn
7VxtwNxLpwlv6D0naXaBlX5ldqKXGah6yZPyjGkuvQWHgKXofsh2ZPh22hsIe97h
J/p0dMTh79kmAjwsveZOropl0lZhGpNuN8BbIQ1CQEdgfmYbetEXAFwIfDOongdp
JLk9hGDS+uBAga4OeAPkEbwLpqiU/dKGzE+jzQWoKYxc
-----END CERTIFICATE-----