Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xSQ5Z6XTDG5XZMRtWtdGBo9ia6E.roa
File:                     xSQ5Z6XTDG5XZMRtWtdGBo9ia6E.roa (raw, json)
Hash identifier:          a7GzHJRcJ2bXalsTOP1mULAEULtH12RFYbf7ajvNrtk=
Subject key identifier:   C5:24:39:67:A5:D3:0C:6E:57:64:C4:6D:5A:D7:46:06:8F:62:6B:A1
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019428246D810628E5D5F8507C252368250B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xSQ5Z6XTDG5XZMRtWtdGBo9ia6E.roa
Signing time:             Thu 02 Jan 2025 17:51:03 +0000
ROA not before:           Thu 02 Jan 2025 17:51:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        87.121.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:6d:81:06:28:e5:d5:f8:50:7c:25:23:68:25:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5243967a5d30c6e5764c46d5ad746068f626ba1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:86:c7:3e:b9:a1:88:5d:88:49:ab:b0:dd:f7:
                    47:46:7b:d9:47:63:12:0c:d2:5a:ca:f0:ae:dd:e6:
                    38:b4:5b:ad:4b:de:97:8b:1a:95:ac:be:74:cb:27:
                    7a:00:59:02:12:e0:18:60:37:09:da:69:02:21:80:
                    e4:73:f2:d6:15:02:2e:f8:7a:57:a0:da:92:4e:81:
                    09:41:61:31:4c:7c:66:f1:ad:0b:1b:91:8b:03:44:
                    4f:bb:8a:31:6f:73:b4:ff:e6:fe:5c:9f:36:b3:53:
                    ea:32:39:a1:3a:26:24:47:b1:ed:ca:4b:7a:5a:39:
                    b2:24:f5:81:8b:2d:cc:7e:2e:f6:ff:34:29:29:ef:
                    8c:78:b8:50:6f:bb:0e:91:2a:4f:5c:4b:c0:ee:a1:
                    22:ea:87:ee:fd:a3:7d:20:8b:45:04:e7:77:5f:1b:
                    1a:ce:4c:ff:a2:68:39:77:84:78:79:29:7c:29:ec:
                    f1:9a:db:e5:4a:bb:03:0d:32:d8:a5:67:c6:26:39:
                    de:11:40:c8:cd:48:d5:09:6e:d6:c2:22:35:c3:a4:
                    1d:7a:d7:56:dd:14:47:0c:cd:4d:a8:40:98:ae:65:
                    6c:fb:16:dd:df:30:3e:a0:53:8a:b5:c8:12:3b:a5:
                    81:ff:93:86:06:a0:a8:51:df:42:da:f8:75:78:e2:
                    61:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:24:39:67:A5:D3:0C:6E:57:64:C4:6D:5A:D7:46:06:8F:62:6B:A1
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xSQ5Z6XTDG5XZMRtWtdGBo9ia6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:f9:8e:2e:42:76:ee:82:e1:c3:f2:7b:d8:21:56:14:c0:27:
         62:af:8d:ed:f7:bd:eb:fc:90:00:aa:7c:c0:31:24:18:9b:66:
         e1:71:a3:61:ba:3a:75:06:9b:6d:bc:99:a3:b9:1b:2e:63:13:
         4f:82:a3:17:82:97:7c:0a:b4:74:b7:19:48:5d:aa:a9:c9:6a:
         d1:e4:c4:91:f6:0a:94:89:99:27:ca:7a:82:bd:ac:aa:7f:87:
         cc:98:b9:03:8b:07:96:9f:5a:84:f5:27:4c:25:1d:04:b3:0b:
         96:67:08:90:ca:32:45:76:9e:ba:20:34:40:05:6d:92:bd:14:
         c3:24:ae:19:27:07:03:aa:a3:41:bb:f3:bf:e0:dc:22:7a:40:
         65:60:77:98:c6:c1:0e:7d:6d:ac:1a:b2:6d:31:89:4a:75:23:
         99:00:2b:40:e8:bb:d5:76:47:9b:48:ed:93:51:c4:df:5d:36:
         0b:6f:e0:d7:e6:b8:42:07:a1:0c:ac:05:58:97:57:62:1b:7a:
         4c:dc:3a:a0:ec:83:ee:cf:b3:14:ca:d4:e4:5a:22:51:12:73:
         58:74:e0:25:3e:ef:09:71:05:df:7f:68:97:62:87:ef:00:c3:
         93:c7:67:b5:d7:9a:80:eb:99:c6:e4:fc:13:37:f1:39:21:18:
         37:b3:f3:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJG2BBijl1fhQfCUjaCULMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTI0Mzk2N2E1ZDMwYzZlNTc2NGM0NmQ1YWQ3NDYwNjhmNjI2YmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4bHPrmhiF2ISauw3fdHRnvZR2MS
DNJayvCu3eY4tFutS96XixqVrL50yyd6AFkCEuAYYDcJ2mkCIYDkc/LWFQIu+HpX
oNqSToEJQWExTHxm8a0LG5GLA0RPu4oxb3O0/+b+XJ82s1PqMjmhOiYkR7Htykt6
WjmyJPWBiy3Mfi72/zQpKe+MeLhQb7sOkSpPXEvA7qEi6ofu/aN9IItFBOd3Xxsa
zkz/omg5d4R4eSl8KezxmtvlSrsDDTLYpWfGJjneEUDIzUjVCW7WwiI1w6QdetdW
3RRHDM1NqECYrmVs+xbd3zA+oFOKtcgSO6WB/5OGBqCoUd9C2vh1eOJhowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUkOWel0wxuV2TEbVrXRgaPYmuhMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveFNRNVo2WFRERzVYWk1SdFd0ZEdCbzlpYTZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3ncMA0G
CSqGSIb3DQEBCwUAA4IBAQB8+Y4uQnbuguHD8nvYIVYUwCdir43t973r/JAAqnzA
MSQYm2bhcaNhujp1BpttvJmjuRsuYxNPgqMXgpd8CrR0txlIXaqpyWrR5MSR9gqU
iZknynqCvayqf4fMmLkDiweWn1qE9SdMJR0EswuWZwiQyjJFdp66IDRABW2SvRTD
JK4ZJwcDqqNBu/O/4NwiekBlYHeYxsEOfW2sGrJtMYlKdSOZACtA6LvVdkebSO2T
UcTfXTYLb+DX5rhCB6EMrAVYl1diG3pM3Dqg7IPuz7MUytTkWiJREnNYdOAlPu8J
cQXff2iXYofvAMOTx2e115qA65nG5PwTN/E5IRg3s/PC
-----END CERTIFICATE-----