Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xeWJ1mAGDXl5VxP9AsVy0LpHb1U.roa
File:                     xeWJ1mAGDXl5VxP9AsVy0LpHb1U.roa (raw, json)
Hash identifier:          dF6hSUIVX2a9EK2UHL/I3MOR3/14HwJx8Y9D1tukyXk=
Subject key identifier:   C5:E5:89:D6:60:06:0D:79:79:57:13:FD:02:C5:72:D0:BA:47:6F:55
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01949201EB978FC6BB1C7F66901556F99046
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xeWJ1mAGDXl5VxP9AsVy0LpHb1U.roa
Signing time:             Thu 23 Jan 2025 07:13:06 +0000
ROA not before:           Thu 23 Jan 2025 07:13:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215292
IP address blocks:        81.161.239.0/24 maxlen: 24
                          193.25.217.0/24 maxlen: 24
                          194.31.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:92:01:eb:97:8f:c6:bb:1c:7f:66:90:15:56:f9:90:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 23 07:13:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5e589d660060d79795713fd02c572d0ba476f55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b6:4c:f7:69:0a:da:7d:9f:93:8f:be:b7:bb:
                    ed:53:8f:3f:23:76:fb:87:d0:70:7f:41:55:b1:e4:
                    68:95:73:42:87:14:0e:1b:57:dc:bc:76:34:aa:f5:
                    28:84:02:cd:f7:4a:28:11:b8:79:bc:b1:8f:32:e8:
                    7c:89:dc:1a:27:77:2c:47:81:4d:28:5a:f5:f9:fe:
                    85:01:54:81:5d:90:8f:0f:29:3b:6d:1f:19:38:96:
                    2a:94:86:4a:c0:4d:e6:70:ec:60:8a:55:1e:9d:0a:
                    1f:c8:d8:52:79:bf:31:c7:b2:08:7c:0c:cc:e8:1a:
                    95:17:80:b0:ed:dd:54:1d:01:a5:55:9f:eb:1b:8b:
                    24:f5:80:99:2b:d9:a6:61:33:9c:cd:dc:53:05:6f:
                    07:16:7e:42:4d:bd:ec:f0:79:07:1f:c1:85:76:6e:
                    1a:c5:c4:a2:6d:88:31:f9:4a:db:80:6e:0d:28:26:
                    47:ea:f4:53:36:f6:ba:18:3d:26:79:d3:4a:3d:eb:
                    fe:73:31:69:3a:1d:96:96:c2:cc:33:b3:2d:00:8a:
                    d1:eb:53:da:79:53:a6:cb:f6:4d:96:0d:c6:e9:26:
                    6b:40:6c:97:9a:f3:aa:66:9d:0b:38:c7:bb:2c:9c:
                    49:2b:47:da:fb:e8:a7:7f:25:09:7e:f9:16:ff:ae:
                    3d:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:E5:89:D6:60:06:0D:79:79:57:13:FD:02:C5:72:D0:BA:47:6F:55
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xeWJ1mAGDXl5VxP9AsVy0LpHb1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.161.239.0/24
                  193.25.217.0/24
                  194.31.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:ce:b1:42:5c:04:0c:77:df:44:5e:7d:97:9c:2d:bd:c9:fd:
         ad:21:74:78:4f:f0:a0:ec:38:76:45:d2:cc:49:16:9e:13:e5:
         08:0c:ca:fe:87:11:96:78:32:48:09:77:b9:3a:7f:89:63:b8:
         62:cc:3b:6c:cf:99:1c:7c:d2:da:bc:f4:64:1d:f8:d3:d2:6b:
         9c:68:48:f9:57:52:31:09:ba:d1:9e:f2:33:b2:ed:a8:bc:a6:
         ea:73:a8:cb:c4:7c:04:b4:92:d8:3a:d1:e9:cf:5b:d3:21:35:
         1b:b8:d1:89:c7:10:42:35:52:0f:66:f3:2a:97:97:9c:eb:f8:
         22:62:d9:30:f2:4e:e2:3d:fa:a2:c4:4b:71:89:79:92:52:b6:
         bb:9f:ff:c4:9c:ef:2c:1b:5f:dd:27:8f:6e:e0:2f:f1:2d:34:
         69:02:de:dd:e5:aa:9f:10:5e:40:a1:9e:01:1c:a2:ac:fd:f3:
         55:eb:fa:94:61:17:53:05:2b:cc:89:7b:0b:47:4b:39:01:8a:
         fe:8d:be:96:0c:37:20:38:fe:a3:9d:7e:6f:6e:79:78:c0:ad:
         95:90:6c:4b:26:81:d6:8c:31:e7:61:97:71:e3:49:69:7a:69:
         e7:80:b2:05:fa:88:62:03:ef:f4:5d:b8:4e:87:dd:ff:27:62:
         0b:c8:77:da
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZSSAeuXj8a7HH9mkBVW+ZBGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTIzMDcxMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWU1ODlkNjYwMDYwZDc5Nzk1NzEzZmQwMmM1NzJkMGJhNDc2ZjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rZM92kK2n2fk4++t7vtU48/I3b7
h9Bwf0FVseRolXNChxQOG1fcvHY0qvUohALN90ooEbh5vLGPMuh8idwaJ3csR4FN
KFr1+f6FAVSBXZCPDyk7bR8ZOJYqlIZKwE3mcOxgilUenQofyNhSeb8xx7IIfAzM
6BqVF4Cw7d1UHQGlVZ/rG4sk9YCZK9mmYTOczdxTBW8HFn5CTb3s8HkHH8GFdm4a
xcSibYgx+UrbgG4NKCZH6vRTNva6GD0medNKPev+czFpOh2WlsLMM7MtAIrR61Pa
eVOmy/ZNlg3G6SZrQGyXmvOqZp0LOMe7LJxJK0fa++infyUJfvkW/649/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMXlidZgBg15eVcT/QLFctC6R29VMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveGVXSjFtQUdEWGw1VnhQOUFzVnkwTHBIYjFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUaHvAwQA
wRnZAwQAwh/eMA0GCSqGSIb3DQEBCwUAA4IBAQBFzrFCXAQMd99EXn2XnC29yf2t
IXR4T/Cg7Dh2RdLMSRaeE+UIDMr+hxGWeDJICXe5On+JY7hizDtsz5kcfNLavPRk
HfjT0mucaEj5V1IxCbrRnvIzsu2ovKbqc6jLxHwEtJLYOtHpz1vTITUbuNGJxxBC
NVIPZvMql5ec6/giYtkw8k7iPfqixEtxiXmSUra7n//EnO8sG1/dJ49u4C/xLTRp
At7d5aqfEF5AoZ4BHKKs/fNV6/qUYRdTBSvMiXsLR0s5AYr+jb6WDDcgOP6jnX5v
bnl4wK2VkGxLJoHWjDHnYZdx40lpemnngLIF+ohiA+/0XbhOh93/J2ILyHfa
-----END CERTIFICATE-----