Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xzRHo1cWNugqej9iUMQ_hdTcAdc.roa
File:                     xzRHo1cWNugqej9iUMQ_hdTcAdc.roa (raw, json)
Hash identifier:          E3bBdsVSS2nTosx/mjKRPiuNHJZAcbB8gnzDF89+UJ4=
Subject key identifier:   C7:34:47:A3:57:16:36:E8:2A:7A:3F:62:50:C4:3F:85:D4:DC:01:D7
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01904F2A5D11D3A36AD4FF3F9F53055D2613
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xzRHo1cWNugqej9iUMQ_hdTcAdc.roa
Signing time:             Tue 25 Jun 2024 11:31:34 +0000
ROA not before:           Tue 25 Jun 2024 11:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52041
IP address blocks:        45.84.91.0/24 maxlen: 24
                          87.121.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:2a:5d:11:d3:a3:6a:d4:ff:3f:9f:53:05:5d:26:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun 25 11:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c73447a3571636e82a7a3f6250c43f85d4dc01d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:89:a0:a2:a0:31:cb:c2:68:b6:92:cd:53:68:
                    cc:5b:a6:0e:90:1b:12:8e:1b:80:18:32:63:a5:4f:
                    d4:a8:e4:2b:47:88:70:2f:f3:b1:68:04:c9:16:18:
                    f3:48:ab:4a:5b:10:35:5b:91:c9:e7:db:7a:a5:a5:
                    0b:bf:80:5a:dd:90:73:2f:99:f3:0f:a0:69:24:b1:
                    eb:98:2e:b7:25:9d:70:c0:47:52:0e:9d:1e:db:3f:
                    26:f9:18:0d:49:33:16:22:5b:c1:a8:9e:ea:a9:0b:
                    ed:8c:e5:00:56:ee:98:d8:ae:01:00:8f:b2:aa:0b:
                    96:66:b3:44:eb:da:f1:8d:76:8e:02:42:f2:7b:65:
                    11:3d:9e:a4:06:48:65:9a:37:91:5c:09:fe:79:14:
                    63:ab:ee:2b:75:7e:d8:98:4a:44:4d:61:2f:d5:6f:
                    fd:c9:1a:cf:b0:04:1a:ab:d1:60:8f:5a:1d:84:2e:
                    f0:96:64:9b:2d:d2:d0:1b:01:99:9e:4d:08:05:90:
                    cb:22:54:bd:95:2f:65:3a:f8:17:83:8f:eb:d0:cc:
                    a0:5a:6f:42:4c:e5:af:7f:2a:01:82:71:87:a2:67:
                    85:75:7e:e3:2a:cd:9b:69:83:af:62:c2:71:1a:8c:
                    fb:76:34:e9:d0:a7:a1:0c:3c:e1:59:ef:4d:51:a1:
                    5a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:34:47:A3:57:16:36:E8:2A:7A:3F:62:50:C4:3F:85:D4:DC:01:D7
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xzRHo1cWNugqej9iUMQ_hdTcAdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.91.0/24
                  87.121.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:21:b1:57:ac:94:da:4d:99:e7:90:02:8d:db:66:38:22:d6:
         63:ab:50:1d:9d:5c:7a:0f:17:f5:5f:ce:df:99:98:1e:98:2d:
         a9:73:de:31:66:81:da:7b:47:63:7a:9f:f6:5e:ae:bb:ee:3e:
         0b:c6:df:54:8e:b3:ed:6a:d5:17:91:d0:b5:10:36:3c:80:83:
         29:cf:56:2c:7d:b6:69:aa:d6:80:79:aa:cc:d8:b7:76:b5:18:
         fa:9f:d5:58:5e:17:a7:f4:68:e9:6d:ac:ee:52:0f:ce:71:25:
         94:ea:8d:3e:57:92:c7:e5:c0:78:14:ed:d1:5a:4d:28:d2:e6:
         d8:0d:41:98:e5:53:d6:a9:ec:f8:d2:6f:32:33:1f:e5:82:dc:
         bf:f1:5e:e3:8f:95:8f:a9:88:3b:b1:b8:5d:30:d6:91:9d:a4:
         b3:41:57:44:c5:dd:d4:f6:94:68:16:fc:e2:6d:73:08:e5:c6:
         7f:4f:7d:7c:7e:76:c5:f7:97:3b:e7:ed:65:f2:f8:27:26:f3:
         de:ee:85:4f:68:ea:d5:19:c1:4c:15:7d:6d:9c:24:b3:0a:10:
         06:8a:f3:d8:f4:b3:cd:e5:9b:25:d5:e6:c5:c3:15:4e:55:f3:
         bc:cf:e9:4f:bb:a2:8d:49:71:01:9e:44:e2:54:5a:37:90:e3:
         50:e4:23:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBPKl0R06Nq1P8/n1MFXSYTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNjI1MTEzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzM0NDdhMzU3MTYzNmU4MmE3YTNmNjI1MGM0M2Y4NWQ0ZGMwMWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4mgoqAxy8JotpLNU2jMW6YOkBsS
jhuAGDJjpU/UqOQrR4hwL/OxaATJFhjzSKtKWxA1W5HJ59t6paULv4Ba3ZBzL5nz
D6BpJLHrmC63JZ1wwEdSDp0e2z8m+RgNSTMWIlvBqJ7qqQvtjOUAVu6Y2K4BAI+y
qguWZrNE69rxjXaOAkLye2URPZ6kBkhlmjeRXAn+eRRjq+4rdX7YmEpETWEv1W/9
yRrPsAQaq9Fgj1odhC7wlmSbLdLQGwGZnk0IBZDLIlS9lS9lOvgXg4/r0MygWm9C
TOWvfyoBgnGHomeFdX7jKs2baYOvYsJxGoz7djTp0KehDDzhWe9NUaFayQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMc0R6NXFjboKno/YlDEP4XU3AHXMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveHpSSG8xY1dOdWdxZWo5aVVNUV9oZFRjQWRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVRbAwQA
V3ksMA0GCSqGSIb3DQEBCwUAA4IBAQAMIbFXrJTaTZnnkAKN22Y4ItZjq1AdnVx6
Dxf1X87fmZgemC2pc94xZoHae0djep/2Xq677j4Lxt9UjrPtatUXkdC1EDY8gIMp
z1YsfbZpqtaAearM2Ld2tRj6n9VYXhen9GjpbazuUg/OcSWU6o0+V5LH5cB4FO3R
Wk0o0ubYDUGY5VPWqez40m8yMx/lgty/8V7jj5WPqYg7sbhdMNaRnaSzQVdExd3U
9pRoFvzibXMI5cZ/T318fnbF95c75+1l8vgnJvPe7oVPaOrVGcFMFX1tnCSzChAG
ivPY9LPN5Zsl1ebFwxVOVfO8z+lPu6KNSXEBnkTiVFo3kONQ5COg
-----END CERTIFICATE-----