Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yUtiUzPUW9sFOP8vbPJ34DgsvP4.roa
File:                     yUtiUzPUW9sFOP8vbPJ34DgsvP4.roa (raw, json)
Hash identifier:          FTXpKmAjtDDgBu9n9/QPnLaESH34jzZVy2YnLMAkWoE=
Subject key identifier:   C9:4B:62:53:33:D4:5B:DB:05:38:FF:2F:6C:F2:77:E0:38:2C:BC:FE
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0190C5AEF1FFE16172943AB6FB539ED1CC55
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yUtiUzPUW9sFOP8vbPJ34DgsvP4.roa
Signing time:             Thu 18 Jul 2024 11:51:35 +0000
ROA not before:           Thu 18 Jul 2024 11:51:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59723
IP address blocks:        94.156.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c5:ae:f1:ff:e1:61:72:94:3a:b6:fb:53:9e:d1:cc:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul 18 11:51:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c94b625333d45bdb0538ff2f6cf277e0382cbcfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7e:f2:cc:46:47:60:0d:b6:b1:e5:f3:14:b2:
                    58:cb:56:1e:f1:3d:51:3c:5a:a5:42:7b:9d:19:58:
                    7c:0c:7d:aa:92:c9:21:54:da:27:47:59:06:9f:05:
                    94:4f:58:4b:dd:94:fb:a1:8f:1f:87:a3:32:75:ef:
                    5a:68:18:ba:51:b0:1c:0b:86:de:a5:a5:7f:0d:47:
                    33:46:a4:cc:d3:6f:8f:da:6a:19:2f:3d:d9:80:94:
                    e6:67:6a:64:38:77:ec:fa:86:53:e1:17:36:1b:9f:
                    79:c9:59:93:d1:10:68:8d:fa:8b:d4:bf:ed:3f:5d:
                    86:f0:ea:e1:ce:fa:c3:ac:9a:f4:a7:eb:f5:91:07:
                    58:f9:ab:dc:7c:da:6d:1e:23:d5:3a:07:99:a3:64:
                    5b:ad:04:4a:9e:76:fc:ff:bd:79:89:08:ca:86:62:
                    5f:7d:39:cb:04:2d:6c:62:87:ba:4f:88:31:25:cf:
                    68:5f:4c:24:a9:8b:e8:6b:33:b6:51:2b:26:f1:70:
                    63:61:40:58:4a:ce:90:cd:e0:e3:89:c2:75:1d:e2:
                    5e:ab:b0:06:58:03:84:c3:a9:2e:87:bf:51:62:59:
                    db:cf:ab:3c:32:21:92:23:b7:2a:03:8a:ee:dd:01:
                    c1:f5:0e:33:51:92:6e:60:ae:9d:60:5d:b6:c1:67:
                    2d:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:4B:62:53:33:D4:5B:DB:05:38:FF:2F:6C:F2:77:E0:38:2C:BC:FE
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yUtiUzPUW9sFOP8vbPJ34DgsvP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:c8:35:14:2a:da:1d:81:f4:99:c4:b1:cc:d2:21:bb:ed:99:
         63:ea:a9:eb:31:e8:66:b4:ea:b8:3c:ea:48:68:42:66:aa:39:
         25:f4:27:75:43:70:f3:d4:80:a4:ec:b0:c6:6e:b3:c6:07:7f:
         7f:91:51:08:9b:36:3c:f2:be:23:8b:66:38:44:01:20:2d:60:
         ef:37:60:f2:77:fa:bf:3c:ff:5b:1b:66:ef:bf:1f:88:74:85:
         17:37:30:64:3e:5f:69:3d:f4:fc:84:36:fd:4b:42:38:35:2c:
         f0:8c:40:39:b4:f6:d3:9e:b4:e6:4d:22:22:b0:c8:e2:5c:fa:
         dd:28:4c:b3:71:10:5f:73:b9:9d:e6:1d:40:fd:10:90:f7:98:
         05:f9:1f:79:41:aa:f3:28:e9:12:e7:23:19:33:aa:2c:fe:b4:
         a1:f8:c2:48:87:06:3b:04:c4:f4:61:12:90:0f:1f:25:4e:90:
         d0:0c:0a:f5:99:25:ca:a4:08:2e:59:d6:fb:99:c7:2e:96:5e:
         76:cb:99:0e:c4:07:0f:33:18:4e:d7:0f:d0:1c:e3:2d:10:50:
         61:35:0d:d0:06:86:6f:26:96:99:a7:7f:35:88:c2:24:6e:c0:
         5b:e2:0b:e8:82:e6:be:44:a3:d6:ed:e8:c5:6f:1b:27:40:6f:
         6e:a8:d2:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDFrvH/4WFylDq2+1Oe0cxVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNzE4MTE1MTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTRiNjI1MzMzZDQ1YmRiMDUzOGZmMmY2Y2YyNzdlMDM4MmNiY2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs37yzEZHYA22seXzFLJYy1Ye8T1R
PFqlQnudGVh8DH2qkskhVNonR1kGnwWUT1hL3ZT7oY8fh6Myde9aaBi6UbAcC4be
paV/DUczRqTM02+P2moZLz3ZgJTmZ2pkOHfs+oZT4Rc2G595yVmT0RBojfqL1L/t
P12G8OrhzvrDrJr0p+v1kQdY+avcfNptHiPVOgeZo2RbrQRKnnb8/715iQjKhmJf
fTnLBC1sYoe6T4gxJc9oX0wkqYvoazO2USsm8XBjYUBYSs6QzeDjicJ1HeJeq7AG
WAOEw6kuh79RYlnbz6s8MiGSI7cqA4ru3QHB9Q4zUZJuYK6dYF22wWctCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMlLYlMz1FvbBTj/L2zyd+A4LLz+MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveVV0aVV6UFVXOXNGT1A4dmJQSjM0RGdzdlA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpxOMA0G
CSqGSIb3DQEBCwUAA4IBAQAryDUUKtodgfSZxLHM0iG77Zlj6qnrMehmtOq4POpI
aEJmqjkl9Cd1Q3Dz1ICk7LDGbrPGB39/kVEImzY88r4ji2Y4RAEgLWDvN2Dyd/q/
PP9bG2bvvx+IdIUXNzBkPl9pPfT8hDb9S0I4NSzwjEA5tPbTnrTmTSIisMjiXPrd
KEyzcRBfc7md5h1A/RCQ95gF+R95QarzKOkS5yMZM6os/rSh+MJIhwY7BMT0YRKQ
Dx8lTpDQDAr1mSXKpAguWdb7mccull52y5kOxAcPMxhO1w/QHOMtEFBhNQ3QBoZv
JpaZp381iMIkbsBb4gvogua+RKPW7ejFbxsnQG9uqNKZ
-----END CERTIFICATE-----