Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yW-sJHl_pOcGYpOFSgFTqeRlKJA.roa
File:                     yW-sJHl_pOcGYpOFSgFTqeRlKJA.roa (raw, json)
Hash identifier:          O7thH9mTr7vuUYk/+sLiRH2Icpwcxv6IpVBl5tATRWQ=
Subject key identifier:   C9:6F:AC:24:79:7F:A4:E7:06:62:93:85:4A:01:53:A9:E4:65:28:90
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01959B8C145A9B6F50A9E2399585692D73E3
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yW-sJHl_pOcGYpOFSgFTqeRlKJA.roa
Signing time:             Sat 15 Mar 2025 20:43:23 +0000
ROA not before:           Sat 15 Mar 2025 20:43:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209628
IP address blocks:        87.121.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:9b:8c:14:5a:9b:6f:50:a9:e2:39:95:85:69:2d:73:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 15 20:43:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c96fac24797fa4e7066293854a0153a9e4652890
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:63:0c:96:74:87:29:f7:e8:88:92:f6:8d:ab:
                    0d:30:01:50:09:9c:15:aa:eb:a4:aa:84:b4:85:38:
                    3e:c9:6e:d0:f2:66:46:5e:7f:07:16:a5:bd:d8:4b:
                    5d:b7:c2:c6:a7:25:6d:9d:a0:f7:79:3d:b9:b0:df:
                    15:d0:a9:35:10:24:c6:8f:08:d7:f6:54:d3:33:be:
                    bf:6b:90:03:97:83:eb:cb:d9:65:82:3a:b3:67:10:
                    1f:69:22:28:41:98:20:f4:41:8f:5a:ab:b6:08:24:
                    22:51:6b:da:f1:f2:e3:1c:12:63:f5:70:cf:1d:9f:
                    0f:b6:10:bf:27:14:42:1f:ca:97:1c:20:31:06:93:
                    1b:f5:b8:51:d8:38:99:25:3d:50:53:86:6c:08:00:
                    10:91:6e:13:f4:6f:77:dc:b9:7b:77:fa:9c:a0:5d:
                    b7:23:e6:9c:87:f7:5f:4f:a7:9f:56:d4:3c:c2:ee:
                    d9:d5:c7:ed:5b:8f:37:82:b8:a7:58:d5:57:53:4b:
                    88:63:d7:1e:59:63:87:d5:9c:df:7d:0a:07:59:fb:
                    cb:6e:a6:3b:0f:31:d5:2f:3f:c2:ac:7b:5d:5e:54:
                    98:35:33:af:bf:3b:fb:fe:48:e5:93:30:6a:ef:21:
                    34:0b:e5:3e:63:3f:b2:e3:99:f3:04:c9:d0:ab:bd:
                    3a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:6F:AC:24:79:7F:A4:E7:06:62:93:85:4A:01:53:A9:E4:65:28:90
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yW-sJHl_pOcGYpOFSgFTqeRlKJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:26:d6:ae:99:0b:4c:cb:7b:02:af:7f:46:17:49:24:3f:68:
         d0:f1:ee:b0:95:34:a4:5e:6f:bb:4e:71:b8:13:92:00:5f:25:
         62:13:f2:86:79:a3:a0:7a:92:90:b2:d1:05:7e:ed:c4:ec:8f:
         62:ff:2c:ee:62:0e:93:07:83:02:8c:a0:f4:7d:65:66:d6:48:
         8e:e4:20:94:dd:ce:7a:92:f7:a1:c4:2d:73:0d:4c:b4:d2:3a:
         0d:50:9f:06:61:10:fb:9d:4f:76:f0:f3:38:e6:8c:6a:d6:2e:
         78:30:43:85:22:80:c1:e8:18:a2:b5:60:c5:3f:1f:10:f5:2d:
         bb:40:6f:c7:89:02:3f:4c:8c:9f:25:63:20:65:c6:a3:5a:00:
         56:c2:c1:d2:63:e9:18:c5:57:e7:dc:8d:41:9f:c3:c7:df:3e:
         d1:fc:b8:fe:c0:da:6e:a4:a0:27:f9:6e:c5:19:62:cc:8a:a1:
         7c:2e:83:28:93:1e:f9:91:0e:33:c0:a8:e7:f1:31:ca:dd:bf:
         48:81:a5:10:54:82:60:8b:b6:52:03:1c:f1:0b:25:30:24:08:
         07:da:ee:d6:3b:27:d6:18:14:a4:f1:62:0c:a2:69:a5:df:52:
         df:09:6e:12:64:0b:1a:98:d5:a4:dd:7c:74:32:d0:3b:46:9d:
         72:8b:b3:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWbjBRam29QqeI5lYVpLXPjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzE1MjA0MzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTZmYWMyNDc5N2ZhNGU3MDY2MjkzODU0YTAxNTNhOWU0NjUyODkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WMMlnSHKffoiJL2jasNMAFQCZwV
quukqoS0hTg+yW7Q8mZGXn8HFqW92Etdt8LGpyVtnaD3eT25sN8V0Kk1ECTGjwjX
9lTTM76/a5ADl4Pry9llgjqzZxAfaSIoQZgg9EGPWqu2CCQiUWva8fLjHBJj9XDP
HZ8PthC/JxRCH8qXHCAxBpMb9bhR2DiZJT1QU4ZsCAAQkW4T9G933Ll7d/qcoF23
I+ach/dfT6efVtQ8wu7Z1cftW483grinWNVXU0uIY9ceWWOH1ZzffQoHWfvLbqY7
DzHVLz/CrHtdXlSYNTOvvzv7/kjlkzBq7yE0C+U+Yz+y45nzBMnQq7068wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMlvrCR5f6TnBmKThUoBU6nkZSiQMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveVctc0pIbF9wT2NHWXBPRlNnRlRxZVJsS0pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3k2MA0G
CSqGSIb3DQEBCwUAA4IBAQBdJtaumQtMy3sCr39GF0kkP2jQ8e6wlTSkXm+7TnG4
E5IAXyViE/KGeaOgepKQstEFfu3E7I9i/yzuYg6TB4MCjKD0fWVm1kiO5CCU3c56
kvehxC1zDUy00joNUJ8GYRD7nU928PM45oxq1i54MEOFIoDB6BiitWDFPx8Q9S27
QG/HiQI/TIyfJWMgZcajWgBWwsHSY+kYxVfn3I1Bn8PH3z7R/Lj+wNpupKAn+W7F
GWLMiqF8LoMokx75kQ4zwKjn8THK3b9IgaUQVIJgi7ZSAxzxCyUwJAgH2u7WOyfW
GBSk8WIMomml31LfCW4SZAsamNWk3Xx0MtA7Rp1yi7MK
-----END CERTIFICATE-----