Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yjWEsV5A8ywcKisPJgIlojSHjIE.roa
File:                     yjWEsV5A8ywcKisPJgIlojSHjIE.roa (raw, json)
Hash identifier:          MzRAEf8MgLW3nKSwPoa2PRQPx7OQEUkPwy0+r1rabhc=
Subject key identifier:   CA:35:84:B1:5E:40:F3:2C:1C:2A:2B:0F:26:02:25:A2:34:87:8C:81
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D79ED5EE7DEF9DB2E695DB731B016E384
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yjWEsV5A8ywcKisPJgIlojSHjIE.roa
Signing time:             Mon 05 Feb 2024 15:40:15 +0000
ROA not before:           Mon 05 Feb 2024 15:40:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        94.156.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:79:ed:5e:e7:de:f9:db:2e:69:5d:b7:31:b0:16:e3:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb  5 15:40:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca3584b15e40f32c1c2a2b0f260225a234878c81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:00:f2:f1:74:85:c6:bb:a4:4e:4a:fd:50:8c:
                    a5:67:ba:36:fe:f6:ce:3f:4b:de:fd:ba:68:30:89:
                    b0:9b:a1:eb:f9:61:74:8f:cf:48:9a:89:e7:8f:1e:
                    10:ab:19:fd:a6:ca:6c:14:f0:f8:45:e5:12:87:24:
                    14:cb:f4:bc:4b:00:59:cf:1a:d8:79:e2:ae:e7:d0:
                    93:a4:4f:60:b0:68:2b:a4:8c:70:8c:be:dd:f5:d2:
                    17:d9:bb:c1:d2:ad:a0:f6:82:b9:5c:7b:ef:d9:8c:
                    5f:a0:0a:c0:3f:66:9a:2d:92:93:9b:cc:dd:78:ed:
                    9b:3e:0d:99:93:ba:55:22:a1:6f:aa:50:be:8e:23:
                    93:26:46:aa:3b:4d:91:49:2f:35:a4:70:28:09:fe:
                    7b:65:50:9d:8d:25:79:f8:6c:19:45:ee:60:93:5c:
                    d8:b1:d4:d1:a2:2c:af:ee:11:9b:98:01:f3:51:66:
                    d5:8b:9e:39:30:13:15:8f:a9:94:e0:7f:02:f4:d0:
                    11:40:43:cb:18:88:33:43:9b:da:6a:c5:94:12:2e:
                    5a:c6:a8:aa:eb:68:90:2b:0f:d5:bc:34:f5:aa:89:
                    87:b9:af:6d:1f:42:33:cf:88:6b:f3:99:18:f4:f1:
                    fe:ff:c5:23:56:c4:69:e9:88:d8:3d:53:b2:3b:4e:
                    54:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:35:84:B1:5E:40:F3:2C:1C:2A:2B:0F:26:02:25:A2:34:87:8C:81
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yjWEsV5A8ywcKisPJgIlojSHjIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:be:a6:af:32:3d:cb:4b:e4:d0:b2:b5:6f:e1:d0:4c:58:ae:
         73:1b:4d:fc:6d:a5:2b:4e:b5:b2:8f:d4:1b:45:01:12:c7:8b:
         5e:43:a1:fd:bd:3b:d5:8e:0c:7c:5c:d8:86:99:a1:65:d5:83:
         46:d8:9b:a5:b7:93:82:e2:5c:90:ea:fb:65:65:04:9f:c3:88:
         c0:0c:ea:ae:fe:86:de:fa:37:05:40:28:59:40:38:20:b0:fe:
         3f:9b:b5:38:a8:21:a9:88:6d:bf:e1:98:f2:50:cb:91:45:17:
         b7:22:15:ad:5a:ca:38:43:d6:31:aa:b6:ed:8d:e6:94:02:47:
         9e:cf:64:b8:24:e0:ca:df:2f:b7:ea:77:48:d3:69:7e:22:b3:
         4b:f0:0b:2e:47:ab:6f:a6:3c:c3:a6:5e:3c:1e:dd:b6:66:07:
         d2:a2:53:df:67:e8:af:fe:0e:c5:09:18:77:b5:7d:50:e8:4d:
         ac:ee:e8:6e:ab:41:a1:5d:20:75:f1:a1:10:b8:4e:64:5b:a8:
         da:a8:a4:36:e8:b7:6e:d9:ee:63:f5:3f:ca:35:c1:26:c6:ba:
         9f:90:97:7c:eb:fd:09:3c:ae:46:92:b6:82:7d:b7:fa:e6:4f:
         d0:63:65:1c:b8:cf:8b:85:85:61:a2:ee:85:ce:23:af:61:4f:
         11:c0:cc:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY157V7n3vnbLmldtzGwFuOEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjA1MTU0MDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTM1ODRiMTVlNDBmMzJjMWMyYTJiMGYyNjAyMjVhMjM0ODc4YzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigDy8XSFxrukTkr9UIylZ7o2/vbO
P0ve/bpoMImwm6Hr+WF0j89Imonnjx4Qqxn9pspsFPD4ReUShyQUy/S8SwBZzxrY
eeKu59CTpE9gsGgrpIxwjL7d9dIX2bvB0q2g9oK5XHvv2YxfoArAP2aaLZKTm8zd
eO2bPg2Zk7pVIqFvqlC+jiOTJkaqO02RSS81pHAoCf57ZVCdjSV5+GwZRe5gk1zY
sdTRoiyv7hGbmAHzUWbVi545MBMVj6mU4H8C9NARQEPLGIgzQ5vaasWUEi5axqiq
62iQKw/VvDT1qomHua9tH0Izz4hr85kY9PH+/8UjVsRp6YjYPVOyO05U4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMo1hLFeQPMsHCorDyYCJaI0h4yBMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveWpXRXNWNUE4eXdjS2lzUEpnSWxvalNIaklFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpz9MA0G
CSqGSIb3DQEBCwUAA4IBAQCsvqavMj3LS+TQsrVv4dBMWK5zG038baUrTrWyj9Qb
RQESx4teQ6H9vTvVjgx8XNiGmaFl1YNG2Jult5OC4lyQ6vtlZQSfw4jADOqu/obe
+jcFQChZQDggsP4/m7U4qCGpiG2/4ZjyUMuRRRe3IhWtWso4Q9YxqrbtjeaUAkee
z2S4JODK3y+36ndI02l+IrNL8AsuR6tvpjzDpl48Ht22ZgfSolPfZ+iv/g7FCRh3
tX1Q6E2s7uhuq0GhXSB18aEQuE5kW6jaqKQ26Ldu2e5j9T/KNcEmxrqfkJd86/0J
PK5GkraCfbf65k/QY2UcuM+LhYVhou6FziOvYU8RwMy3
-----END CERTIFICATE-----