Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/z7dPxWmrtOaasdhHF_ykQa7fSFE.roa
File:                     z7dPxWmrtOaasdhHF_ykQa7fSFE.roa (raw, json)
Hash identifier:          swiRi8XWeZLLRqLyVXY/sYUEeayKDViFT5qZcOJOlss=
Subject key identifier:   CF:B7:4F:C5:69:AB:B4:E6:9A:B1:D8:47:17:FC:A4:41:AE:DF:48:51
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018DCC07A1C95DE9F57022A6FBD611D89AF1
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/z7dPxWmrtOaasdhHF_ykQa7fSFE.roa
Signing time:             Wed 21 Feb 2024 14:17:48 +0000
ROA not before:           Wed 21 Feb 2024 14:17:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        81.161.229.0/24 maxlen: 24
                          147.78.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cc:07:a1:c9:5d:e9:f5:70:22:a6:fb:d6:11:d8:9a:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 21 14:17:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfb74fc569abb4e69ab1d84717fca441aedf4851
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:46:87:d7:01:7e:fb:98:4b:fd:6d:d4:c0:4d:
                    bd:3e:e4:f6:51:08:71:cf:b3:cb:8a:7a:1c:71:41:
                    6c:02:ed:ea:5b:52:c8:07:0d:83:53:61:a9:f8:97:
                    fb:af:1b:eb:d4:80:07:5f:d4:8f:9b:3b:55:b3:83:
                    95:ae:e6:37:35:98:07:6f:a0:89:5a:8e:aa:8e:e7:
                    c4:62:72:a3:4c:a8:3e:f0:7a:ba:00:b7:c4:ed:c5:
                    24:80:89:2e:15:70:01:ad:3e:aa:62:12:da:af:2d:
                    f3:1a:02:cf:6a:73:aa:bb:92:12:18:23:38:36:14:
                    99:0f:b8:34:c1:23:46:ba:5e:47:da:4a:d1:0b:6e:
                    58:e9:f6:83:1f:74:8d:48:bd:92:1c:92:89:66:3f:
                    9c:b5:59:2e:92:91:5a:9a:10:5a:5e:71:8b:4a:4a:
                    09:7c:9f:66:b9:20:2d:5a:9f:f7:fa:31:d1:40:ac:
                    9c:27:c3:f9:be:59:2b:08:e0:ba:f5:94:e7:03:d7:
                    ee:8b:19:84:24:64:a9:6c:33:3b:4f:c3:a4:73:13:
                    3d:c1:ee:3d:0d:b4:c7:7f:84:3a:79:04:68:a6:43:
                    33:1a:dc:50:7a:ae:1a:ae:d7:6d:74:29:5c:f1:41:
                    3e:a4:47:7d:c7:bb:49:69:da:56:55:34:ba:92:77:
                    ae:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:B7:4F:C5:69:AB:B4:E6:9A:B1:D8:47:17:FC:A4:41:AE:DF:48:51
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/z7dPxWmrtOaasdhHF_ykQa7fSFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.161.229.0/24
                  147.78.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:30:8d:d6:a3:cb:d8:23:eb:47:6e:03:32:25:cf:c8:eb:6e:
         d9:d3:0d:93:d8:80:b4:db:f6:fc:85:de:75:d9:4b:d9:74:1b:
         08:06:f0:75:1c:36:a8:4d:79:16:9e:30:92:49:9f:77:00:97:
         12:18:1a:9b:b8:99:81:59:0d:b8:bb:88:94:a0:11:27:8d:d5:
         a9:5c:55:7f:4f:5b:ba:fb:e9:d9:29:c1:18:d5:4f:ab:ae:29:
         ce:9a:4d:0f:2f:cd:5c:f2:b6:f6:bd:85:39:c0:ae:b7:8a:56:
         d5:66:ac:82:6e:a5:05:9f:f3:46:c4:1f:7a:53:60:c4:df:4c:
         9c:36:0f:5e:2f:3c:45:f1:73:31:3f:a6:66:2b:34:67:96:71:
         45:b4:d3:79:fb:d3:41:3e:cb:3d:ad:64:63:f0:d4:16:ee:8b:
         f6:94:bd:c8:68:40:c9:f6:44:0e:95:08:27:96:82:79:63:cb:
         84:b6:8f:55:c8:29:a7:f5:58:0f:39:1a:b6:13:d7:b4:43:d8:
         fa:90:3d:be:80:c2:aa:f7:41:88:fa:0f:6c:47:70:3d:18:f4:
         7f:c9:00:60:6d:7f:e6:22:0c:64:17:9f:8d:6a:3d:4e:1d:f8:
         c2:de:fd:1b:fc:fe:6f:91:ef:1d:ef:bc:19:6e:8b:17:1b:3f:
         b6:6a:e5:ed
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3MB6HJXen1cCKm+9YR2JrxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjIxMTQxNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmI3NGZjNTY5YWJiNGU2OWFiMWQ4NDcxN2ZjYTQ0MWFlZGY0ODUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkaH1wF++5hL/W3UwE29PuT2UQhx
z7PLinoccUFsAu3qW1LIBw2DU2Gp+Jf7rxvr1IAHX9SPmztVs4OVruY3NZgHb6CJ
Wo6qjufEYnKjTKg+8Hq6ALfE7cUkgIkuFXABrT6qYhLary3zGgLPanOqu5ISGCM4
NhSZD7g0wSNGul5H2krRC25Y6faDH3SNSL2SHJKJZj+ctVkukpFamhBaXnGLSkoJ
fJ9muSAtWp/3+jHRQKycJ8P5vlkrCOC69ZTnA9fuixmEJGSpbDM7T8OkcxM9we49
DbTHf4Q6eQRopkMzGtxQeq4artdtdClc8UE+pEd9x7tJadpWVTS6kneuMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM+3T8Vpq7TmmrHYRxf8pEGu30hRMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvejdkUHhXbXJ0T2Fhc2RoSEZfeWtRYTdmU0ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUaHlAwQA
k05lMA0GCSqGSIb3DQEBCwUAA4IBAQCmMI3Wo8vYI+tHbgMyJc/I627Z0w2T2IC0
2/b8hd512UvZdBsIBvB1HDaoTXkWnjCSSZ93AJcSGBqbuJmBWQ24u4iUoBEnjdWp
XFV/T1u6++nZKcEY1U+rrinOmk0PL81c8rb2vYU5wK63ilbVZqyCbqUFn/NGxB96
U2DE30ycNg9eLzxF8XMxP6ZmKzRnlnFFtNN5+9NBPss9rWRj8NQW7ov2lL3IaEDJ
9kQOlQgnloJ5Y8uEto9VyCmn9VgPORq2E9e0Q9j6kD2+gMKq90GI+g9sR3A9GPR/
yQBgbX/mIgxkF5+Naj1OHfjC3v0b/P5vke8d77wZbosXGz+2auXt
-----END CERTIFICATE-----