Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zBpUsx4z_S3jRabc5xQTGi7Xdd0.roa
File:                     zBpUsx4z_S3jRabc5xQTGi7Xdd0.roa (raw, json)
Hash identifier:          cRRTXOw4Q86TkfK1/7frtL7oG8AQHmjgF2wGcOK4NAo=
Subject key identifier:   CC:1A:54:B3:1E:33:FD:2D:E3:45:A6:DC:E7:14:13:1A:2E:D7:75:DD
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019299D5C791D14E0C5121444E97E48BCF19
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zBpUsx4z_S3jRabc5xQTGi7Xdd0.roa
Signing time:             Thu 17 Oct 2024 09:36:17 +0000
ROA not before:           Thu 17 Oct 2024 09:36:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.216.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:99:d5:c7:91:d1:4e:0c:51:21:44:4e:97:e4:8b:cf:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct 17 09:36:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc1a54b31e33fd2de345a6dce714131a2ed775dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b1:a9:fe:45:1d:e5:83:c9:c5:65:c0:7f:63:
                    ca:e1:64:2e:43:ed:b3:52:c6:bc:a8:26:20:97:ca:
                    4a:d2:dd:43:ca:80:df:ae:2b:1c:58:33:2d:07:df:
                    56:35:13:9e:f5:78:06:f5:fd:ec:1d:84:05:79:c5:
                    e2:62:78:9d:b2:a2:74:d5:81:76:8c:08:c9:da:05:
                    19:81:6c:8f:24:85:4c:e8:a6:ca:70:f3:1e:28:8f:
                    8b:b2:b6:49:59:53:fd:19:c4:8e:39:11:45:56:e4:
                    56:93:0d:c8:9d:a9:02:16:9a:fd:87:3c:49:d0:26:
                    87:f9:0f:f3:12:56:cf:2d:72:c2:6e:19:44:d1:36:
                    ae:2c:fa:60:25:ab:c4:2f:4a:c7:4b:a2:3b:9d:aa:
                    dc:85:12:17:85:c7:18:a8:95:ec:0e:a3:a9:3a:36:
                    79:78:01:d5:72:80:cc:fa:db:75:07:36:44:d4:16:
                    16:53:f7:06:32:bf:12:db:62:7d:eb:cc:58:2a:b0:
                    75:b1:30:cf:b9:11:cd:f8:f9:5e:4e:48:1b:5e:10:
                    7f:6f:4c:37:1c:05:a2:51:11:44:d3:f6:30:f9:ee:
                    6b:8f:cf:15:88:88:c0:b5:51:e7:e5:92:69:ef:81:
                    4e:9d:92:f8:c0:9f:06:96:02:43:72:e0:4e:0c:a0:
                    53:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:1A:54:B3:1E:33:FD:2D:E3:45:A6:DC:E7:14:13:1A:2E:D7:75:DD
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zBpUsx4z_S3jRabc5xQTGi7Xdd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:90:c1:11:12:0a:90:ee:a9:72:1f:31:0e:52:3e:30:cb:12:
         27:da:8c:b8:7d:bf:4c:f8:ff:0d:6c:5f:b8:8b:03:88:5e:44:
         87:92:60:3b:25:91:f9:ba:be:c5:39:ed:c5:06:f0:9e:d8:d0:
         2c:60:7e:d1:ba:4c:db:ea:f1:ba:82:b2:28:9f:10:04:fb:32:
         e5:d8:7f:21:09:43:75:15:8b:dd:98:a7:c7:b1:87:7f:db:b7:
         07:2b:68:aa:c7:95:c0:6b:68:a6:b6:11:b6:ee:e4:f6:a5:1f:
         44:83:76:fd:e3:d6:c6:a3:60:cd:df:6d:2c:72:60:fd:c0:d8:
         e1:15:8a:70:b5:9d:6a:9b:b1:c0:05:d1:08:06:28:0c:96:95:
         de:7e:8e:77:bc:f5:f9:ae:7a:62:63:a7:35:07:c0:82:5c:f4:
         e3:9f:21:6d:df:65:39:45:79:69:e7:e8:35:2f:b5:4d:d0:30:
         60:9b:07:a3:13:e2:ed:87:9e:40:80:fa:39:34:5e:35:e6:9c:
         e6:f5:2b:04:c2:3f:fe:05:7e:9d:35:4a:cb:66:fb:9f:50:7a:
         db:e5:83:70:2d:92:34:ae:c7:95:49:b3:38:b1:79:31:b0:67:
         24:27:5b:48:38:19:a8:75:5a:21:b4:75:6d:87:74:2a:94:b9:
         e6:d8:99:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKZ1ceR0U4MUSFETpfki88ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMDE3MDkzNjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzFhNTRiMzFlMzNmZDJkZTM0NWE2ZGNlNzE0MTMxYTJlZDc3NWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7Gp/kUd5YPJxWXAf2PK4WQuQ+2z
Usa8qCYgl8pK0t1DyoDfriscWDMtB99WNROe9XgG9f3sHYQFecXiYnidsqJ01YF2
jAjJ2gUZgWyPJIVM6KbKcPMeKI+LsrZJWVP9GcSOORFFVuRWkw3InakCFpr9hzxJ
0CaH+Q/zElbPLXLCbhlE0TauLPpgJavEL0rHS6I7narchRIXhccYqJXsDqOpOjZ5
eAHVcoDM+tt1BzZE1BYWU/cGMr8S22J968xYKrB1sTDPuRHN+PleTkgbXhB/b0w3
HAWiURFE0/Yw+e5rj88ViIjAtVHn5ZJp74FOnZL4wJ8GlgJDcuBODKBTwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMwaVLMeM/0t40Wm3OcUExou13XdMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvekJwVXN4NHpfUzNqUmFiYzV4UVRHaTdYZGQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudhGMA0G
CSqGSIb3DQEBCwUAA4IBAQAwkMEREgqQ7qlyHzEOUj4wyxIn2oy4fb9M+P8NbF+4
iwOIXkSHkmA7JZH5ur7FOe3FBvCe2NAsYH7Rukzb6vG6grIonxAE+zLl2H8hCUN1
FYvdmKfHsYd/27cHK2iqx5XAa2imthG27uT2pR9Eg3b949bGo2DN320scmD9wNjh
FYpwtZ1qm7HABdEIBigMlpXefo53vPX5rnpiY6c1B8CCXPTjnyFt32U5RXlp5+g1
L7VN0DBgmwejE+Lth55AgPo5NF415pzm9SsEwj/+BX6dNUrLZvufUHrb5YNwLZI0
rseVSbM4sXkxsGckJ1tIOBmodVohtHVth3QqlLnm2Jmb
-----END CERTIFICATE-----