Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zyMagqcG1E9lMHihNQqnB-RSBqg.roa
File:                     zyMagqcG1E9lMHihNQqnB-RSBqg.roa (raw, json)
Hash identifier:          0r4sAdRorxh6rB7jwwvdz/0yvZrbJedjfoRbVuzjJyE=
Subject key identifier:   CF:23:1A:82:A7:06:D4:4F:65:30:78:A1:35:0A:A7:07:E4:52:06:A8
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019179182A5EA145B92AE51EB0E90DE1F15E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zyMagqcG1E9lMHihNQqnB-RSBqg.roa
Signing time:             Thu 22 Aug 2024 07:58:32 +0000
ROA not before:           Thu 22 Aug 2024 07:58:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42446
IP address blocks:        87.120.197.0/24 maxlen: 24
                          91.92.232.0/24 maxlen: 24
                          2a00:1728:30::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:79:18:2a:5e:a1:45:b9:2a:e5:1e:b0:e9:0d:e1:f1:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Aug 22 07:58:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf231a82a706d44f653078a1350aa707e45206a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b6:fe:4c:56:e1:ff:27:15:8c:77:d4:76:36:
                    25:38:d2:b0:12:00:71:e4:7c:18:04:aa:21:8a:b7:
                    0a:65:6d:66:bb:8a:10:9d:5b:33:c0:42:96:89:97:
                    84:72:69:91:ff:46:2d:c8:a5:69:79:a0:ec:21:1f:
                    08:c1:c2:ee:6c:8a:c7:b0:55:52:c1:d3:7f:ea:6a:
                    7d:a3:a4:da:78:17:17:d4:41:ec:52:32:86:8f:ef:
                    f5:00:b0:eb:f6:3d:8c:2b:f2:e9:ea:45:77:1b:d6:
                    bf:71:a1:0e:34:3e:08:bc:65:1e:d4:c5:20:66:53:
                    ef:a1:2e:ca:4a:0f:db:01:53:76:63:6e:14:c8:42:
                    84:17:60:1f:fd:94:e5:3e:01:2d:81:c3:f6:bb:01:
                    cf:bd:73:11:46:8f:2a:8e:10:2c:06:12:03:a3:f6:
                    e1:8e:f6:f4:e4:c7:81:c9:38:a2:28:6d:cd:c1:da:
                    7b:47:f0:90:4f:47:3c:70:11:11:47:cc:c3:f9:34:
                    9d:bd:ed:3c:34:78:fc:ce:d7:60:da:9e:e0:16:ef:
                    f1:da:32:d3:52:a8:9b:65:a7:93:96:7c:fa:03:99:
                    ab:0f:d1:57:d7:65:bf:e3:ee:a5:42:df:20:f1:8e:
                    07:75:85:7e:6f:c4:a7:87:25:03:d7:66:3e:5e:a1:
                    20:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:23:1A:82:A7:06:D4:4F:65:30:78:A1:35:0A:A7:07:E4:52:06:A8
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zyMagqcG1E9lMHihNQqnB-RSBqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.197.0/24
                  91.92.232.0/24
                IPv6:
                  2a00:1728:30::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:9a:2a:c6:7c:04:9b:7d:41:9a:1c:ff:70:23:29:ba:5c:63:
         25:6a:f0:2b:f3:5c:44:99:81:c0:8d:9e:53:c6:f1:48:ba:64:
         46:0e:92:38:e9:7c:1f:1d:3b:08:9d:a2:bd:1d:01:a8:83:4d:
         08:12:fb:d8:a8:6f:fc:91:5d:61:00:d9:e9:99:2f:73:cf:dd:
         11:ab:db:0c:41:c3:75:4f:b8:ea:3e:fa:da:8c:39:fd:4b:44:
         0a:02:1e:f2:62:7d:c2:3d:03:47:41:5f:a6:f5:4c:a7:31:a7:
         18:ea:53:c1:25:77:ac:c5:23:1c:48:b7:66:04:ae:03:10:33:
         6e:01:ff:3d:a2:b1:4f:63:cf:2d:25:d0:80:af:bf:e6:04:b4:
         3d:5a:28:ca:1c:14:9d:22:83:0e:d1:01:71:35:57:1e:fa:7d:
         eb:27:6b:f3:ab:7f:1b:ad:13:eb:64:72:74:3e:d2:06:8c:ff:
         97:0d:9a:46:73:aa:22:5c:ff:d3:7a:a4:1d:ef:fa:85:5d:7f:
         f3:3e:70:20:c6:7d:8d:41:40:a7:b0:45:41:d3:e8:3a:20:87:
         01:9c:e8:38:79:5b:28:eb:d7:af:db:ec:44:86:3b:6f:88:ec:
         b3:59:39:12:6e:70:c6:83:4d:b4:a3:e0:39:45:5c:b6:70:b0:
         75:6f:9f:c9
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZF5GCpeoUW5KuUesOkN4fFeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwODIyMDc1ODMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjIzMWE4MmE3MDZkNDRmNjUzMDc4YTEzNTBhYTcwN2U0NTIwNmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bb+TFbh/ycVjHfUdjYlONKwEgBx
5HwYBKohircKZW1mu4oQnVszwEKWiZeEcmmR/0YtyKVpeaDsIR8IwcLubIrHsFVS
wdN/6mp9o6TaeBcX1EHsUjKGj+/1ALDr9j2MK/Lp6kV3G9a/caEOND4IvGUe1MUg
ZlPvoS7KSg/bAVN2Y24UyEKEF2Af/ZTlPgEtgcP2uwHPvXMRRo8qjhAsBhIDo/bh
jvb05MeByTiiKG3Nwdp7R/CQT0c8cBERR8zD+TSdve08NHj8ztdg2p7gFu/x2jLT
UqibZaeTlnz6A5mrD9FX12W/4+6lQt8g8Y4HdYV+b8SnhyUD12Y+XqEghwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFM8jGoKnBtRPZTB4oTUKpwfkUgaoMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvenlNYWdxY0cxRTlsTUhpaE5RcW5CLVJTQnFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAV3jFAwQA
W1zoMA8EAgACMAkDBwAqABcoADAwDQYJKoZIhvcNAQELBQADggEBAEuaKsZ8BJt9
QZoc/3AjKbpcYyVq8CvzXESZgcCNnlPG8Ui6ZEYOkjjpfB8dOwidor0dAaiDTQgS
+9iob/yRXWEA2emZL3PP3RGr2wxBw3VPuOo++tqMOf1LRAoCHvJifcI9A0dBX6b1
TKcxpxjqU8Eld6zFIxxIt2YErgMQM24B/z2isU9jzy0l0ICvv+YEtD1aKMocFJ0i
gw7RAXE1Vx76fesna/OrfxutE+tkcnQ+0gaM/5cNmkZzqiJc/9N6pB3v+oVdf/M+
cCDGfY1BQKewRUHT6DoghwGc6Dh5Wyjr16/b7ESGO2+I7LNZORJucMaDTbSj4DlF
XLZwsHVvn8k=
-----END CERTIFICATE-----