Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/xYWUygTHRqNFV4RDaCXX5KPcR4Y.roa
File:                     xYWUygTHRqNFV4RDaCXX5KPcR4Y.roa (raw, json)
Hash identifier:          pJlI2bLeR3GkV04H5fL3g6hK8NexsOU+oHvnmva6ntw=
Subject key identifier:   C5:85:94:CA:04:C7:46:A3:45:57:84:43:68:25:D7:E4:A3:DC:47:86
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       018CC7933C332241FD24957B009DDAD96934
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/xYWUygTHRqNFV4RDaCXX5KPcR4Y.roa
Signing time:             Tue 02 Jan 2024 00:29:24 +0000
ROA not before:           Tue 02 Jan 2024 00:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        171.22.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:3c:33:22:41:fd:24:95:7b:00:9d:da:d9:69:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jan  2 00:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c58594ca04c746a3455784436825d7e4a3dc4786
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:ac:3f:c4:7a:7b:2c:fd:ce:8a:31:42:39:e2:
                    d3:9f:77:03:c3:3c:d2:78:d7:30:2c:b9:13:66:f4:
                    05:5b:02:3f:37:4c:df:b2:0b:f5:bb:9b:68:bb:eb:
                    d5:7d:b3:e9:bc:ad:7d:83:48:2b:86:48:28:9b:6c:
                    98:77:6b:80:a3:6c:a3:02:ea:1f:09:9d:d8:ce:51:
                    06:36:ef:0b:17:8e:52:91:cb:86:c7:84:d6:e9:b5:
                    17:3f:af:62:58:27:88:5a:88:ef:55:02:cb:b0:ff:
                    cb:19:d1:f4:d0:1b:9a:7a:3e:43:a2:3b:24:ba:df:
                    d9:66:01:e3:4b:0d:d8:3e:ce:a2:66:52:a3:de:e5:
                    b6:cc:71:96:4c:89:78:13:f1:86:0d:79:cc:0c:02:
                    01:75:96:82:1b:cf:2f:3f:8d:65:5a:7e:19:44:46:
                    02:ba:b9:cd:29:c0:d2:01:0e:9c:62:53:0d:f5:ee:
                    3f:55:04:2b:cd:ef:e2:d6:3e:8a:07:77:f5:d9:6c:
                    56:e0:52:86:85:a0:56:a8:11:66:2a:5a:b5:d0:af:
                    05:90:e4:0a:05:16:84:ce:a6:65:ba:79:08:63:45:
                    f3:08:4c:ba:52:47:1b:c7:7d:fd:b8:04:37:0b:1e:
                    dc:42:1e:30:ed:c7:e4:21:b8:e6:32:69:8c:26:e1:
                    41:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:85:94:CA:04:C7:46:A3:45:57:84:43:68:25:D7:E4:A3:DC:47:86
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/xYWUygTHRqNFV4RDaCXX5KPcR4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:8b:b8:0f:39:71:35:b4:1f:97:03:bb:b5:5b:a4:a2:cf:7d:
         ee:0f:60:df:ae:3e:b8:d3:38:47:eb:c7:4e:da:be:89:36:94:
         d9:fb:c3:5f:2a:79:be:05:04:97:9f:3a:43:b6:b5:dd:a6:a9:
         85:59:7a:c7:44:dd:d6:1a:ed:40:f7:8b:ad:75:29:2d:60:6f:
         c5:89:17:14:5c:1a:fb:76:bb:57:70:81:45:1d:f4:64:67:41:
         31:ef:1a:7d:d3:25:fd:30:de:f2:6d:62:46:a5:77:6c:70:89:
         1a:b2:1a:b1:5a:b1:1e:e4:7d:73:57:12:25:c2:e1:d5:4d:65:
         37:d4:c7:30:83:26:b4:82:37:7b:ba:87:7f:6d:3b:33:bc:70:
         d9:e9:eb:80:2d:40:39:e1:e4:cc:80:60:09:24:be:12:45:21:
         99:41:d4:86:f8:b7:30:08:af:e6:91:4b:88:05:42:5b:e3:73:
         79:2c:fa:e2:5c:57:64:4d:80:e4:7f:58:08:b9:67:78:8c:72:
         d3:ad:19:21:ef:09:72:99:a0:72:3e:8e:02:30:45:db:61:4c:
         7c:ff:3a:35:f0:61:4b:01:f9:a4:9c:34:22:94:15:02:5e:ab:
         ec:98:6a:36:44:14:69:5b:1c:22:91:95:6a:94:33:c2:9d:04:
         be:7d:1f:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHkzwzIkH9JJV7AJ3a2Wk0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjQwMTAyMDAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTg1OTRjYTA0Yzc0NmEzNDU1Nzg0NDM2ODI1ZDdlNGEzZGM0Nzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2aw/xHp7LP3OijFCOeLTn3cDwzzS
eNcwLLkTZvQFWwI/N0zfsgv1u5tou+vVfbPpvK19g0grhkgom2yYd2uAo2yjAuof
CZ3YzlEGNu8LF45SkcuGx4TW6bUXP69iWCeIWojvVQLLsP/LGdH00Buaej5Dojsk
ut/ZZgHjSw3YPs6iZlKj3uW2zHGWTIl4E/GGDXnMDAIBdZaCG88vP41lWn4ZREYC
urnNKcDSAQ6cYlMN9e4/VQQrze/i1j6KB3f12WxW4FKGhaBWqBFmKlq10K8FkOQK
BRaEzqZlunkIY0XzCEy6Ukcbx339uAQ3Cx7cQh4w7cfkIbjmMmmMJuFBAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWFlMoEx0ajRVeEQ2gl1+Sj3EeGMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEveFlXVXlnVEhScU5GVjRSRGFDWFg1S1BjUjRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxaTMA0G
CSqGSIb3DQEBCwUAA4IBAQCXi7gPOXE1tB+XA7u1W6Siz33uD2Dfrj640zhH68dO
2r6JNpTZ+8NfKnm+BQSXnzpDtrXdpqmFWXrHRN3WGu1A94utdSktYG/FiRcUXBr7
drtXcIFFHfRkZ0Ex7xp90yX9MN7ybWJGpXdscIkashqxWrEe5H1zVxIlwuHVTWU3
1Mcwgya0gjd7uod/bTszvHDZ6euALUA54eTMgGAJJL4SRSGZQdSG+LcwCK/mkUuI
BUJb43N5LPriXFdkTYDkf1gIuWd4jHLTrRkh7wlymaByPo4CMEXbYUx8/zo18GFL
AfmknDQilBUCXqvsmGo2RBRpWxwikZVqlDPCnQS+fR8V
-----END CERTIFICATE-----