Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/ca5e44-080e-4140-89a1-bfed0092f86a/1/22Z3OoQxu-JnD2GI6nNxrQivc7U.roa
File:                     22Z3OoQxu-JnD2GI6nNxrQivc7U.roa (raw, json)
Hash identifier:          M6ZzE4dRFCOlL9FEtII06ZThOG5APbOupjnlCNFzkpA=
Subject key identifier:   DB:66:77:3A:84:31:BB:E2:67:0F:61:88:EA:73:71:AD:08:AF:73:B5
Certificate issuer:       /CN=99fea9717c280ec879335273f022e6b0537455c2
Certificate serial:       018CC492B0D43D5771D4CA1A4C28DDD78E4F
Authority key identifier: 99:FE:A9:71:7C:28:0E:C8:79:33:52:73:F0:22:E6:B0:53:74:55:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mf6pcXwoDsh5M1Jz8CLmsFN0VcI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/ca5e44-080e-4140-89a1-bfed0092f86a/1/22Z3OoQxu-JnD2GI6nNxrQivc7U.roa
Signing time:             Mon 01 Jan 2024 10:29:56 +0000
ROA not before:           Mon 01 Jan 2024 10:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22773
IP address blocks:        185.5.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/ca5e44-080e-4140-89a1-bfed0092f86a/1/mf6pcXwoDsh5M1Jz8CLmsFN0VcI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/ca5e44-080e-4140-89a1-bfed0092f86a/1/mf6pcXwoDsh5M1Jz8CLmsFN0VcI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mf6pcXwoDsh5M1Jz8CLmsFN0VcI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 07:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:b0:d4:3d:57:71:d4:ca:1a:4c:28:dd:d7:8e:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99fea9717c280ec879335273f022e6b0537455c2
        Validity
            Not Before: Jan  1 10:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db66773a8431bbe2670f6188ea7371ad08af73b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:14:c7:95:bd:e3:7f:92:fe:09:e5:ae:a3:07:
                    74:74:f1:55:98:e3:8c:80:07:34:9c:d5:f4:61:dc:
                    cc:eb:aa:ab:c3:cd:7c:ad:1d:d0:cb:93:53:61:1b:
                    6a:5a:a5:ad:9e:3e:b2:61:45:b6:82:64:f4:d5:64:
                    83:fd:94:d0:9c:f4:db:fd:65:60:fd:51:58:8f:e6:
                    c4:d8:60:06:17:c8:6c:f6:0a:cf:bd:58:07:0b:0d:
                    42:f6:1a:42:70:c8:44:92:4c:38:a6:c3:a5:4f:3f:
                    56:cd:4b:fe:43:48:12:c4:33:f1:62:76:04:fe:c5:
                    8a:b0:d3:ae:e9:b8:7a:4c:a0:ca:ab:96:e8:6b:a8:
                    41:49:65:90:3e:43:ae:5e:df:93:d1:98:22:78:a0:
                    47:4c:ba:c8:27:4f:fe:ce:3d:e7:7a:99:8d:e5:4b:
                    8e:0d:5d:09:3d:84:ad:b9:d6:94:6c:83:13:f0:2c:
                    5a:e2:e8:63:a4:4a:ba:5e:09:d2:2b:4a:1f:af:01:
                    35:b0:08:27:c0:f0:94:a7:ac:52:48:db:a6:58:5a:
                    d5:24:35:21:30:77:4f:50:ae:e5:77:34:5f:b0:ad:
                    a2:cc:b0:eb:2e:cd:72:ed:5f:f7:84:93:f0:ab:0d:
                    36:20:56:9c:3c:31:d8:30:20:9f:48:4d:35:8d:28:
                    ba:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:66:77:3A:84:31:BB:E2:67:0F:61:88:EA:73:71:AD:08:AF:73:B5
            X509v3 Authority Key Identifier:
                keyid:99:FE:A9:71:7C:28:0E:C8:79:33:52:73:F0:22:E6:B0:53:74:55:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mf6pcXwoDsh5M1Jz8CLmsFN0VcI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/ca5e44-080e-4140-89a1-bfed0092f86a/1/22Z3OoQxu-JnD2GI6nNxrQivc7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/ca5e44-080e-4140-89a1-bfed0092f86a/1/mf6pcXwoDsh5M1Jz8CLmsFN0VcI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:a1:34:7e:ee:43:2f:de:c3:74:f9:f2:1b:db:98:ed:c1:47:
         d6:ab:0e:d7:05:b0:7b:64:08:b1:5a:18:26:08:17:6d:82:10:
         7a:8b:76:af:c3:b7:27:23:c2:2d:13:02:35:f2:44:e8:d1:a6:
         16:9f:94:4b:39:ad:cc:45:2e:2a:da:76:bd:89:8e:86:b2:61:
         e6:96:8d:a5:8d:28:c2:37:d4:aa:3a:0c:76:d6:d4:fe:29:c7:
         c9:02:95:00:af:9d:61:02:9e:0a:c5:8e:42:eb:32:21:df:a6:
         4a:d1:c0:87:c0:04:c7:ce:9d:ff:3b:d0:68:d6:4f:9e:31:71:
         f7:36:ce:b1:5f:28:0b:08:1f:fb:ec:4a:69:ba:fa:38:bd:c4:
         72:41:42:29:a8:a5:f3:b5:1a:9e:7a:33:1c:e5:a3:89:83:17:
         bc:a0:3c:e2:c8:ad:22:15:98:eb:1c:0a:f2:14:95:b5:5a:25:
         45:4b:e1:b2:ff:a6:8d:0c:db:98:e6:5e:2c:86:1e:c2:4f:0d:
         ce:6d:1d:48:b9:dc:6b:bf:20:25:fc:df:c5:77:f5:c7:46:f0:
         88:a7:dd:be:eb:c4:a2:a9:91:ba:8e:c8:f3:52:77:69:2a:ff:
         86:d5:4b:dd:af:15:11:dd:1a:2e:b0:fe:f8:35:4f:7d:ef:87:
         9f:06:57:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkrDUPVdx1MoaTCjd145PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZmVhOTcxN2MyODBlYzg3OTMzNTI3M2YwMjJlNmIwNTM3
NDU1YzIwHhcNMjQwMTAxMTAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjY2NzczYTg0MzFiYmUyNjcwZjYxODhlYTczNzFhZDA4YWY3M2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhTHlb3jf5L+CeWuowd0dPFVmOOM
gAc0nNX0YdzM66qrw818rR3Qy5NTYRtqWqWtnj6yYUW2gmT01WSD/ZTQnPTb/WVg
/VFYj+bE2GAGF8hs9grPvVgHCw1C9hpCcMhEkkw4psOlTz9WzUv+Q0gSxDPxYnYE
/sWKsNOu6bh6TKDKq5boa6hBSWWQPkOuXt+T0ZgieKBHTLrIJ0/+zj3nepmN5UuO
DV0JPYStudaUbIMT8Cxa4uhjpEq6XgnSK0ofrwE1sAgnwPCUp6xSSNumWFrVJDUh
MHdPUK7ldzRfsK2izLDrLs1y7V/3hJPwqw02IFacPDHYMCCfSE01jSi6aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtmdzqEMbviZw9hiOpzca0Ir3O1MB8GA1UdIwQY
MBaAFJn+qXF8KA7IeTNSc/Ai5rBTdFXCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWY2cGNYd29Ec2g1TTFKejhDTG1zRk4wVmNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jYTVlNDQtMDgwZS00MTQwLTg5YTEt
YmZlZDAwOTJmODZhLzEvMjJaM09vUXh1LUpuRDJHSTZuTnhyUWl2YzdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jYTVlNDQtMDgwZS00MTQwLTg5YTEtYmZlZDAwOTJmODZh
LzEvbWY2cGNYd29Ec2g1TTFKejhDTG1zRk4wVmNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQWTMA0G
CSqGSIb3DQEBCwUAA4IBAQCmoTR+7kMv3sN0+fIb25jtwUfWqw7XBbB7ZAixWhgm
CBdtghB6i3avw7cnI8ItEwI18kTo0aYWn5RLOa3MRS4q2na9iY6GsmHmlo2ljSjC
N9SqOgx21tT+KcfJApUAr51hAp4KxY5C6zIh36ZK0cCHwATHzp3/O9Bo1k+eMXH3
Ns6xXygLCB/77Eppuvo4vcRyQUIpqKXztRqeejMc5aOJgxe8oDziyK0iFZjrHAry
FJW1WiVFS+Gy/6aNDNuY5l4shh7CTw3ObR1IudxrvyAl/N/Fd/XHRvCIp92+68Si
qZG6jsjzUndpKv+G1UvdrxUR3RousP74NU9974efBlfE
-----END CERTIFICATE-----