Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/if7kDLSNy7leIXsw42beHnuugkw.roa
File:                     if7kDLSNy7leIXsw42beHnuugkw.roa (raw, json)
Hash identifier:          LwBJMcENNq6XqcYS6KsltVVGvhxb6vTTt/e4d5OKFg0=
Subject key identifier:   89:FE:E4:0C:B4:8D:CB:B9:5E:21:7B:30:E3:66:DE:1E:7B:AE:82:4C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019642AFF9A4AC2725B248774696F0D3699B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/if7kDLSNy7leIXsw42beHnuugkw.roa
Signing time:             Thu 17 Apr 2025 07:39:10 +0000
ROA not before:           Thu 17 Apr 2025 07:39:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215925
IP address blocks:        87.121.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:42:af:f9:a4:ac:27:25:b2:48:77:46:96:f0:d3:69:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 17 07:39:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89fee40cb48dcbb95e217b30e366de1e7bae824c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6c:90:ac:13:b0:c4:14:ee:d0:fb:6e:93:06:
                    29:5f:b8:dd:00:1c:87:3b:e5:36:1c:fe:1e:6b:25:
                    4d:83:7f:45:0e:15:ec:a9:2d:d4:62:bd:df:90:d3:
                    43:26:9c:ee:55:8a:ff:fd:8c:9a:1c:26:3c:c1:94:
                    c0:f0:69:bc:bf:fa:54:52:4d:2e:66:b5:cc:80:11:
                    b6:0b:78:d7:6d:fa:88:c6:a7:aa:d8:c6:c6:2e:e3:
                    82:fd:1b:11:4f:ba:16:66:30:b9:20:d1:95:c6:65:
                    78:5c:bd:ce:46:61:2d:40:ae:4c:83:1b:62:9b:70:
                    8a:17:70:a8:88:38:fb:37:da:b3:ce:ff:83:30:20:
                    4f:16:ef:5d:1e:b2:fa:85:ff:2a:94:50:e5:fc:e3:
                    24:2c:05:6f:ab:c1:a5:06:21:4f:d9:55:fe:68:fa:
                    08:89:4c:68:e7:e5:c5:86:c3:02:39:12:90:d9:76:
                    ed:ee:74:b4:ee:8a:f6:ee:cf:ac:4a:01:52:15:fa:
                    22:79:49:f2:c0:98:d6:d0:ed:39:9c:b1:8a:79:61:
                    c5:5e:a5:58:e6:e6:8c:d4:74:0a:16:64:c0:9a:5d:
                    66:f0:2f:e3:88:50:f5:03:b0:42:a6:23:d5:e5:70:
                    fb:d8:d7:b0:0b:dd:8a:be:1e:dd:1a:79:12:93:34:
                    62:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:FE:E4:0C:B4:8D:CB:B9:5E:21:7B:30:E3:66:DE:1E:7B:AE:82:4C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/if7kDLSNy7leIXsw42beHnuugkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:a9:09:87:29:ae:18:cd:c8:bf:cc:88:55:ff:fd:fe:c9:ec:
         b6:b1:ef:52:f9:c2:64:b7:ed:98:90:6c:91:7d:1e:11:9c:c8:
         eb:9f:b7:a9:96:ad:89:4a:08:ee:a7:e0:5d:71:fe:f7:29:1b:
         88:55:4d:6e:cb:3b:ac:80:f3:e2:fa:e2:0a:30:76:e7:4b:f7:
         49:a4:34:07:3e:39:18:85:52:8e:6a:06:21:10:1d:9e:53:ce:
         e2:f2:86:59:bc:c6:5c:30:3d:eb:c3:01:cd:ff:ce:1c:39:9e:
         4c:30:29:c3:97:97:6e:e8:e7:31:be:82:88:a4:1d:d1:94:a6:
         1b:03:68:61:a8:c8:34:bc:6d:79:9c:43:98:dd:ef:f5:d2:12:
         4d:b7:bd:14:78:8f:db:5e:3b:76:ca:f1:64:f2:93:37:41:6e:
         d3:cc:b7:59:8c:9b:0a:b9:23:93:55:14:b7:9b:3e:7a:ef:85:
         bf:c0:90:b9:6c:df:32:08:90:0f:c4:3e:6b:8a:d9:2c:ff:d5:
         1c:28:9a:be:21:72:a8:68:9f:a4:81:0c:72:86:f0:44:3b:20:
         54:be:59:e2:31:7a:58:94:0d:68:ec:4b:b8:3e:fc:22:d6:30:
         c6:e0:50:05:6c:df:e4:ed:54:81:97:a3:e0:16:98:97:3d:e6:
         03:a6:37:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZCr/mkrCclskh3Rpbw02mbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNDE3MDczOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWZlZTQwY2I0OGRjYmI5NWUyMTdiMzBlMzY2ZGUxZTdiYWU4MjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWyQrBOwxBTu0PtukwYpX7jdAByH
O+U2HP4eayVNg39FDhXsqS3UYr3fkNNDJpzuVYr//YyaHCY8wZTA8Gm8v/pUUk0u
ZrXMgBG2C3jXbfqIxqeq2MbGLuOC/RsRT7oWZjC5INGVxmV4XL3ORmEtQK5Mgxti
m3CKF3CoiDj7N9qzzv+DMCBPFu9dHrL6hf8qlFDl/OMkLAVvq8GlBiFP2VX+aPoI
iUxo5+XFhsMCORKQ2Xbt7nS07or27s+sSgFSFfoieUnywJjW0O05nLGKeWHFXqVY
5uaM1HQKFmTAml1m8C/jiFD1A7BCpiPV5XD72NewC92Kvh7dGnkSkzRi6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIn+5Ay0jcu5XiF7MONm3h57roJMMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaWY3a0RMU055N2xlSVhzdzQyYmVIbnV1Z2t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3lUMA0G
CSqGSIb3DQEBCwUAA4IBAQB3qQmHKa4Yzci/zIhV//3+yey2se9S+cJkt+2YkGyR
fR4RnMjrn7eplq2JSgjup+Bdcf73KRuIVU1uyzusgPPi+uIKMHbnS/dJpDQHPjkY
hVKOagYhEB2eU87i8oZZvMZcMD3rwwHN/84cOZ5MMCnDl5du6OcxvoKIpB3RlKYb
A2hhqMg0vG15nEOY3e/10hJNt70UeI/bXjt2yvFk8pM3QW7TzLdZjJsKuSOTVRS3
mz5674W/wJC5bN8yCJAPxD5ritks/9UcKJq+IXKoaJ+kgQxyhvBEOyBUvlniMXpY
lA1o7Eu4Pvwi1jDG4FAFbN/k7VSBl6PgFpiXPeYDpjeS
-----END CERTIFICATE-----