Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lg2KIB6M2Co-yTq3S-E7cGTjZHY.roa
File:                     lg2KIB6M2Co-yTq3S-E7cGTjZHY.roa (raw, json)
Hash identifier:          FTxIanktsQG4kC1+sc0N8cngMPMFe0PWJoa9RWATaKo=
Subject key identifier:   96:0D:8A:20:1E:8C:D8:2A:3E:C9:3A:B7:4B:E1:3B:70:64:E3:64:76
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0196C3C71BB444B9654FB780A33037851255
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lg2KIB6M2Co-yTq3S-E7cGTjZHY.roa
Signing time:             Mon 12 May 2025 09:15:27 +0000
ROA not before:           Mon 12 May 2025 09:15:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        193.222.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 10:50:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c3:c7:1b:b4:44:b9:65:4f:b7:80:a3:30:37:85:12:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 12 09:15:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=960d8a201e8cd82a3ec93ab74be13b7064e36476
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:89:a8:f3:ed:ee:af:32:55:14:fd:19:e7:ff:
                    ee:3d:6a:bf:53:9a:69:44:71:6f:a9:0b:be:12:b8:
                    1c:5c:a1:c0:00:23:39:54:e3:34:83:20:48:22:16:
                    c0:1d:1d:75:3b:0a:38:52:f3:27:91:22:24:fe:fa:
                    5b:d6:bd:ed:a1:a9:42:94:5e:57:ae:d0:74:c7:39:
                    ac:1d:ad:8d:9f:5e:7b:5d:14:2f:ad:3c:62:8a:d0:
                    28:6f:6a:18:b9:4f:13:70:83:04:67:1d:3f:76:a0:
                    06:b1:c2:44:01:2a:f6:47:1d:4a:ad:7a:26:a6:03:
                    1b:27:9e:d4:eb:58:ad:b0:53:f5:b4:1e:12:46:1a:
                    4d:71:ac:be:e4:39:b8:86:69:5e:1b:b0:89:a5:c8:
                    06:26:78:1d:ef:66:e3:bb:3a:a1:2a:47:74:49:85:
                    da:81:90:4e:f8:5e:91:c3:8c:34:e5:04:40:ad:e2:
                    b8:b1:63:bb:3a:ef:9c:80:7a:db:d5:30:1e:06:c7:
                    82:26:8d:0f:bb:75:15:cb:03:69:20:b4:51:f7:54:
                    32:24:50:8c:aa:dc:be:87:ed:69:bc:44:79:75:ea:
                    2d:35:61:ea:a4:15:0d:c1:98:47:b0:7b:ed:4e:43:
                    ed:1a:57:a9:7a:ac:f4:0e:99:c4:c9:ec:6f:4d:26:
                    de:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:0D:8A:20:1E:8C:D8:2A:3E:C9:3A:B7:4B:E1:3B:70:64:E3:64:76
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lg2KIB6M2Co-yTq3S-E7cGTjZHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:fc:4e:10:41:5b:06:69:20:ea:99:a9:6f:9a:4b:4b:9d:f3:
         06:32:35:91:63:ce:65:ea:08:47:00:23:a1:a1:d7:25:59:8c:
         d8:30:f7:dd:30:94:1b:da:43:e0:0a:f1:20:60:6c:37:f0:aa:
         64:a3:74:62:8a:82:af:bc:71:82:be:39:24:fb:a0:19:38:47:
         45:1b:4e:85:26:0d:f6:94:62:ae:87:68:d1:11:94:59:4d:d7:
         42:b8:7b:b3:16:88:cc:1e:71:03:96:27:08:62:60:af:4b:8f:
         c8:9d:09:bd:4a:78:c3:54:ad:11:6f:ea:c1:9f:c6:80:c4:72:
         94:bc:9a:96:38:fe:ef:8e:6b:80:2d:d9:73:f3:c8:e1:15:46:
         cb:5d:b3:f7:f0:a2:74:58:e1:06:24:de:15:5e:3b:bb:99:a3:
         24:2d:68:fd:8a:e3:75:aa:06:0b:50:1e:7d:a8:ae:21:92:a5:
         da:a3:3c:c4:09:c3:fb:58:38:e9:e7:e5:ff:1f:77:02:61:1b:
         d5:e3:3b:ae:f7:04:c8:ec:d8:e9:f2:8b:88:7f:72:c6:c4:38:
         df:03:4b:e2:4e:a9:98:9a:60:c1:37:71:59:d3:21:14:ee:6d:
         1f:34:4c:e3:c4:89:d8:cf:c4:6f:31:78:00:39:7d:bb:61:13:
         b4:db:fc:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbDxxu0RLllT7eAozA3hRJVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNTEyMDkxNTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjBkOGEyMDFlOGNkODJhM2VjOTNhYjc0YmUxM2I3MDY0ZTM2NDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYmo8+3urzJVFP0Z5//uPWq/U5pp
RHFvqQu+ErgcXKHAACM5VOM0gyBIIhbAHR11Owo4UvMnkSIk/vpb1r3toalClF5X
rtB0xzmsHa2Nn157XRQvrTxiitAob2oYuU8TcIMEZx0/dqAGscJEASr2Rx1KrXom
pgMbJ57U61itsFP1tB4SRhpNcay+5Dm4hmleG7CJpcgGJngd72bjuzqhKkd0SYXa
gZBO+F6Rw4w05QRAreK4sWO7Ou+cgHrb1TAeBseCJo0Pu3UVywNpILRR91QyJFCM
qty+h+1pvER5deotNWHqpBUNwZhHsHvtTkPtGlepeqz0DpnEyexvTSbeuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYNiiAejNgqPsk6t0vhO3Bk42R2MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbGcyS0lCNk0yQ28teVRxM1MtRTdjR1RqWkhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd5hMA0G
CSqGSIb3DQEBCwUAA4IBAQCz/E4QQVsGaSDqmalvmktLnfMGMjWRY85l6ghHACOh
odclWYzYMPfdMJQb2kPgCvEgYGw38Kpko3RiioKvvHGCvjkk+6AZOEdFG06FJg32
lGKuh2jREZRZTddCuHuzFojMHnEDlicIYmCvS4/InQm9SnjDVK0Rb+rBn8aAxHKU
vJqWOP7vjmuALdlz88jhFUbLXbP38KJ0WOEGJN4VXju7maMkLWj9iuN1qgYLUB59
qK4hkqXaozzECcP7WDjp5+X/H3cCYRvV4zuu9wTI7Njp8ouIf3LGxDjfA0viTqmY
mmDBN3FZ0yEU7m0fNEzjxInYz8RvMXgAOX27YRO02/zl
-----END CERTIFICATE-----