Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/PgtHoL_30ZCKzbmvLwX_mBhsiIE.roa
File:                     PgtHoL_30ZCKzbmvLwX_mBhsiIE.roa (raw, json)
Hash identifier:          H6ehxl++F64a1IPTlCpLBDOHGwyf3IqUdAuA8yva3ZI=
Subject key identifier:   3E:0B:47:A0:BF:F7:D1:90:8A:CD:B9:AF:2F:05:FF:98:18:6C:88:81
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018CC50118B72F08E1AA77F44B8EC5ED4509
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/PgtHoL_30ZCKzbmvLwX_mBhsiIE.roa
Signing time:             Mon 01 Jan 2024 12:30:32 +0000
ROA not before:           Mon 01 Jan 2024 12:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        194.39.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 03:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:18:b7:2f:08:e1:aa:77:f4:4b:8e:c5:ed:45:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  1 12:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e0b47a0bff7d1908acdb9af2f05ff98186c8881
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ae:c8:63:9f:5d:30:49:5c:94:05:b5:3f:0c:
                    55:7a:34:14:dd:b5:19:fc:4a:08:64:fd:d2:5b:5d:
                    19:41:3b:a6:11:9c:bc:16:34:29:58:a8:e0:1a:c6:
                    9c:16:f5:10:10:b8:23:91:81:68:f8:ab:69:4b:d2:
                    fb:8f:5e:e1:36:30:31:29:16:72:7c:80:4d:cb:47:
                    ea:7b:5a:5f:05:2e:80:d9:dd:ac:0a:b9:86:bf:93:
                    46:13:d7:fe:e6:07:52:f4:70:56:21:d6:66:4f:70:
                    0b:21:bc:ee:78:02:a6:c1:ff:d1:63:41:6f:7c:a1:
                    ca:82:16:a1:f1:6b:bb:e1:fc:24:cb:ee:93:64:91:
                    ab:d6:2c:ad:43:9a:b2:4b:43:4c:c9:92:df:9a:59:
                    4f:22:fd:18:a1:32:8c:28:05:57:a0:0e:76:e9:e8:
                    bd:cd:46:82:9b:77:66:cd:4a:d2:2b:cf:1e:82:37:
                    2d:4a:d3:63:79:b9:04:1b:cc:e0:7b:60:81:cf:c2:
                    43:ca:40:d1:da:54:3c:5e:0f:31:e6:71:c7:5f:86:
                    90:ca:00:03:51:ff:4f:7b:3e:67:15:2c:e7:95:db:
                    d7:0a:53:21:63:2f:27:e5:10:16:a6:6c:8b:27:00:
                    b4:4a:fe:90:87:0d:d8:44:0c:70:db:ef:e1:e5:9a:
                    68:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:0B:47:A0:BF:F7:D1:90:8A:CD:B9:AF:2F:05:FF:98:18:6C:88:81
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/PgtHoL_30ZCKzbmvLwX_mBhsiIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:c5:40:6c:58:97:b6:b5:d8:d4:ab:ae:5c:9f:c7:44:7d:4d:
         69:66:18:bb:b6:54:9d:fd:44:b0:a4:51:8a:89:ef:67:8e:f7:
         b1:f3:9d:03:0a:0a:db:4f:21:28:58:aa:8c:29:73:0e:61:dd:
         6b:d3:c1:24:c1:39:4a:ae:ef:55:2e:de:17:ff:cb:a0:b7:46:
         de:4c:e1:6b:69:75:56:da:cb:ed:20:84:cc:38:6e:58:5d:56:
         f5:77:c0:fa:2b:ef:88:15:69:ae:69:ab:e1:9f:2a:65:c2:35:
         08:1d:32:37:ba:fe:91:17:f5:a8:44:67:f4:6c:c6:85:37:5b:
         dc:bf:71:1d:93:23:24:e7:30:11:3f:49:f8:5e:0c:c1:0b:a4:
         52:57:59:eb:d8:ef:68:dc:d5:37:9d:3c:ba:64:fe:54:c0:6b:
         aa:c1:c1:52:d0:18:6f:5e:bf:f8:ff:0a:20:a8:66:81:e5:66:
         23:9b:cb:96:d3:f4:a1:e6:19:ce:5b:3d:9e:84:9d:da:7f:7c:
         86:a4:f4:79:78:ab:7b:5a:1c:26:7d:66:00:42:15:1c:2c:45:
         55:0c:7b:09:35:d3:c1:99:ba:e6:cd:83:c9:8b:4a:27:76:c7:
         34:ea:1c:d0:ad:3a:a1:91:a5:1a:6c:37:04:4b:cd:9b:8b:b0:
         85:55:63:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARi3Lwjhqnf0S47F7UUJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwMTAxMTIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTBiNDdhMGJmZjdkMTkwOGFjZGI5YWYyZjA1ZmY5ODE4NmM4ODgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxq7IY59dMElclAW1PwxVejQU3bUZ
/EoIZP3SW10ZQTumEZy8FjQpWKjgGsacFvUQELgjkYFo+KtpS9L7j17hNjAxKRZy
fIBNy0fqe1pfBS6A2d2sCrmGv5NGE9f+5gdS9HBWIdZmT3ALIbzueAKmwf/RY0Fv
fKHKghah8Wu74fwky+6TZJGr1iytQ5qyS0NMyZLfmllPIv0YoTKMKAVXoA526ei9
zUaCm3dmzUrSK88egjctStNjebkEG8zge2CBz8JDykDR2lQ8Xg8x5nHHX4aQygAD
Uf9Pez5nFSznldvXClMhYy8n5RAWpmyLJwC0Sv6Qhw3YRAxw2+/h5ZpoVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4LR6C/99GQis25ry8F/5gYbIiBMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvUGd0SG9MXzMwWkNLemJtdkx3WF9tQmhzaUlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwifYMA0G
CSqGSIb3DQEBCwUAA4IBAQCaxUBsWJe2tdjUq65cn8dEfU1pZhi7tlSd/USwpFGK
ie9njvex850DCgrbTyEoWKqMKXMOYd1r08EkwTlKru9VLt4X/8ugt0beTOFraXVW
2svtIITMOG5YXVb1d8D6K++IFWmuaavhnyplwjUIHTI3uv6RF/WoRGf0bMaFN1vc
v3EdkyMk5zARP0n4XgzBC6RSV1nr2O9o3NU3nTy6ZP5UwGuqwcFS0BhvXr/4/wog
qGaB5WYjm8uW0/Sh5hnOWz2ehJ3af3yGpPR5eKt7WhwmfWYAQhUcLEVVDHsJNdPB
mbrmzYPJi0ondsc06hzQrTqhkaUabDcES82bi7CFVWOP
-----END CERTIFICATE-----