Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/PFaPt8f1BXC24GQ6dyfAr47R1QA.roa
File:                     PFaPt8f1BXC24GQ6dyfAr47R1QA.roa (raw, json)
Hash identifier:          wfai0T+UJzpZnxL10tPs80Oos9vwanBxSD/wrEIQWEo=
Subject key identifier:   3C:56:8F:B7:C7:F5:05:70:B6:E0:64:3A:77:27:C0:AF:8E:D1:D5:00
Certificate issuer:       /CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
Certificate serial:       0194CABB185F27020CADBDCD4E04FA5B75C9
Authority key identifier: CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/PFaPt8f1BXC24GQ6dyfAr47R1QA.roa
Signing time:             Mon 03 Feb 2025 07:34:06 +0000
ROA not before:           Mon 03 Feb 2025 07:34:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60591
IP address blocks:        85.209.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 11:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ca:bb:18:5f:27:02:0c:ad:bd:cd:4e:04:fa:5b:75:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
        Validity
            Not Before: Feb  3 07:34:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c568fb7c7f50570b6e0643a7727c0af8ed1d500
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:54:8d:87:42:a5:47:ec:cf:4e:79:a3:1b:55:
                    82:3a:ff:84:b6:03:98:bc:e9:a7:80:c3:fd:f2:20:
                    8b:55:01:18:e6:8d:84:86:36:42:fc:7a:d0:1d:79:
                    5a:66:b9:3d:db:cf:26:da:96:f3:7c:ba:17:e3:29:
                    6f:fc:50:96:14:40:a3:92:43:83:ef:d2:7e:31:10:
                    c2:3c:b3:11:80:35:60:8f:2a:f4:cb:ad:ad:67:dd:
                    e4:3c:16:5f:9b:69:c6:b9:fe:2f:f2:4c:16:64:3a:
                    df:eb:e5:02:d2:13:4c:04:76:15:12:72:e3:2e:9c:
                    70:a7:eb:57:ef:2d:de:0a:c7:ea:93:a7:d6:0a:12:
                    2b:41:71:1b:81:5f:7c:ff:b6:4f:dc:ef:32:9a:22:
                    72:9b:51:0c:10:dd:06:4f:67:c3:13:c9:43:e5:cb:
                    7e:bf:ae:76:56:02:c6:85:0e:a0:d9:1b:c1:67:04:
                    44:fc:d7:f3:0d:b5:e4:bb:b4:78:85:a5:4b:a6:20:
                    8f:be:f2:76:8d:3e:af:18:25:5e:11:39:c3:e6:f5:
                    03:3d:cc:88:32:ba:1c:e5:67:e1:75:78:44:ea:1a:
                    93:83:8e:06:49:c2:09:fa:dc:98:41:7a:65:f9:09:
                    97:7f:6b:4d:d9:7a:cf:db:1d:2f:6f:ba:03:b2:7a:
                    83:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:56:8F:B7:C7:F5:05:70:B6:E0:64:3A:77:27:C0:AF:8E:D1:D5:00
            X509v3 Authority Key Identifier:
                keyid:CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/PFaPt8f1BXC24GQ6dyfAr47R1QA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:4c:e6:2e:1e:92:fa:ae:40:d3:06:4f:a6:5f:7c:61:3d:30:
         33:1b:58:a7:df:f9:3a:02:6e:50:cf:d0:36:f3:97:86:ee:0b:
         e4:73:7d:a1:d7:81:83:14:34:58:3a:dd:43:71:af:3b:b7:23:
         ea:a2:6c:9e:80:ea:9c:73:b4:4b:11:9f:15:d6:73:be:fa:c0:
         43:56:02:34:9c:b6:04:41:d9:10:ab:0f:02:cc:74:96:dc:10:
         bf:7e:4f:08:ef:31:9b:6e:72:0f:cc:d5:2d:d4:83:1c:f1:da:
         e8:94:70:15:d9:a0:40:18:2a:03:11:16:45:0c:d9:4d:27:ed:
         fd:34:44:70:fa:f4:57:b3:dc:7d:59:c0:75:2e:1a:1b:c7:09:
         7b:fa:09:00:a6:44:8e:cf:cd:80:de:49:b5:18:3b:81:f6:c6:
         8f:9b:20:3a:5c:a9:e3:81:e9:29:94:e7:af:87:ef:55:33:14:
         e6:48:13:89:ad:0e:9c:94:c9:69:4d:f1:48:7c:cf:43:43:bc:
         39:13:44:f0:46:cf:61:c1:13:32:10:11:74:35:5e:51:ad:a6:
         df:c2:e5:d7:75:f0:d9:9f:1b:28:10:11:c0:74:f0:99:44:93:
         3c:93:96:3c:54:9e:63:b5:02:af:fb:a7:1f:c3:27:25:70:7d:
         54:e6:93:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTKuxhfJwIMrb3NTgT6W3XJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOWNjZDgzMGI3ZTAzMzA4YmY1Y2YyNWU2N2E3ZmMyYmRl
MDk1N2MwHhcNMjUwMjAzMDczNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzU2OGZiN2M3ZjUwNTcwYjZlMDY0M2E3NzI3YzBhZjhlZDFkNTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVSNh0KlR+zPTnmjG1WCOv+EtgOY
vOmngMP98iCLVQEY5o2EhjZC/HrQHXlaZrk9288m2pbzfLoX4ylv/FCWFECjkkOD
79J+MRDCPLMRgDVgjyr0y62tZ93kPBZfm2nGuf4v8kwWZDrf6+UC0hNMBHYVEnLj
Lpxwp+tX7y3eCsfqk6fWChIrQXEbgV98/7ZP3O8ymiJym1EMEN0GT2fDE8lD5ct+
v652VgLGhQ6g2RvBZwRE/NfzDbXku7R4haVLpiCPvvJ2jT6vGCVeETnD5vUDPcyI
Mroc5WfhdXhE6hqTg44GScIJ+tyYQXpl+QmXf2tN2XrP2x0vb7oDsnqD5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxWj7fH9QVwtuBkOncnwK+O0dUAMB8GA1UdIwQY
MBaAFMqczYMLfgMwi/XPJeZ6f8K94JV8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQt
ZDFjZGUyNDY1Zjg5LzEvUEZhUHQ4ZjFCWEMyNEdRNmR5ZkFyNDdSMVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQtZDFjZGUyNDY1Zjg5
LzEveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdGUMA0G
CSqGSIb3DQEBCwUAA4IBAQB4TOYuHpL6rkDTBk+mX3xhPTAzG1in3/k6Am5Qz9A2
85eG7gvkc32h14GDFDRYOt1Dca87tyPqomyegOqcc7RLEZ8V1nO++sBDVgI0nLYE
QdkQqw8CzHSW3BC/fk8I7zGbbnIPzNUt1IMc8drolHAV2aBAGCoDERZFDNlNJ+39
NERw+vRXs9x9WcB1Lhobxwl7+gkApkSOz82A3km1GDuB9saPmyA6XKnjgekplOev
h+9VMxTmSBOJrQ6clMlpTfFIfM9DQ7w5E0TwRs9hwRMyEBF0NV5RrabfwuXXdfDZ
nxsoEBHAdPCZRJM8k5Y8VJ5jtQKv+6cfwyclcH1U5pO8
-----END CERTIFICATE-----