Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/960404-b664-40cc-9cac-54c7c4ee5bb5/1/PHVH9ILKPGSGqfsnO69OUUJmvTo.roa
File:                     PHVH9ILKPGSGqfsnO69OUUJmvTo.roa (raw, json)
Hash identifier:          aWyK9PNp7Y95UymM6kwrHLKb/M00YL3CN6Anp04d+Is=
Subject key identifier:   3C:75:47:F4:82:CA:3C:64:86:A9:FB:27:3B:AF:4E:51:42:66:BD:3A
Certificate issuer:       /CN=6465ecd615f3a6c5639c51e9e3197673152078b8
Certificate serial:       018CCA975F3423940210CBA6CF954E938BA0
Authority key identifier: 64:65:EC:D6:15:F3:A6:C5:63:9C:51:E9:E3:19:76:73:15:20:78:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZGXs1hXzpsVjnFHp4xl2cxUgeLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/960404-b664-40cc-9cac-54c7c4ee5bb5/1/PHVH9ILKPGSGqfsnO69OUUJmvTo.roa
Signing time:             Tue 02 Jan 2024 14:32:47 +0000
ROA not before:           Tue 02 Jan 2024 14:32:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24772
IP address blocks:        195.182.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/960404-b664-40cc-9cac-54c7c4ee5bb5/1/ZGXs1hXzpsVjnFHp4xl2cxUgeLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/960404-b664-40cc-9cac-54c7c4ee5bb5/1/ZGXs1hXzpsVjnFHp4xl2cxUgeLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZGXs1hXzpsVjnFHp4xl2cxUgeLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:97:5f:34:23:94:02:10:cb:a6:cf:95:4e:93:8b:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6465ecd615f3a6c5639c51e9e3197673152078b8
        Validity
            Not Before: Jan  2 14:32:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c7547f482ca3c6486a9fb273baf4e514266bd3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d7:e6:79:7d:ee:8f:37:62:dd:2c:ec:a6:6d:
                    4d:b0:a5:c4:c4:4e:17:71:c2:84:87:29:4c:a6:9d:
                    4c:94:34:59:ce:08:15:8d:03:b4:0b:5c:bc:e8:4c:
                    e1:54:cc:c7:a9:a4:41:6c:29:60:58:8d:23:ed:13:
                    82:c3:a2:be:6c:65:11:61:bb:fb:45:84:0b:26:94:
                    bc:f1:32:78:f3:de:54:59:5f:bd:cd:ca:2b:dc:9a:
                    b9:88:2a:5a:2b:c2:07:d8:75:71:fd:d1:e5:58:51:
                    35:33:35:5f:7c:e0:20:cc:d5:bf:d1:39:83:56:46:
                    ee:d6:90:8c:27:d8:f8:78:7d:c5:47:40:51:80:9a:
                    07:ca:b0:a6:95:c7:96:61:ce:ad:a9:c9:2a:55:63:
                    16:65:a0:c7:78:c2:80:41:6a:6a:84:cf:e2:f1:ea:
                    2b:15:28:ef:e1:10:7d:e6:7c:fb:c2:87:ac:96:e7:
                    c3:b9:af:e7:55:ff:8c:34:bb:bc:61:3c:8b:87:42:
                    67:e6:dd:96:ca:da:f9:ef:be:f6:07:e0:ef:89:83:
                    3a:22:6c:e9:18:16:22:fe:7b:bd:b7:8f:47:5f:63:
                    17:41:00:83:a9:54:e9:bd:38:b7:45:66:31:58:77:
                    59:c7:c6:30:4f:6a:5d:d9:1d:7b:dd:90:a8:4b:9f:
                    1e:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:75:47:F4:82:CA:3C:64:86:A9:FB:27:3B:AF:4E:51:42:66:BD:3A
            X509v3 Authority Key Identifier:
                keyid:64:65:EC:D6:15:F3:A6:C5:63:9C:51:E9:E3:19:76:73:15:20:78:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZGXs1hXzpsVjnFHp4xl2cxUgeLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/960404-b664-40cc-9cac-54c7c4ee5bb5/1/PHVH9ILKPGSGqfsnO69OUUJmvTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/960404-b664-40cc-9cac-54c7c4ee5bb5/1/ZGXs1hXzpsVjnFHp4xl2cxUgeLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:3e:32:ad:e3:56:85:bc:03:61:da:0a:f9:ae:d7:06:23:11:
         87:47:b5:81:b7:72:1a:68:28:15:64:e0:49:51:9e:39:22:1b:
         da:5d:07:f3:a1:c0:1b:6b:33:c8:26:f5:05:c7:70:20:af:61:
         c6:84:95:f5:72:c6:ef:f8:b5:4e:cc:ab:57:7d:de:e1:66:ab:
         61:a6:97:72:59:fc:ab:ee:69:2f:c3:a2:02:28:32:61:37:72:
         ae:cd:c9:5b:82:ec:80:d1:9a:7b:c1:51:0d:19:39:80:80:ea:
         00:ca:c6:a5:c0:34:0e:b0:e7:37:49:00:f3:5a:18:b4:e8:2e:
         92:27:e5:d1:f1:9b:89:c1:6f:64:50:22:06:22:e9:ba:62:be:
         38:99:fb:dc:37:90:68:de:4f:4a:37:e2:56:b0:a0:57:4d:b5:
         45:39:bb:31:f9:50:ec:d3:e5:ea:dd:2f:c9:65:2d:f4:6a:55:
         8e:71:0c:18:44:c7:73:ef:6d:d4:7f:fe:6e:68:cc:4f:4e:d6:
         2b:c9:8f:18:43:e9:1d:fe:92:fe:28:f3:c7:c7:dd:4e:8f:1f:
         cf:3a:66:46:41:70:0b:77:4f:76:b6:14:5b:06:b4:a0:d1:5f:
         1e:ba:1b:66:b7:5a:c9:d4:11:a5:48:82:4a:80:4f:02:f1:f8:
         83:51:aa:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKl180I5QCEMumz5VOk4ugMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0NjVlY2Q2MTVmM2E2YzU2MzljNTFlOWUzMTk3NjczMTUy
MDc4YjgwHhcNMjQwMTAyMTQzMjQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzc1NDdmNDgyY2EzYzY0ODZhOWZiMjczYmFmNGU1MTQyNjZiZDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndfmeX3ujzdi3Szspm1NsKXExE4X
ccKEhylMpp1MlDRZzggVjQO0C1y86EzhVMzHqaRBbClgWI0j7ROCw6K+bGURYbv7
RYQLJpS88TJ4895UWV+9zcor3Jq5iCpaK8IH2HVx/dHlWFE1MzVffOAgzNW/0TmD
Vkbu1pCMJ9j4eH3FR0BRgJoHyrCmlceWYc6tqckqVWMWZaDHeMKAQWpqhM/i8eor
FSjv4RB95nz7woeslufDua/nVf+MNLu8YTyLh0Jn5t2Wytr57772B+DviYM6Imzp
GBYi/nu9t49HX2MXQQCDqVTpvTi3RWYxWHdZx8YwT2pd2R173ZCoS58e4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDx1R/SCyjxkhqn7JzuvTlFCZr06MB8GA1UdIwQY
MBaAFGRl7NYV86bFY5xR6eMZdnMVIHi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkdYczFoWHpwc1ZqbkZIcDR4bDJjeFVnZUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85NjA0MDQtYjY2NC00MGNjLTljYWMt
NTRjN2M0ZWU1YmI1LzEvUEhWSDlJTEtQR1NHcWZzbk82OU9VVUptdlRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85NjA0MDQtYjY2NC00MGNjLTljYWMtNTRjN2M0ZWU1YmI1
LzEvWkdYczFoWHpwc1ZqbkZIcDR4bDJjeFVnZUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7YeMA0G
CSqGSIb3DQEBCwUAA4IBAQC2PjKt41aFvANh2gr5rtcGIxGHR7WBt3IaaCgVZOBJ
UZ45IhvaXQfzocAbazPIJvUFx3Agr2HGhJX1csbv+LVOzKtXfd7hZqthppdyWfyr
7mkvw6ICKDJhN3KuzclbguyA0Zp7wVENGTmAgOoAysalwDQOsOc3SQDzWhi06C6S
J+XR8ZuJwW9kUCIGIum6Yr44mfvcN5Bo3k9KN+JWsKBXTbVFObsx+VDs0+Xq3S/J
ZS30alWOcQwYRMdz723Uf/5uaMxPTtYryY8YQ+kd/pL+KPPHx91Ojx/POmZGQXAL
d092thRbBrSg0V8euhtmt1rJ1BGlSIJKgE8C8fiDUaoQ
-----END CERTIFICATE-----