Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/PelBp1nrDLVYr3u8Qqewx4mWNXo.roa
File:                     PelBp1nrDLVYr3u8Qqewx4mWNXo.roa (raw, json)
Hash identifier:          D3wmNwJGS01b8EbLiQZZ78Eh5DxBZaTY7dJJ4PlOzu8=
Subject key identifier:   3D:E9:41:A7:59:EB:0C:B5:58:AF:7B:BC:42:A7:B0:C7:89:96:35:7A
Certificate issuer:       /CN=d6fb452a0ae33dfa52aaaacba794df1af6bc4334
Certificate serial:       018CC72573F4932940CEE61ADC1AE0CCD2FE
Authority key identifier: D6:FB:45:2A:0A:E3:3D:FA:52:AA:AA:CB:A7:94:DF:1A:F6:BC:43:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1vtFKgrjPfpSqqrLp5TfGva8QzQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/PelBp1nrDLVYr3u8Qqewx4mWNXo.roa
Signing time:             Mon 01 Jan 2024 22:29:29 +0000
ROA not before:           Mon 01 Jan 2024 22:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34959
IP address blocks:        194.55.234.0/23 maxlen: 23
                          194.55.244.0/23 maxlen: 23
                          2a0f:1140::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/1vtFKgrjPfpSqqrLp5TfGva8QzQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/1vtFKgrjPfpSqqrLp5TfGva8QzQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1vtFKgrjPfpSqqrLp5TfGva8QzQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 22:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:73:f4:93:29:40:ce:e6:1a:dc:1a:e0:cc:d2:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6fb452a0ae33dfa52aaaacba794df1af6bc4334
        Validity
            Not Before: Jan  1 22:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3de941a759eb0cb558af7bbc42a7b0c78996357a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:8c:a9:3a:99:f0:ed:50:38:97:09:a9:54:e8:
                    b3:19:fa:68:23:8f:d3:c5:6b:b8:f1:cd:51:66:91:
                    2c:4e:37:ab:cb:4a:30:7d:cf:47:15:52:11:cd:cf:
                    f6:24:a6:ee:5e:13:60:36:92:43:d5:8a:1c:d4:8e:
                    c9:3d:02:2b:9a:87:6e:b3:64:8b:22:91:e8:8b:ff:
                    e7:7a:a7:4a:a9:66:f7:16:8a:ba:2c:f3:e8:c2:5f:
                    ef:fc:82:80:29:66:d9:ab:35:b9:2f:e9:de:dc:2f:
                    2b:af:b6:cb:a5:f7:6f:63:b6:96:5e:29:af:b8:78:
                    c7:11:9f:ab:14:63:61:36:40:bb:47:09:23:a7:89:
                    6b:17:86:1b:81:02:ef:50:23:34:2b:ad:8e:7c:74:
                    38:af:ce:70:aa:f0:58:23:5c:9f:f4:53:67:17:90:
                    47:1c:2c:2a:b9:85:24:62:49:24:40:c3:d7:d7:d3:
                    68:b8:b7:60:4d:5f:47:4c:f3:bc:1b:16:1e:a8:65:
                    59:f2:32:5b:10:30:f8:c0:de:49:f5:91:03:b9:5d:
                    96:1b:70:56:ab:cb:03:ee:1b:87:f6:2a:fd:50:b1:
                    5e:c0:05:b1:83:e6:c9:51:d6:2f:f5:5a:62:ac:c3:
                    cf:04:c4:14:06:96:2d:ad:6a:4e:fa:6a:7a:fc:7d:
                    22:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:E9:41:A7:59:EB:0C:B5:58:AF:7B:BC:42:A7:B0:C7:89:96:35:7A
            X509v3 Authority Key Identifier:
                keyid:D6:FB:45:2A:0A:E3:3D:FA:52:AA:AA:CB:A7:94:DF:1A:F6:BC:43:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1vtFKgrjPfpSqqrLp5TfGva8QzQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/PelBp1nrDLVYr3u8Qqewx4mWNXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/1vtFKgrjPfpSqqrLp5TfGva8QzQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.55.234.0/23
                  194.55.244.0/23
                IPv6:
                  2a0f:1140::/32

    Signature Algorithm: sha256WithRSAEncryption
         a5:0e:f1:70:db:21:dc:17:fa:a5:86:de:5c:3f:83:87:17:be:
         fd:83:ae:a1:44:2a:e1:29:80:2d:1e:d0:b5:fb:7a:b9:ee:99:
         bb:5d:eb:72:34:a3:98:60:08:c0:64:aa:fc:71:9d:50:1f:bf:
         f0:f4:39:0f:b8:3a:e6:07:58:ec:7d:c7:32:27:50:19:d0:f9:
         8c:ac:01:43:e7:cb:95:ed:0c:a9:66:b7:35:dd:96:5f:58:0f:
         f3:5e:37:21:0e:db:2b:c3:07:55:cc:27:c9:40:23:b4:ee:4a:
         76:fc:9c:d1:4a:d9:3c:93:ba:77:ff:51:a2:22:71:e5:15:80:
         29:88:34:e5:90:56:dc:fe:f0:74:26:b5:09:e6:a8:d9:f7:c7:
         7b:95:e5:42:d9:e0:f6:09:e4:ef:c4:d8:df:45:5d:39:76:83:
         93:0b:77:4c:93:67:3b:f5:f2:27:20:de:4f:5c:9b:38:0f:2a:
         00:49:9b:1e:89:94:21:28:4b:58:d5:39:b1:22:86:03:8b:55:
         03:5c:18:b6:f4:9a:ba:66:d7:c4:8c:90:f3:11:65:92:af:1f:
         2c:dc:4a:e1:8f:3f:1d:d7:05:a5:27:8b:0d:b1:5a:22:1e:31:
         1c:36:28:cf:3e:94:fe:7d:f1:b2:3d:4d:b4:57:24:0e:6f:11:
         df:db:e8:bb
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHJXP0kylAzuYa3BrgzNL+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZmI0NTJhMGFlMzNkZmE1MmFhYWFjYmE3OTRkZjFhZjZi
YzQzMzQwHhcNMjQwMTAxMjIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGU5NDFhNzU5ZWIwY2I1NThhZjdiYmM0MmE3YjBjNzg5OTYzNTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIypOpnw7VA4lwmpVOizGfpoI4/T
xWu48c1RZpEsTjery0owfc9HFVIRzc/2JKbuXhNgNpJD1Yoc1I7JPQIrmodus2SL
IpHoi//neqdKqWb3Foq6LPPowl/v/IKAKWbZqzW5L+ne3C8rr7bLpfdvY7aWXimv
uHjHEZ+rFGNhNkC7Rwkjp4lrF4YbgQLvUCM0K62OfHQ4r85wqvBYI1yf9FNnF5BH
HCwquYUkYkkkQMPX19NouLdgTV9HTPO8GxYeqGVZ8jJbEDD4wN5J9ZEDuV2WG3BW
q8sD7huH9ir9ULFewAWxg+bJUdYv9VpirMPPBMQUBpYtrWpO+mp6/H0ijwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFD3pQadZ6wy1WK97vEKnsMeJljV6MB8GA1UdIwQY
MBaAFNb7RSoK4z36Uqqqy6eU3xr2vEM0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXZ0RktncmpQZnBTcXFyTHA1VGZHdmE4UXpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8zYmRkN2UtYTcyOS00OWFkLTg1YWEt
Zjc1OTYyZDMwZTM2LzEvUGVsQnAxbnJETFZZcjN1OFFxZXd4NG1XTlhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8zYmRkN2UtYTcyOS00OWFkLTg1YWEtZjc1OTYyZDMwZTM2
LzEvMXZ0RktncmpQZnBTcXFyTHA1VGZHdmE4UXpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBwjfqAwQB
wjf0MA0EAgACMAcDBQAqDxFAMA0GCSqGSIb3DQEBCwUAA4IBAQClDvFw2yHcF/ql
ht5cP4OHF779g66hRCrhKYAtHtC1+3q57pm7XetyNKOYYAjAZKr8cZ1QH7/w9DkP
uDrmB1jsfccyJ1AZ0PmMrAFD58uV7QypZrc13ZZfWA/zXjchDtsrwwdVzCfJQCO0
7kp2/JzRStk8k7p3/1GiInHlFYApiDTlkFbc/vB0JrUJ5qjZ98d7leVC2eD2CeTv
xNjfRV05doOTC3dMk2c79fInIN5PXJs4DyoASZseiZQhKEtY1TmxIoYDi1UDXBi2
9Jq6ZtfEjJDzEWWSrx8s3Erhjz8d1wWlJ4sNsVoiHjEcNijPPpT+ffGyPU20VyQO
bxHf2+i7
-----END CERTIFICATE-----