Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/PGLwVAeoB6ZgRujc2TIwbLHqg9g.roa
File:                     PGLwVAeoB6ZgRujc2TIwbLHqg9g.roa (raw, json)
Hash identifier:          U75ZZPzPB3KBXiZvdLzvBpNr7mRMOOOSGXnQ83gtai0=
Subject key identifier:   3C:62:F0:54:07:A8:07:A6:60:46:E8:DC:D9:32:30:6C:B1:EA:83:D8
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       01915AC8018D89801CE0EC5BFB52EFB7E703
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/PGLwVAeoB6ZgRujc2TIwbLHqg9g.roa
Signing time:             Fri 16 Aug 2024 10:42:22 +0000
ROA not before:           Fri 16 Aug 2024 10:42:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        185.45.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5a:c8:01:8d:89:80:1c:e0:ec:5b:fb:52:ef:b7:e7:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Aug 16 10:42:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c62f05407a807a66046e8dcd932306cb1ea83d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:68:2f:00:b3:19:eb:b8:2f:ec:de:e7:31:ae:
                    f5:76:fb:96:47:f2:9e:1d:c4:21:9f:a8:ad:3e:b1:
                    e6:0b:48:14:bc:17:68:e8:c2:46:34:59:92:2b:b1:
                    fd:2e:54:65:f9:7f:34:fa:9d:85:43:61:91:93:6b:
                    ed:4b:5c:45:eb:1c:8b:c2:9d:ae:63:a9:24:78:23:
                    c8:c2:6f:a2:f9:46:01:34:41:ca:ab:11:06:c9:98:
                    8b:f7:49:5d:0e:67:17:b5:4c:13:87:34:b1:5b:e0:
                    e3:4f:68:ca:8c:7a:59:d1:4f:66:dd:58:1e:92:cb:
                    5b:22:7e:7f:7a:7e:88:34:0b:1e:e2:03:ba:c1:29:
                    6c:f3:fa:5d:2e:b6:af:80:dd:26:54:e0:d8:d0:f1:
                    65:9e:54:9d:11:30:a2:c3:ad:89:da:57:a3:f3:e5:
                    ad:55:a7:a9:22:84:1e:1e:91:f3:85:20:a7:0e:93:
                    fe:2f:42:01:50:fe:41:20:98:eb:9a:a3:c3:db:69:
                    0a:3e:97:70:03:bd:c7:c7:4d:14:b8:55:a8:4c:bc:
                    c3:1e:11:2b:db:f2:7d:45:05:eb:9d:e0:27:8b:b4:
                    72:1c:4c:29:24:f8:9a:ee:d9:46:29:82:41:6c:47:
                    d4:b1:10:87:7b:2a:f7:93:1e:e2:57:3c:53:cf:07:
                    82:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:62:F0:54:07:A8:07:A6:60:46:E8:DC:D9:32:30:6C:B1:EA:83:D8
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/PGLwVAeoB6ZgRujc2TIwbLHqg9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:56:5d:15:30:e4:20:6e:75:7a:68:47:54:ae:57:98:95:4b:
         0b:58:98:cd:82:cf:f8:ee:3b:55:02:be:2d:24:0e:d3:a7:0e:
         0e:6a:e2:8a:e3:d9:e6:c2:35:9c:b5:d6:8b:cc:e7:34:c1:49:
         0a:b2:a8:f2:e6:36:3b:8f:12:fb:eb:0d:30:81:55:ad:a1:aa:
         7d:fe:47:08:bb:c8:01:3a:cb:b9:65:d1:00:f9:04:c6:51:0a:
         b6:98:86:2b:d1:5b:ef:ae:01:71:70:33:c2:0f:49:6d:5d:61:
         0d:1a:2c:30:49:0b:35:a6:cb:3c:f9:fa:46:0b:c3:70:9a:b8:
         16:0b:81:13:6d:2a:f9:2f:af:1e:3d:f8:c9:8d:56:c2:17:63:
         98:2a:c5:28:8c:fa:30:c5:ec:fa:14:e0:b4:6e:88:66:b6:83:
         ae:be:d8:f8:11:c5:bc:3d:13:bb:d0:4e:58:e3:4b:34:39:5a:
         1e:b4:5e:53:bb:6d:dc:53:2e:64:79:0b:38:e4:f0:7d:15:1e:
         74:22:74:b4:56:6f:88:64:d0:11:1b:b8:00:8a:4f:8a:c3:3a:
         99:49:6b:3f:87:3f:c4:a9:2a:66:53:83:68:bc:41:89:cf:bd:
         08:a0:32:60:66:db:77:7f:8f:db:02:86:ab:05:1c:40:4f:c8:
         ba:ea:09:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFayAGNiYAc4Oxb+1Lvt+cDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MzNlZjQ2MTE2ZmQ5ZDIxYmZiNTMzZTQ0YmRlNTE3ODkw
YzI0ZGMwHhcNMjQwODE2MTA0MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzYyZjA1NDA3YTgwN2E2NjA0NmU4ZGNkOTMyMzA2Y2IxZWE4M2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4GgvALMZ67gv7N7nMa71dvuWR/Ke
HcQhn6itPrHmC0gUvBdo6MJGNFmSK7H9LlRl+X80+p2FQ2GRk2vtS1xF6xyLwp2u
Y6kkeCPIwm+i+UYBNEHKqxEGyZiL90ldDmcXtUwThzSxW+DjT2jKjHpZ0U9m3Vge
kstbIn5/en6INAse4gO6wSls8/pdLravgN0mVODY0PFlnlSdETCiw62J2lej8+Wt
VaepIoQeHpHzhSCnDpP+L0IBUP5BIJjrmqPD22kKPpdwA73Hx00UuFWoTLzDHhEr
2/J9RQXrneAni7RyHEwpJPia7tlGKYJBbEfUsRCHeyr3kx7iVzxTzweCcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxi8FQHqAemYEbo3NkyMGyx6oPYMB8GA1UdIwQY
MBaAFIUz70YRb9nSG/tTPkS95ReJDCTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAt
NzM5MjNkYWVmMTE0LzEvUEdMd1ZBZW9CNlpnUnVqYzJUSXdiTEhxZzlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAtNzM5MjNkYWVmMTE0
LzEvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS1fMA0G
CSqGSIb3DQEBCwUAA4IBAQB4Vl0VMOQgbnV6aEdUrleYlUsLWJjNgs/47jtVAr4t
JA7Tpw4OauKK49nmwjWctdaLzOc0wUkKsqjy5jY7jxL76w0wgVWtoap9/kcIu8gB
Osu5ZdEA+QTGUQq2mIYr0VvvrgFxcDPCD0ltXWENGiwwSQs1pss8+fpGC8NwmrgW
C4ETbSr5L68ePfjJjVbCF2OYKsUojPowxez6FOC0bohmtoOuvtj4EcW8PRO70E5Y
40s0OVoetF5Tu23cUy5keQs45PB9FR50InS0Vm+IZNARG7gAik+KwzqZSWs/hz/E
qSpmU4NovEGJz70IoDJgZtt3f4/bAoarBRxAT8i66gmk
-----END CERTIFICATE-----