Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/6e6728-ff05-4946-b08e-3ebd455ac2ae/1/pcLYATvAxb6idTZ4Qcb3YwZG3D4.roa
File:                     pcLYATvAxb6idTZ4Qcb3YwZG3D4.roa (raw, json)
Hash identifier:          aLHnHPrizP8GzkGd9QXAB+PqJ4YyY0SPfzpQnyaP2zA=
Subject key identifier:   A5:C2:D8:01:3B:C0:C5:BE:A2:75:36:78:41:C6:F7:63:06:46:DC:3E
Certificate issuer:       /CN=d7bb552365499c07aed34b6884f5b2e9380ebee1
Certificate serial:       018CC3B6877E6CFAB17CC653E2F06E244A6B
Authority key identifier: D7:BB:55:23:65:49:9C:07:AE:D3:4B:68:84:F5:B2:E9:38:0E:BE:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/17tVI2VJnAeu00tohPWy6TgOvuE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/6e6728-ff05-4946-b08e-3ebd455ac2ae/1/pcLYATvAxb6idTZ4Qcb3YwZG3D4.roa
Signing time:             Mon 01 Jan 2024 06:29:28 +0000
ROA not before:           Mon 01 Jan 2024 06:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        194.124.142.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/6e6728-ff05-4946-b08e-3ebd455ac2ae/1/17tVI2VJnAeu00tohPWy6TgOvuE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/6e6728-ff05-4946-b08e-3ebd455ac2ae/1/17tVI2VJnAeu00tohPWy6TgOvuE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/17tVI2VJnAeu00tohPWy6TgOvuE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:87:7e:6c:fa:b1:7c:c6:53:e2:f0:6e:24:4a:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7bb552365499c07aed34b6884f5b2e9380ebee1
        Validity
            Not Before: Jan  1 06:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5c2d8013bc0c5bea275367841c6f7630646dc3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ce:78:7f:70:50:39:6b:02:16:df:ab:1e:7e:
                    49:11:a7:e6:e9:be:8e:8b:b2:9e:f8:68:18:18:5e:
                    43:82:19:28:68:49:16:da:ed:92:9f:b3:b4:5e:bb:
                    c2:fb:c5:6a:3a:99:1a:2a:8d:99:f6:5e:4c:5c:4e:
                    31:a3:15:76:dd:10:3c:66:02:cb:05:f5:6f:0e:e8:
                    0e:51:e7:06:eb:50:b6:45:b1:f3:af:80:b7:64:a3:
                    41:9d:bf:40:ad:24:da:4e:7d:60:ee:fa:8a:f1:b1:
                    fa:fe:e5:93:2f:b0:ce:35:e6:8f:ba:ed:63:cd:79:
                    fd:68:00:ba:76:31:35:1a:d7:44:61:5e:10:e6:96:
                    9a:0e:91:7a:83:75:75:20:93:dd:35:41:ad:6e:3d:
                    61:90:09:38:f2:e2:f1:c5:2f:dd:db:5a:03:e8:ba:
                    6a:e2:10:b1:0f:96:bf:5a:c5:06:02:17:e3:f7:ed:
                    a2:82:ef:b9:7f:ee:1e:db:a1:85:f8:f4:a3:0c:44:
                    b9:db:51:39:7b:9d:6e:54:66:ca:fe:92:10:ea:e7:
                    09:4d:dc:df:af:5e:35:40:d4:55:97:ac:5b:f2:13:
                    ab:fd:9d:93:c9:40:6b:42:35:7d:4e:2c:aa:01:64:
                    e5:3a:d5:bb:23:2e:30:32:70:20:91:71:25:6d:a8:
                    f4:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:C2:D8:01:3B:C0:C5:BE:A2:75:36:78:41:C6:F7:63:06:46:DC:3E
            X509v3 Authority Key Identifier:
                keyid:D7:BB:55:23:65:49:9C:07:AE:D3:4B:68:84:F5:B2:E9:38:0E:BE:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/17tVI2VJnAeu00tohPWy6TgOvuE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/6e6728-ff05-4946-b08e-3ebd455ac2ae/1/pcLYATvAxb6idTZ4Qcb3YwZG3D4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/6e6728-ff05-4946-b08e-3ebd455ac2ae/1/17tVI2VJnAeu00tohPWy6TgOvuE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.124.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:c3:7c:e7:77:b5:6c:bd:24:80:13:98:e4:f1:2c:3d:9d:17:
         50:ff:21:ae:f7:31:c2:5b:ef:44:f5:aa:d0:8c:6f:92:ca:06:
         4b:38:77:20:78:eb:5a:e8:d6:f8:59:81:21:3c:03:49:21:8a:
         84:ca:95:8e:22:b0:f4:ff:97:9c:d8:b1:cb:af:78:6b:4e:ba:
         31:ee:a5:d5:96:4c:96:27:13:c2:d2:3c:34:14:9f:09:5f:62:
         d4:c6:82:7a:fb:72:bd:73:e5:c2:f8:51:2b:08:54:47:2a:c8:
         35:14:24:0d:66:00:29:8b:91:17:35:e0:91:80:4e:3f:1d:48:
         26:3f:4b:a0:8f:62:03:4e:fc:b8:0d:46:5e:b8:95:93:c5:85:
         68:9d:fb:d2:54:17:d0:42:8d:51:63:bf:53:b7:a2:8f:59:6d:
         dc:71:a3:0b:9b:5d:77:50:8e:16:59:80:64:83:0e:21:fa:c0:
         69:c2:0f:df:7f:97:63:3d:ef:99:c6:35:b7:09:4d:0d:a2:22:
         a8:1a:e8:3f:cf:cf:1c:ba:a3:66:7f:a4:1e:fd:ee:a6:12:d8:
         22:01:21:46:ef:70:5b:ad:3b:b0:16:92:00:5b:a3:d6:e5:76:
         07:c1:fc:12:d0:af:06:3f:6f:1c:f8:8e:1d:90:11:37:69:14:
         26:bb:33:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtod+bPqxfMZT4vBuJEprMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3YmI1NTIzNjU0OTljMDdhZWQzNGI2ODg0ZjViMmU5Mzgw
ZWJlZTEwHhcNMjQwMTAxMDYyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWMyZDgwMTNiYzBjNWJlYTI3NTM2Nzg0MWM2Zjc2MzA2NDZkYzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgs54f3BQOWsCFt+rHn5JEafm6b6O
i7Ke+GgYGF5DghkoaEkW2u2Sn7O0XrvC+8VqOpkaKo2Z9l5MXE4xoxV23RA8ZgLL
BfVvDugOUecG61C2RbHzr4C3ZKNBnb9ArSTaTn1g7vqK8bH6/uWTL7DONeaPuu1j
zXn9aAC6djE1GtdEYV4Q5paaDpF6g3V1IJPdNUGtbj1hkAk48uLxxS/d21oD6Lpq
4hCxD5a/WsUGAhfj9+2igu+5f+4e26GF+PSjDES521E5e51uVGbK/pIQ6ucJTdzf
r141QNRVl6xb8hOr/Z2TyUBrQjV9TiyqAWTlOtW7Iy4wMnAgkXElbaj09QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKXC2AE7wMW+onU2eEHG92MGRtw+MB8GA1UdIwQY
MBaAFNe7VSNlSZwHrtNLaIT1suk4Dr7hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTd0VkkyVkpuQWV1MDB0b2hQV3k2VGdPdnVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC82ZTY3MjgtZmYwNS00OTQ2LWIwOGUt
M2ViZDQ1NWFjMmFlLzEvcGNMWUFUdkF4YjZpZFRaNFFjYjNZd1pHM0Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC82ZTY3MjgtZmYwNS00OTQ2LWIwOGUtM2ViZDQ1NWFjMmFl
LzEvMTd0VkkyVkpuQWV1MDB0b2hQV3k2VGdPdnVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwnyOMA0G
CSqGSIb3DQEBCwUAA4IBAQAYw3znd7VsvSSAE5jk8Sw9nRdQ/yGu9zHCW+9E9arQ
jG+SygZLOHcgeOta6Nb4WYEhPANJIYqEypWOIrD0/5ec2LHLr3hrTrox7qXVlkyW
JxPC0jw0FJ8JX2LUxoJ6+3K9c+XC+FErCFRHKsg1FCQNZgApi5EXNeCRgE4/HUgm
P0ugj2IDTvy4DUZeuJWTxYVonfvSVBfQQo1RY79Tt6KPWW3ccaMLm113UI4WWYBk
gw4h+sBpwg/ff5djPe+ZxjW3CU0NoiKoGug/z88cuqNmf6Qe/e6mEtgiASFG73Bb
rTuwFpIAW6PW5XYHwfwS0K8GP28c+I4dkBE3aRQmuzM/
-----END CERTIFICATE-----