Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/01cfc4-a39f-4b3b-90be-ce69556761bd/1/PlndmN7rsLrenYwTfJMaMo5zwQY.roa
File:                     PlndmN7rsLrenYwTfJMaMo5zwQY.roa (raw, json)
Hash identifier:          hXNJDfUpg8XN0QO/zYLuMnlJb+soPyHOVlMuedCpZZU=
Subject key identifier:   3E:59:DD:98:DE:EB:B0:BA:DE:9D:8C:13:7C:93:1A:32:8E:73:C1:06
Certificate issuer:       /CN=25c5fbdc722057a65fa9dbb117fc4bdf72edc0a7
Certificate serial:       018CC56E27ED08BB1AECAABB00A54B0C0C61
Authority key identifier: 25:C5:FB:DC:72:20:57:A6:5F:A9:DB:B1:17:FC:4B:DF:72:ED:C0:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JcX73HIgV6ZfqduxF_xL33LtwKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/01cfc4-a39f-4b3b-90be-ce69556761bd/1/PlndmN7rsLrenYwTfJMaMo5zwQY.roa
Signing time:             Mon 01 Jan 2024 14:29:39 +0000
ROA not before:           Mon 01 Jan 2024 14:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.37.132.0/24 maxlen: 24
                          178.212.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/01cfc4-a39f-4b3b-90be-ce69556761bd/1/JcX73HIgV6ZfqduxF_xL33LtwKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/01cfc4-a39f-4b3b-90be-ce69556761bd/1/JcX73HIgV6ZfqduxF_xL33LtwKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JcX73HIgV6ZfqduxF_xL33LtwKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:27:ed:08:bb:1a:ec:aa:bb:00:a5:4b:0c:0c:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25c5fbdc722057a65fa9dbb117fc4bdf72edc0a7
        Validity
            Not Before: Jan  1 14:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e59dd98deebb0bade9d8c137c931a328e73c106
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:e5:c3:7f:2b:23:31:ea:5d:56:9b:c0:b4:4a:
                    a0:00:f6:5e:10:36:aa:54:be:fa:84:54:47:60:a6:
                    0c:c9:02:06:45:29:67:12:c4:d4:7e:86:c5:0d:e6:
                    e0:89:6f:44:e9:a8:ea:73:cb:c2:ce:8d:93:c6:11:
                    35:d8:9f:05:80:11:00:5e:99:72:6f:9e:6e:71:9a:
                    0b:fc:5d:7a:a1:e7:35:09:82:65:a2:25:6c:c7:5a:
                    8b:c4:86:3e:cc:40:9e:1b:96:0f:09:71:87:8c:73:
                    82:93:98:b9:fe:14:57:36:df:9d:79:d8:db:4c:c4:
                    3d:da:2b:75:5e:5c:9a:a3:25:b7:b0:1d:97:bc:80:
                    d4:62:6a:9b:da:f4:33:1f:18:ed:53:4d:2c:3c:5e:
                    78:51:91:9f:61:11:13:9e:c7:4c:bc:77:96:6c:04:
                    a8:d9:d3:be:80:61:06:1d:e3:ad:ad:1f:f4:fa:a5:
                    4c:20:17:67:ff:d8:31:86:a2:1e:36:28:a1:f7:5a:
                    33:08:12:d2:bf:fb:49:c6:d3:21:83:36:0c:89:22:
                    e5:a0:bc:f0:91:c4:3d:58:3c:59:d7:ba:ce:b0:26:
                    5e:ea:b1:b8:73:66:a0:7c:73:a6:13:9b:d3:0e:15:
                    5e:f1:9c:25:56:21:54:e9:fa:5a:d7:7a:64:4d:df:
                    67:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:59:DD:98:DE:EB:B0:BA:DE:9D:8C:13:7C:93:1A:32:8E:73:C1:06
            X509v3 Authority Key Identifier:
                keyid:25:C5:FB:DC:72:20:57:A6:5F:A9:DB:B1:17:FC:4B:DF:72:ED:C0:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JcX73HIgV6ZfqduxF_xL33LtwKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/01cfc4-a39f-4b3b-90be-ce69556761bd/1/PlndmN7rsLrenYwTfJMaMo5zwQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/01cfc4-a39f-4b3b-90be-ce69556761bd/1/JcX73HIgV6ZfqduxF_xL33LtwKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.212.92.0/24
                  193.37.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:fd:11:2b:76:dd:30:4b:f8:d9:d1:cb:05:0d:e1:70:9f:bb:
         67:c3:df:f7:f6:e3:af:11:46:95:a7:1d:c9:1c:5b:02:14:62:
         60:d8:b9:8a:fa:d0:74:be:a8:ae:d4:90:76:b6:64:dc:1c:8c:
         e7:bf:71:ed:d3:52:f2:f0:1e:a4:9b:8a:dd:ec:b4:e5:4a:17:
         7f:01:d5:1f:07:72:b7:75:d9:a1:a7:2a:46:c2:6b:d7:46:a7:
         02:65:2e:c3:57:f8:ad:cd:93:0a:80:56:db:f1:4e:9a:c3:37:
         44:3d:0e:57:27:8f:8b:92:7a:bd:50:d0:3c:c1:a7:3b:b8:07:
         f1:4c:03:c5:b4:29:90:94:e8:00:9b:2c:85:a8:60:06:53:04:
         c8:9f:cc:3b:ea:11:5c:d0:81:0b:0f:08:cb:04:97:e9:fd:89:
         b1:32:f3:e7:fc:b5:5d:4b:23:f2:a4:49:12:02:e8:cd:63:30:
         7a:e5:e0:ca:96:66:c1:b2:1d:a0:c4:89:72:05:0d:96:a0:11:
         4c:24:36:fe:fe:b0:1a:a7:67:69:c0:9b:c6:f5:43:c7:9d:88:
         f4:58:6e:c0:e6:67:4a:7c:2e:c8:07:63:7f:3e:fc:ce:10:16:
         8a:c5:a1:b2:e7:bc:ee:3c:37:4a:8c:e3:0d:30:5c:6a:84:e1:
         0f:d6:71:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbiftCLsa7Kq7AKVLDAxhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YzVmYmRjNzIyMDU3YTY1ZmE5ZGJiMTE3ZmM0YmRmNzJl
ZGMwYTcwHhcNMjQwMTAxMTQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTU5ZGQ5OGRlZWJiMGJhZGU5ZDhjMTM3YzkzMWEzMjhlNzNjMTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+XDfysjMepdVpvAtEqgAPZeEDaq
VL76hFRHYKYMyQIGRSlnEsTUfobFDebgiW9E6ajqc8vCzo2TxhE12J8FgBEAXply
b55ucZoL/F16oec1CYJloiVsx1qLxIY+zECeG5YPCXGHjHOCk5i5/hRXNt+dedjb
TMQ92it1XlyaoyW3sB2XvIDUYmqb2vQzHxjtU00sPF54UZGfYRETnsdMvHeWbASo
2dO+gGEGHeOtrR/0+qVMIBdn/9gxhqIeNiih91ozCBLSv/tJxtMhgzYMiSLloLzw
kcQ9WDxZ17rOsCZe6rG4c2agfHOmE5vTDhVe8ZwlViFU6fpa13pkTd9nrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD5Z3Zje67C63p2ME3yTGjKOc8EGMB8GA1UdIwQY
MBaAFCXF+9xyIFemX6nbsRf8S99y7cCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmNYNzNISWdWNlpmcWR1eEZfeEwzM0x0d0tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8wMWNmYzQtYTM5Zi00YjNiLTkwYmUt
Y2U2OTU1Njc2MWJkLzEvUGxuZG1ON3JzTHJlbll3VGZKTWFNbzV6d1FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8wMWNmYzQtYTM5Zi00YjNiLTkwYmUtY2U2OTU1Njc2MWJk
LzEvSmNYNzNISWdWNlpmcWR1eEZfeEwzM0x0d0tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAstRcAwQA
wSWEMA0GCSqGSIb3DQEBCwUAA4IBAQBw/RErdt0wS/jZ0csFDeFwn7tnw9/39uOv
EUaVpx3JHFsCFGJg2LmK+tB0vqiu1JB2tmTcHIznv3Ht01Ly8B6km4rd7LTlShd/
AdUfB3K3ddmhpypGwmvXRqcCZS7DV/itzZMKgFbb8U6awzdEPQ5XJ4+Lknq9UNA8
wac7uAfxTAPFtCmQlOgAmyyFqGAGUwTIn8w76hFc0IELDwjLBJfp/YmxMvPn/LVd
SyPypEkSAujNYzB65eDKlmbBsh2gxIlyBQ2WoBFMJDb+/rAap2dpwJvG9UPHnYj0
WG7A5mdKfC7IB2N/PvzOEBaKxaGy57zuPDdKjOMNMFxqhOEP1nFW
-----END CERTIFICATE-----