Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/b9cf57-6c25-4a43-a0b1-059b006f39d9/1/PHjcLrvU7AKIebeq7z90GEyCJIA.roa
File:                     PHjcLrvU7AKIebeq7z90GEyCJIA.roa (raw, json)
Hash identifier:          4z5Fl2DS8yjcVMsGONnIkzz7nD7jwCT+2je1Ca7Ln9Q=
Subject key identifier:   3C:78:DC:2E:BB:D4:EC:02:88:79:B7:AA:EF:3F:74:18:4C:82:24:80
Certificate issuer:       /CN=0e0019ed2cb62197b0ca96e1e7161c98649086af
Certificate serial:       0192CA84952D0F25BC1C7DF3EBA4A356317F
Authority key identifier: 0E:00:19:ED:2C:B6:21:97:B0:CA:96:E1:E7:16:1C:98:64:90:86:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DgAZ7Sy2IZewypbh5xYcmGSQhq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/b9cf57-6c25-4a43-a0b1-059b006f39d9/1/PHjcLrvU7AKIebeq7z90GEyCJIA.roa
Signing time:             Sat 26 Oct 2024 20:28:59 +0000
ROA not before:           Sat 26 Oct 2024 20:28:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202220
IP address blocks:        195.149.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/b9cf57-6c25-4a43-a0b1-059b006f39d9/1/DgAZ7Sy2IZewypbh5xYcmGSQhq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/b9cf57-6c25-4a43-a0b1-059b006f39d9/1/DgAZ7Sy2IZewypbh5xYcmGSQhq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DgAZ7Sy2IZewypbh5xYcmGSQhq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ca:84:95:2d:0f:25:bc:1c:7d:f3:eb:a4:a3:56:31:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e0019ed2cb62197b0ca96e1e7161c98649086af
        Validity
            Not Before: Oct 26 20:28:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c78dc2ebbd4ec028879b7aaef3f74184c822480
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:1c:08:34:6a:4d:c0:08:78:db:35:48:f5:d9:
                    55:e7:36:a5:cd:dc:b8:9c:4d:50:2c:ab:22:f3:75:
                    d8:98:9a:aa:32:c3:94:16:c1:be:77:aa:9e:01:1a:
                    85:65:f4:36:f6:ad:5d:79:b5:90:40:99:3c:74:2a:
                    26:f0:25:15:a3:05:6e:b6:e0:dc:b3:f6:7e:7d:e6:
                    e7:cd:9b:ba:a5:db:66:27:0f:f7:7d:74:89:06:8a:
                    bf:6f:82:f3:32:3a:7f:87:d6:37:0d:24:3f:c0:b6:
                    c0:2e:9a:0d:b0:f9:f8:8b:04:4b:c6:3e:26:52:4e:
                    3e:ee:1d:f1:c3:3d:91:0b:d9:5d:c2:14:c8:47:0b:
                    34:55:be:4e:40:fe:08:06:c6:fe:f7:95:96:7e:87:
                    c9:da:13:9c:cb:6f:92:30:e0:88:ce:99:5d:15:fc:
                    8a:50:77:d2:54:31:ae:82:2c:6f:31:5a:05:b7:04:
                    06:64:f8:0b:a0:55:60:c2:ad:5f:f5:5c:1d:1f:f9:
                    29:dd:fe:40:54:de:45:dd:c7:35:88:3f:32:32:52:
                    28:f9:73:2f:db:f5:b3:4e:a8:7c:6f:79:7f:6c:6a:
                    fb:ba:31:d1:82:9d:48:2e:d6:6f:9b:5d:aa:9c:24:
                    9a:c9:5b:70:bc:65:c6:a7:22:0e:ac:bc:9e:8b:4c:
                    e4:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:78:DC:2E:BB:D4:EC:02:88:79:B7:AA:EF:3F:74:18:4C:82:24:80
            X509v3 Authority Key Identifier:
                keyid:0E:00:19:ED:2C:B6:21:97:B0:CA:96:E1:E7:16:1C:98:64:90:86:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DgAZ7Sy2IZewypbh5xYcmGSQhq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b9cf57-6c25-4a43-a0b1-059b006f39d9/1/PHjcLrvU7AKIebeq7z90GEyCJIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b9cf57-6c25-4a43-a0b1-059b006f39d9/1/DgAZ7Sy2IZewypbh5xYcmGSQhq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:93:e2:45:b8:c6:d1:15:16:64:9a:bb:6e:f7:f0:09:05:2d:
         6c:43:0c:d2:d5:11:41:fd:6f:a3:0d:4b:0a:fb:b8:5e:a3:cd:
         24:38:dd:46:34:da:a6:b8:15:14:4b:ee:5e:21:ce:7c:8a:27:
         29:ff:90:90:ca:5a:ee:42:c7:a3:23:3c:c8:e7:11:35:77:a0:
         f0:80:01:6f:32:8f:92:8f:eb:17:6c:2e:ac:7f:bc:e3:f5:ca:
         f9:5a:ba:4b:1f:ed:86:20:f7:e2:f4:a6:ac:2d:04:ec:c0:84:
         0d:23:14:84:0e:53:71:6b:c0:06:b2:f5:1d:a5:9f:e1:9e:d9:
         b8:5d:66:43:ee:b2:8c:9c:04:e5:25:7e:4f:d7:c0:18:65:b7:
         c6:94:a7:67:c6:31:4f:36:af:62:cd:68:41:2b:0d:7f:79:ab:
         5a:83:97:94:5a:c9:d7:8b:0c:72:8c:4d:68:de:78:bc:d4:6e:
         e7:71:83:77:4f:5a:cb:2a:c7:a3:37:ea:04:3f:94:d2:92:a3:
         c4:7f:94:be:ac:91:ab:42:0e:81:e9:9f:c2:c2:1f:ed:d0:2d:
         99:d9:48:4e:3b:88:f1:81:b8:16:20:64:da:83:38:cc:a1:26:
         c5:68:da:ac:e0:0e:e9:5a:a7:62:ca:b5:5b:5f:ec:ae:73:3f:
         95:ac:94:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLKhJUtDyW8HH3z66SjVjF/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMDAxOWVkMmNiNjIxOTdiMGNhOTZlMWU3MTYxYzk4NjQ5
MDg2YWYwHhcNMjQxMDI2MjAyODU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzc4ZGMyZWJiZDRlYzAyODg3OWI3YWFlZjNmNzQxODRjODIyNDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7RwINGpNwAh42zVI9dlV5zalzdy4
nE1QLKsi83XYmJqqMsOUFsG+d6qeARqFZfQ29q1debWQQJk8dCom8CUVowVutuDc
s/Z+febnzZu6pdtmJw/3fXSJBoq/b4LzMjp/h9Y3DSQ/wLbALpoNsPn4iwRLxj4m
Uk4+7h3xwz2RC9ldwhTIRws0Vb5OQP4IBsb+95WWfofJ2hOcy2+SMOCIzpldFfyK
UHfSVDGugixvMVoFtwQGZPgLoFVgwq1f9VwdH/kp3f5AVN5F3cc1iD8yMlIo+XMv
2/WzTqh8b3l/bGr7ujHRgp1ILtZvm12qnCSayVtwvGXGpyIOrLyei0zkYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDx43C671OwCiHm3qu8/dBhMgiSAMB8GA1UdIwQY
MBaAFA4AGe0stiGXsMqW4ecWHJhkkIavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGdBWjdTeTJJWmV3eXBiaDV4WWNtR1NRaHE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9iOWNmNTctNmMyNS00YTQzLWEwYjEt
MDU5YjAwNmYzOWQ5LzEvUEhqY0xydlU3QUtJZWJlcTd6OTBHRXlDSklBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9iOWNmNTctNmMyNS00YTQzLWEwYjEtMDU5YjAwNmYzOWQ5
LzEvRGdBWjdTeTJJWmV3eXBiaDV4WWNtR1NRaHE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5ViMA0G
CSqGSIb3DQEBCwUAA4IBAQCEk+JFuMbRFRZkmrtu9/AJBS1sQwzS1RFB/W+jDUsK
+7heo80kON1GNNqmuBUUS+5eIc58iicp/5CQylruQsejIzzI5xE1d6DwgAFvMo+S
j+sXbC6sf7zj9cr5WrpLH+2GIPfi9KasLQTswIQNIxSEDlNxa8AGsvUdpZ/hntm4
XWZD7rKMnATlJX5P18AYZbfGlKdnxjFPNq9izWhBKw1/eatag5eUWsnXiwxyjE1o
3ni81G7ncYN3T1rLKsejN+oEP5TSkqPEf5S+rJGrQg6B6Z/Cwh/t0C2Z2UhOO4jx
gbgWIGTagzjMoSbFaNqs4A7pWqdiyrVbX+yucz+VrJR7
-----END CERTIFICATE-----