Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/25aca7-7e28-487c-86d2-17b1c7379300/1/pja1mcuE4fLv-SYAL1h7IMV8cNg.roa
File:                     pja1mcuE4fLv-SYAL1h7IMV8cNg.roa (raw, json)
Hash identifier:          AHFc08AGYrXBXbMRJLm6ueHfvgcpPIfPuLJIXMUV43U=
Subject key identifier:   A6:36:B5:99:CB:84:E1:F2:EF:F9:26:00:2F:58:7B:20:C5:7C:70:D8
Certificate issuer:       /CN=8acddd5c30d580eb0feeca2a16cf5c5a8b2568fd
Certificate serial:       018CC72696BF29C79B42CC34179280350712
Authority key identifier: 8A:CD:DD:5C:30:D5:80:EB:0F:EE:CA:2A:16:CF:5C:5A:8B:25:68:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/is3dXDDVgOsP7soqFs9cWoslaP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/25aca7-7e28-487c-86d2-17b1c7379300/1/pja1mcuE4fLv-SYAL1h7IMV8cNg.roa
Signing time:             Mon 01 Jan 2024 22:30:44 +0000
ROA not before:           Mon 01 Jan 2024 22:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209936
IP address blocks:        185.242.164.0/23 maxlen: 23
                          185.242.164.0/22 maxlen: 23
                          2a0c:e780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/25aca7-7e28-487c-86d2-17b1c7379300/1/is3dXDDVgOsP7soqFs9cWoslaP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/25aca7-7e28-487c-86d2-17b1c7379300/1/is3dXDDVgOsP7soqFs9cWoslaP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/is3dXDDVgOsP7soqFs9cWoslaP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:96:bf:29:c7:9b:42:cc:34:17:92:80:35:07:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8acddd5c30d580eb0feeca2a16cf5c5a8b2568fd
        Validity
            Not Before: Jan  1 22:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a636b599cb84e1f2eff926002f587b20c57c70d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:21:ea:b3:7e:55:04:a4:12:b5:eb:5e:ef:b6:
                    f2:1c:74:f3:7c:cd:a4:5b:39:cd:d6:33:89:74:ac:
                    4d:97:bb:bc:c8:42:ed:f0:41:ec:d5:85:24:83:93:
                    cf:22:2d:db:69:bd:2e:bd:46:0e:a8:0c:b1:8e:d1:
                    f4:fb:a0:51:08:69:1e:f5:3a:2a:e8:00:2e:d4:b3:
                    c3:ba:33:4e:93:47:c1:7c:db:0f:a2:5e:06:17:bf:
                    7f:b4:ec:6f:30:36:db:e7:a1:a3:1a:00:0e:9f:11:
                    0d:ab:fd:e6:34:d0:a2:9f:56:81:18:9c:66:c5:1d:
                    d5:12:5f:bd:b9:b7:28:79:3b:76:7c:0f:19:64:0e:
                    5a:8a:b6:f5:27:a0:82:98:7a:16:70:8e:22:02:ce:
                    d5:57:6c:24:8a:41:25:95:91:35:c4:73:4b:bf:f6:
                    b6:77:49:f1:68:17:4d:a9:60:80:9c:f8:f2:7b:4e:
                    0d:a6:76:98:d3:91:8b:b9:7e:ba:fe:be:84:37:b9:
                    3a:74:c9:0a:7c:45:60:93:c2:dd:7d:e4:19:df:1c:
                    e8:6d:8b:6f:5d:b1:93:7b:d1:6b:69:61:ec:4e:c0:
                    c1:72:a3:55:7b:c0:11:3c:ff:27:18:96:97:e0:9e:
                    b1:d1:8a:90:bf:8b:7f:b5:d0:7b:02:74:0a:1e:e5:
                    83:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:36:B5:99:CB:84:E1:F2:EF:F9:26:00:2F:58:7B:20:C5:7C:70:D8
            X509v3 Authority Key Identifier:
                keyid:8A:CD:DD:5C:30:D5:80:EB:0F:EE:CA:2A:16:CF:5C:5A:8B:25:68:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/is3dXDDVgOsP7soqFs9cWoslaP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/25aca7-7e28-487c-86d2-17b1c7379300/1/pja1mcuE4fLv-SYAL1h7IMV8cNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/25aca7-7e28-487c-86d2-17b1c7379300/1/is3dXDDVgOsP7soqFs9cWoslaP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.164.0/22
                IPv6:
                  2a0c:e780::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:0c:f5:c0:a3:80:39:9d:03:a4:cd:73:a6:fb:91:71:b1:63:
         03:54:8d:66:f7:8c:62:b1:ac:ad:20:0f:f1:66:a4:d4:8d:fb:
         27:33:2a:23:ae:19:8b:93:6c:90:25:60:39:66:0e:cf:d5:91:
         f0:15:cf:a2:ce:88:3f:97:3d:71:9a:78:91:9f:84:a8:8a:c7:
         4f:f9:f2:b3:10:ec:e4:73:32:8c:3c:ae:6c:40:81:a4:f8:85:
         fe:e1:10:8f:92:8f:38:c0:ea:5a:07:37:e3:61:49:c8:60:b0:
         09:81:f7:43:24:b6:a7:dd:a4:0d:d1:93:7e:00:79:1f:ad:f2:
         84:4b:18:ea:a4:38:1b:2c:62:54:fc:f6:75:b5:80:d5:ae:72:
         3b:97:0e:57:90:30:9d:41:f1:3b:c6:ef:a3:32:5a:d3:cf:51:
         c1:e1:72:a8:77:49:10:23:63:44:95:42:00:97:fd:73:23:e7:
         9c:d9:e7:51:8c:4b:a3:8e:da:e2:c9:8f:80:0a:a0:e2:08:2e:
         d4:c7:1b:eb:2a:2c:5f:1a:e4:82:6a:cf:62:54:43:f4:8d:23:
         9e:7b:43:6f:79:7a:99:7f:b2:38:c2:4a:6f:06:d0:8f:3e:52:
         99:a3:b1:bd:98:8a:1b:88:9f:f2:d1:47:f9:d0:8e:2b:66:b6:
         1f:ee:44:b5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJpa/KcebQsw0F5KANQcSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhY2RkZDVjMzBkNTgwZWIwZmVlY2EyYTE2Y2Y1YzVhOGIy
NTY4ZmQwHhcNMjQwMTAxMjIzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjM2YjU5OWNiODRlMWYyZWZmOTI2MDAyZjU4N2IyMGM1N2M3MGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSHqs35VBKQStete77byHHTzfM2k
WznN1jOJdKxNl7u8yELt8EHs1YUkg5PPIi3bab0uvUYOqAyxjtH0+6BRCGke9Toq
6AAu1LPDujNOk0fBfNsPol4GF79/tOxvMDbb56GjGgAOnxENq/3mNNCin1aBGJxm
xR3VEl+9ubcoeTt2fA8ZZA5airb1J6CCmHoWcI4iAs7VV2wkikEllZE1xHNLv/a2
d0nxaBdNqWCAnPjye04NpnaY05GLuX66/r6EN7k6dMkKfEVgk8LdfeQZ3xzobYtv
XbGTe9FraWHsTsDBcqNVe8ARPP8nGJaX4J6x0YqQv4t/tdB7AnQKHuWDnQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKY2tZnLhOHy7/kmAC9YeyDFfHDYMB8GA1UdIwQY
MBaAFIrN3Vww1YDrD+7KKhbPXFqLJWj9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXMzZFhERFZnT3NQN3NvcUZzOWNXb3NsYVAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC8yNWFjYTctN2UyOC00ODdjLTg2ZDIt
MTdiMWM3Mzc5MzAwLzEvcGphMW1jdUU0Zkx2LVNZQUwxaDdJTVY4Y05nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC8yNWFjYTctN2UyOC00ODdjLTg2ZDItMTdiMWM3Mzc5MzAw
LzEvaXMzZFhERFZnT3NQN3NvcUZzOWNXb3NsYVAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufKkMA0E
AgACMAcDBQMqDOeAMA0GCSqGSIb3DQEBCwUAA4IBAQARDPXAo4A5nQOkzXOm+5Fx
sWMDVI1m94xisaytIA/xZqTUjfsnMyojrhmLk2yQJWA5Zg7P1ZHwFc+izog/lz1x
mniRn4SoisdP+fKzEOzkczKMPK5sQIGk+IX+4RCPko84wOpaBzfjYUnIYLAJgfdD
JLan3aQN0ZN+AHkfrfKESxjqpDgbLGJU/PZ1tYDVrnI7lw5XkDCdQfE7xu+jMlrT
z1HB4XKod0kQI2NElUIAl/1zI+ec2edRjEujjtriyY+ACqDiCC7UxxvrKixfGuSC
as9iVEP0jSOee0NveXqZf7I4wkpvBtCPPlKZo7G9mIobiJ/y0Uf50I4rZrYf7kS1
-----END CERTIFICATE-----