Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/PgGvShD4KcJY7UqIrCsI9n7mWJk.roa
File:                     PgGvShD4KcJY7UqIrCsI9n7mWJk.roa (raw, json)
Hash identifier:          r9MRp9PsRXVgXPhxp0MgiHKljXGZLUzhqoFk+DZF9r0=
Subject key identifier:   3E:01:AF:4A:10:F8:29:C2:58:ED:4A:88:AC:2B:08:F6:7E:E6:58:99
Certificate issuer:       /CN=0969a2a39635b797476f1f1633ae8f27bf33b533
Certificate serial:       018CC3B6DAD29EAF8B7732862C15A123C4D6
Authority key identifier: 09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/PgGvShD4KcJY7UqIrCsI9n7mWJk.roa
Signing time:             Mon 01 Jan 2024 06:29:49 +0000
ROA not before:           Mon 01 Jan 2024 06:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211557
IP address blocks:        195.85.201.0/24 maxlen: 24
                          195.85.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:da:d2:9e:af:8b:77:32:86:2c:15:a1:23:c4:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0969a2a39635b797476f1f1633ae8f27bf33b533
        Validity
            Not Before: Jan  1 06:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e01af4a10f829c258ed4a88ac2b08f67ee65899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:48:ca:8b:fd:13:eb:93:bf:60:2e:b3:f9:cb:
                    e3:a5:fc:d0:24:9a:13:32:5c:76:63:b3:ec:e0:63:
                    52:18:05:01:2c:5d:25:0d:87:2a:69:a7:fd:57:de:
                    f4:8b:ea:0f:3c:1f:a9:95:42:d3:ba:c3:67:5e:91:
                    a0:cc:33:4f:1d:ef:a8:dd:bf:5d:ef:04:73:4f:8d:
                    4c:9d:6f:c7:4d:f4:52:0d:c7:67:3f:0d:59:fb:e4:
                    9b:22:ad:d9:84:bf:6c:ff:11:f5:ec:b2:2f:6d:22:
                    f1:1c:7a:02:7e:a2:5d:6e:8f:61:75:22:5f:d1:92:
                    8c:7b:9e:20:51:76:b6:89:90:6e:d7:d2:9c:be:a6:
                    58:15:5f:c7:c7:1b:bb:24:82:7f:c6:63:70:0f:55:
                    81:3f:c4:34:47:ab:3d:02:96:0c:1d:87:47:5e:2b:
                    b4:29:f2:7c:ee:4e:58:c9:73:1d:3a:25:16:b3:87:
                    dc:57:db:07:b4:86:8c:13:20:8b:20:35:ca:bf:27:
                    c1:85:66:85:e9:22:5c:6a:5e:ec:cb:ab:73:0c:33:
                    d7:84:70:d9:09:7e:d2:f4:69:a5:bc:99:ba:fd:1e:
                    e8:2f:37:a9:00:48:40:82:43:b0:55:7e:bd:6c:07:
                    4b:7f:e3:15:17:74:2f:97:b4:92:1f:3f:62:a6:e7:
                    a3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:01:AF:4A:10:F8:29:C2:58:ED:4A:88:AC:2B:08:F6:7E:E6:58:99
            X509v3 Authority Key Identifier:
                keyid:09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/PgGvShD4KcJY7UqIrCsI9n7mWJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.201.0/24
                  195.85.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:70:6a:05:75:ad:5b:75:95:28:27:6e:69:87:da:4a:78:f0:
         62:3c:68:90:a4:0b:b6:25:37:80:9e:5e:c0:8f:07:26:ad:eb:
         d5:f0:07:0b:fd:40:8e:65:a5:f1:41:67:68:ce:45:07:ae:6e:
         ad:62:01:ed:43:50:0e:e1:76:be:cf:ee:96:4c:ff:72:f4:50:
         81:6b:c5:04:61:b0:cb:20:61:fb:b5:32:c3:73:3c:a3:e5:99:
         b0:18:3f:70:a5:57:a6:b5:e3:18:d0:c1:36:a3:b5:e0:9a:38:
         90:72:00:f6:e5:b5:2b:16:5f:df:bb:68:8a:fa:25:a6:f5:26:
         fd:b4:8e:34:05:76:f0:d8:1a:42:14:96:99:70:b3:9d:25:dd:
         ed:83:95:05:4e:19:04:97:35:be:c8:98:7b:a3:5a:7b:e1:80:
         db:8d:da:aa:51:0d:61:e9:12:28:26:f9:84:8c:ff:04:2c:12:
         99:83:2a:d2:01:a3:bb:35:90:29:d0:2a:1d:d3:ff:a6:eb:6e:
         93:6b:a6:ab:20:91:a4:01:3f:00:22:5d:e8:3c:6a:9d:8e:fb:
         bd:60:fa:b0:fc:a8:50:98:cd:dc:22:7f:1e:1e:71:0c:87:ae:
         39:8a:77:9a:bd:aa:b7:cc:32:72:7e:85:f4:8d:7f:8f:88:ef:
         f7:87:10:3c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDttrSnq+LdzKGLBWhI8TWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjlhMmEzOTYzNWI3OTc0NzZmMWYxNjMzYWU4ZjI3YmYz
M2I1MzMwHhcNMjQwMTAxMDYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTAxYWY0YTEwZjgyOWMyNThlZDRhODhhYzJiMDhmNjdlZTY1ODk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkjKi/0T65O/YC6z+cvjpfzQJJoT
Mlx2Y7Ps4GNSGAUBLF0lDYcqaaf9V970i+oPPB+plULTusNnXpGgzDNPHe+o3b9d
7wRzT41MnW/HTfRSDcdnPw1Z++SbIq3ZhL9s/xH17LIvbSLxHHoCfqJdbo9hdSJf
0ZKMe54gUXa2iZBu19KcvqZYFV/Hxxu7JIJ/xmNwD1WBP8Q0R6s9ApYMHYdHXiu0
KfJ87k5YyXMdOiUWs4fcV9sHtIaMEyCLIDXKvyfBhWaF6SJcal7sy6tzDDPXhHDZ
CX7S9GmlvJm6/R7oLzepAEhAgkOwVX69bAdLf+MVF3Qvl7SSHz9ipuejSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD4Br0oQ+CnCWO1KiKwrCPZ+5liZMB8GA1UdIwQY
MBaAFAlpoqOWNbeXR28fFjOujye/M7UzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUt
NDE0OTA4NzJmYzRlLzEvUGdHdlNoRDRLY0pZN1VxSXJDc0k5bjdtV0prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUtNDE0OTA4NzJmYzRl
LzEvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw1XJAwQA
w1XNMA0GCSqGSIb3DQEBCwUAA4IBAQA1cGoFda1bdZUoJ25ph9pKePBiPGiQpAu2
JTeAnl7AjwcmrevV8AcL/UCOZaXxQWdozkUHrm6tYgHtQ1AO4Xa+z+6WTP9y9FCB
a8UEYbDLIGH7tTLDczyj5ZmwGD9wpVemteMY0ME2o7XgmjiQcgD25bUrFl/fu2iK
+iWm9Sb9tI40BXbw2BpCFJaZcLOdJd3tg5UFThkElzW+yJh7o1p74YDbjdqqUQ1h
6RIoJvmEjP8ELBKZgyrSAaO7NZAp0Cod0/+m626Ta6arIJGkAT8AIl3oPGqdjvu9
YPqw/KhQmM3cIn8eHnEMh645ineavaq3zDJyfoX0jX+PiO/3hxA8
-----END CERTIFICATE-----