Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/PFbPnvGfchaa_xAQiAK7IgrhaGc.roa
File:                     PFbPnvGfchaa_xAQiAK7IgrhaGc.roa (raw, json)
Hash identifier:          AV9o34gSdobgFFLmZLl/P/5BRWTV9weQ6jvxmbk//2k=
Subject key identifier:   3C:56:CF:9E:F1:9F:72:16:9A:FF:10:10:88:02:BB:22:0A:E1:68:67
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       019001243343D76E54BC4955735F5A6C7028
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/PFbPnvGfchaa_xAQiAK7IgrhaGc.roa
Signing time:             Mon 10 Jun 2024 07:54:27 +0000
ROA not before:           Mon 10 Jun 2024 07:54:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203669
IP address blocks:        2a0e:8f02:f044::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 13:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:01:24:33:43:d7:6e:54:bc:49:55:73:5f:5a:6c:70:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jun 10 07:54:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c56cf9ef19f72169aff10108802bb220ae16867
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:6a:7b:d1:45:62:7a:ce:62:82:d6:df:56:60:
                    38:a8:71:79:d5:34:c3:40:13:a3:12:8e:9d:cd:f1:
                    b4:8a:d3:a9:16:e4:93:c2:26:a0:b6:f8:4e:85:db:
                    48:f0:cc:14:3a:e5:e5:95:7b:47:07:19:80:f1:9f:
                    51:ee:8e:f2:8b:c4:39:74:97:6e:71:0b:7c:f4:90:
                    63:79:8b:6f:75:4f:2d:02:c7:6a:dc:20:dc:ca:69:
                    63:99:6c:67:f3:8c:7c:b8:c7:65:71:f9:7b:b9:f8:
                    31:0f:ea:e4:9a:cd:88:d4:0f:e0:b6:d6:08:57:3d:
                    8f:52:70:1c:ba:fa:ad:f4:d3:52:24:65:ba:38:7e:
                    c5:94:9e:fe:cd:23:3a:99:10:ce:17:9e:ab:b3:5d:
                    ff:38:21:22:1a:d0:a9:af:c5:fe:12:f6:10:8a:2c:
                    52:50:f8:de:7e:eb:0e:62:ca:88:f4:d5:9d:5e:64:
                    00:c9:1b:1c:67:4e:4f:94:b1:6d:63:e7:41:b5:70:
                    19:f3:3d:db:41:80:c0:8d:f5:c5:ad:db:1f:4d:91:
                    3e:5a:d4:e5:d6:16:21:06:a1:86:e5:23:e0:06:bc:
                    10:13:78:82:60:91:78:36:15:53:63:88:07:c2:65:
                    df:6d:41:62:7e:b3:f5:29:1e:f0:d0:14:07:fc:b5:
                    13:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:56:CF:9E:F1:9F:72:16:9A:FF:10:10:88:02:BB:22:0A:E1:68:67
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/PFbPnvGfchaa_xAQiAK7IgrhaGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f044::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:13:32:b3:97:40:62:19:33:d6:c7:be:b2:f0:15:99:7b:af:
         00:a7:7c:ac:e3:98:1e:a8:80:dd:84:d9:a2:9f:1c:4b:66:80:
         72:84:9c:f2:c8:8e:35:84:b8:a7:2a:ed:02:fd:d4:de:aa:e9:
         7f:b1:74:5b:57:41:06:04:d2:93:f1:8c:ec:e8:57:26:6b:d4:
         d4:41:77:c2:84:7a:14:57:ba:4b:1e:ea:cc:32:0a:db:aa:d1:
         05:6c:8d:e6:18:67:4c:70:49:8d:9b:41:37:9d:16:a8:03:2a:
         86:da:4a:d4:ed:92:44:90:8e:d5:55:d6:a3:76:06:09:9c:f3:
         fc:3d:24:c8:25:7c:dd:2c:da:4a:d5:5e:06:b6:fc:01:02:32:
         2e:2f:a4:e3:74:9c:af:04:95:f0:48:76:58:e1:0d:6c:e9:05:
         47:2c:16:31:17:ac:cd:d7:c7:48:6a:d8:f9:5c:df:f6:34:fa:
         35:e3:73:60:0d:15:bb:09:e1:31:74:8a:ae:f1:25:05:49:b9:
         d8:4b:e3:21:2d:8b:a3:28:db:6c:68:e5:92:0d:c7:f9:b1:da:
         20:85:b9:30:6e:2c:b0:54:64:fa:cd:cd:c0:db:ef:f9:29:b9:
         d5:27:98:94:fb:d3:14:e2:1c:21:95:5c:75:9a:a5:41:00:cb:
         82:17:6f:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZABJDND125UvElVc19abHAoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwNjEwMDc1NDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzU2Y2Y5ZWYxOWY3MjE2OWFmZjEwMTA4ODAyYmIyMjBhZTE2ODY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02p70UVies5igtbfVmA4qHF51TTD
QBOjEo6dzfG0itOpFuSTwiagtvhOhdtI8MwUOuXllXtHBxmA8Z9R7o7yi8Q5dJdu
cQt89JBjeYtvdU8tAsdq3CDcymljmWxn84x8uMdlcfl7ufgxD+rkms2I1A/gttYI
Vz2PUnAcuvqt9NNSJGW6OH7FlJ7+zSM6mRDOF56rs13/OCEiGtCpr8X+EvYQiixS
UPjefusOYsqI9NWdXmQAyRscZ05PlLFtY+dBtXAZ8z3bQYDAjfXFrdsfTZE+WtTl
1hYhBqGG5SPgBrwQE3iCYJF4NhVTY4gHwmXfbUFifrP1KR7w0BQH/LUTJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDxWz57xn3IWmv8QEIgCuyIK4WhnMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvUEZiUG52R2ZjaGFhX3hBUWlBSzdJZ3JoYUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBE
MA0GCSqGSIb3DQEBCwUAA4IBAQBHEzKzl0BiGTPWx76y8BWZe68Ap3ys45geqIDd
hNminxxLZoByhJzyyI41hLinKu0C/dTequl/sXRbV0EGBNKT8Yzs6Fcma9TUQXfC
hHoUV7pLHurMMgrbqtEFbI3mGGdMcEmNm0E3nRaoAyqG2krU7ZJEkI7VVdajdgYJ
nPP8PSTIJXzdLNpK1V4GtvwBAjIuL6TjdJyvBJXwSHZY4Q1s6QVHLBYxF6zN18dI
atj5XN/2NPo143NgDRW7CeExdIqu8SUFSbnYS+MhLYujKNtsaOWSDcf5sdoghbkw
biywVGT6zc3A2+/5KbnVJ5iU+9MU4hwhlVx1mqVBAMuCF2/t
-----END CERTIFICATE-----