Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/975e4f-6c26-44bb-9ada-2fc6d17f8b58/1/PE1jTTTKhVoADwLETi9da5d4fmk.roa
File:                     PE1jTTTKhVoADwLETi9da5d4fmk.roa (raw, json)
Hash identifier:          USdFHz3SWwtpdA4/68fEf2km23+hbaxfFQHur77pGRM=
Subject key identifier:   3C:4D:63:4D:34:CA:85:5A:00:0F:02:C4:4E:2F:5D:6B:97:78:7E:69
Certificate issuer:       /CN=cd394757e1416202a4022956dbf48d707458520c
Certificate serial:       018CCA2ADA04393F73A3D2B44192531700A7
Authority key identifier: CD:39:47:57:E1:41:62:02:A4:02:29:56:DB:F4:8D:70:74:58:52:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zTlHV-FBYgKkAilW2_SNcHRYUgw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/975e4f-6c26-44bb-9ada-2fc6d17f8b58/1/PE1jTTTKhVoADwLETi9da5d4fmk.roa
Signing time:             Tue 02 Jan 2024 12:34:15 +0000
ROA not before:           Tue 02 Jan 2024 12:34:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.39.10.0/24 maxlen: 24
                          2a12:1b80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/975e4f-6c26-44bb-9ada-2fc6d17f8b58/1/zTlHV-FBYgKkAilW2_SNcHRYUgw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/975e4f-6c26-44bb-9ada-2fc6d17f8b58/1/zTlHV-FBYgKkAilW2_SNcHRYUgw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zTlHV-FBYgKkAilW2_SNcHRYUgw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:da:04:39:3f:73:a3:d2:b4:41:92:53:17:00:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd394757e1416202a4022956dbf48d707458520c
        Validity
            Not Before: Jan  2 12:34:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c4d634d34ca855a000f02c44e2f5d6b97787e69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:bb:1f:9d:8f:de:81:34:e9:7f:80:be:f9:21:
                    d9:bc:fb:ae:00:c3:34:14:46:4e:e8:d9:e4:e4:cc:
                    5d:40:86:17:37:60:65:40:70:2d:f5:62:d2:f8:4f:
                    d6:90:4b:b6:7a:4d:54:82:40:eb:c5:2c:b3:29:09:
                    e5:7f:2e:6e:2b:ca:5b:f7:d9:67:ba:da:d2:67:67:
                    3a:cc:52:73:2d:3b:d1:41:93:98:79:2c:40:ee:df:
                    85:e6:e5:12:a8:46:6c:65:cd:5d:2a:c3:3c:b0:19:
                    16:a9:19:e8:5a:91:fe:2c:06:2c:6e:12:37:03:b0:
                    0f:2b:62:58:f4:26:7a:4b:8c:16:91:df:6e:94:ef:
                    7a:37:af:12:11:d5:8f:e8:43:e2:83:e4:e9:d4:74:
                    62:4d:24:11:22:f5:75:0f:d7:28:56:1e:26:d0:5e:
                    14:c6:56:ae:4d:11:ff:5b:f3:bb:6e:42:a0:64:7e:
                    2d:3a:e9:db:2b:90:58:49:94:c8:6e:0a:3b:3e:ee:
                    22:f6:4c:75:dc:df:74:b9:29:b7:cf:10:4c:7b:5f:
                    e6:00:06:35:e8:60:3b:31:ac:32:a8:48:08:80:1c:
                    0e:49:49:f5:5a:83:f6:f3:58:bd:64:d7:6c:61:74:
                    53:ee:71:18:ec:50:36:c5:80:0e:71:55:82:32:ba:
                    22:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:4D:63:4D:34:CA:85:5A:00:0F:02:C4:4E:2F:5D:6B:97:78:7E:69
            X509v3 Authority Key Identifier:
                keyid:CD:39:47:57:E1:41:62:02:A4:02:29:56:DB:F4:8D:70:74:58:52:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zTlHV-FBYgKkAilW2_SNcHRYUgw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/975e4f-6c26-44bb-9ada-2fc6d17f8b58/1/PE1jTTTKhVoADwLETi9da5d4fmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/975e4f-6c26-44bb-9ada-2fc6d17f8b58/1/zTlHV-FBYgKkAilW2_SNcHRYUgw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.10.0/24
                IPv6:
                  2a12:1b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:84:11:de:f0:a3:bd:9b:ce:e1:1d:ce:f3:2a:b6:d3:b2:f5:
         c2:6d:19:ab:44:52:ea:06:b1:bf:ee:8b:24:b5:57:23:06:96:
         fa:94:df:6a:34:ef:c3:61:5b:19:25:e3:a1:f6:b9:33:0d:e4:
         3d:81:bf:04:29:de:cd:93:de:bd:f7:46:0e:e1:71:f2:1f:48:
         32:9f:76:0e:a7:e1:2c:42:94:a0:f8:55:1a:80:ff:a4:e1:92:
         8c:9a:53:d4:9e:28:b7:ee:ae:11:9a:eb:08:41:34:b4:2d:3a:
         3d:c7:56:ee:52:95:4a:b2:3a:da:6e:bc:0a:c7:7c:a0:5e:8b:
         69:0d:fa:86:ff:0b:67:bc:6d:11:73:56:f6:95:57:e9:a8:56:
         19:0f:6d:40:e8:09:f1:3b:60:e0:49:bc:96:fb:d1:fd:32:45:
         16:09:65:d8:4c:98:c6:8d:6c:07:e6:6d:99:3f:86:62:ce:0e:
         21:c5:70:86:dd:5d:ed:ce:e5:21:2d:9d:d3:61:54:fe:3c:c2:
         25:5f:cc:e7:71:89:b8:2b:6f:1d:ee:ae:79:68:39:33:52:e1:
         03:8b:7a:01:d3:38:06:2f:49:11:44:0a:47:e7:5f:76:d5:d9:
         87:c8:86:5b:57:77:af:10:0e:7f:58:27:68:fe:b4:0e:42:c4:
         02:2c:2d:06
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKtoEOT9zo9K0QZJTFwCnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMzk0NzU3ZTE0MTYyMDJhNDAyMjk1NmRiZjQ4ZDcwNzQ1
ODUyMGMwHhcNMjQwMTAyMTIzNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzRkNjM0ZDM0Y2E4NTVhMDAwZjAyYzQ0ZTJmNWQ2Yjk3Nzg3ZTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7sfnY/egTTpf4C++SHZvPuuAMM0
FEZO6Nnk5MxdQIYXN2BlQHAt9WLS+E/WkEu2ek1UgkDrxSyzKQnlfy5uK8pb99ln
utrSZ2c6zFJzLTvRQZOYeSxA7t+F5uUSqEZsZc1dKsM8sBkWqRnoWpH+LAYsbhI3
A7APK2JY9CZ6S4wWkd9ulO96N68SEdWP6EPig+Tp1HRiTSQRIvV1D9coVh4m0F4U
xlauTRH/W/O7bkKgZH4tOunbK5BYSZTIbgo7Pu4i9kx13N90uSm3zxBMe1/mAAY1
6GA7MawyqEgIgBwOSUn1WoP281i9ZNdsYXRT7nEY7FA2xYAOcVWCMroiKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDxNY000yoVaAA8CxE4vXWuXeH5pMB8GA1UdIwQY
MBaAFM05R1fhQWICpAIpVtv0jXB0WFIMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelRsSFYtRkJZZ0trQWlsVzJfU05jSFJZVWd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi85NzVlNGYtNmMyNi00NGJiLTlhZGEt
MmZjNmQxN2Y4YjU4LzEvUEUxalRUVEtoVm9BRHdMRVRpOWRhNWQ0Zm1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi85NzVlNGYtNmMyNi00NGJiLTlhZGEtMmZjNmQxN2Y4YjU4
LzEvelRsSFYtRkJZZ0trQWlsVzJfU05jSFJZVWd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuScKMA0E
AgACMAcDBQAqEhuAMA0GCSqGSIb3DQEBCwUAA4IBAQCIhBHe8KO9m87hHc7zKrbT
svXCbRmrRFLqBrG/7osktVcjBpb6lN9qNO/DYVsZJeOh9rkzDeQ9gb8EKd7Nk969
90YO4XHyH0gyn3YOp+EsQpSg+FUagP+k4ZKMmlPUnii37q4RmusIQTS0LTo9x1bu
UpVKsjrabrwKx3ygXotpDfqG/wtnvG0Rc1b2lVfpqFYZD21A6AnxO2DgSbyW+9H9
MkUWCWXYTJjGjWwH5m2ZP4Zizg4hxXCG3V3tzuUhLZ3TYVT+PMIlX8zncYm4K28d
7q55aDkzUuEDi3oB0zgGL0kRRApH51921dmHyIZbV3evEA5/WCdo/rQOQsQCLC0G
-----END CERTIFICATE-----