Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/PGbrVJPSCqjWKwLD1Gwn1kQpaHQ.roa
File:                     PGbrVJPSCqjWKwLD1Gwn1kQpaHQ.roa (raw, json)
Hash identifier:          kz7YcpnBr+ZKGjX28+myg0kxYts35bBeJ8JZhrqluuQ=
Subject key identifier:   3C:66:EB:54:93:D2:0A:A8:D6:2B:02:C3:D4:6C:27:D6:44:29:68:74
Certificate issuer:       /CN=1c39d57936dd2d1521443e68dadd9d0949cde33f
Certificate serial:       018CC8707D511F1A7267D3CEFBDD6994851F
Authority key identifier: 1C:39:D5:79:36:DD:2D:15:21:44:3E:68:DA:DD:9D:09:49:CD:E3:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HDnVeTbdLRUhRD5o2t2dCUnN4z8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/PGbrVJPSCqjWKwLD1Gwn1kQpaHQ.roa
Signing time:             Tue 02 Jan 2024 04:31:04 +0000
ROA not before:           Tue 02 Jan 2024 04:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21263
IP address blocks:        185.35.211.0/24 maxlen: 24
                          2a02:778:40e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/HDnVeTbdLRUhRD5o2t2dCUnN4z8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/HDnVeTbdLRUhRD5o2t2dCUnN4z8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HDnVeTbdLRUhRD5o2t2dCUnN4z8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:7d:51:1f:1a:72:67:d3:ce:fb:dd:69:94:85:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c39d57936dd2d1521443e68dadd9d0949cde33f
        Validity
            Not Before: Jan  2 04:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c66eb5493d20aa8d62b02c3d46c27d644296874
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c6:f2:f5:a2:d1:ef:2c:7c:a8:e1:c0:16:0f:
                    08:b5:03:8b:a4:be:88:40:27:ab:74:aa:68:43:2c:
                    52:e3:52:44:6f:0d:21:ac:3c:84:9f:ed:62:d1:fb:
                    c9:51:25:bd:5f:32:c3:52:ad:ce:93:d6:8a:a3:8f:
                    d5:d2:68:5c:41:77:35:bc:6b:6e:32:02:19:92:d5:
                    31:6a:fd:a6:ca:e0:1b:cf:83:62:2f:f4:93:0b:bd:
                    1f:98:c6:ad:50:73:ce:c0:fe:35:4e:95:42:3c:af:
                    3e:5e:9c:eb:3a:f5:b2:a7:b1:2f:de:c7:7b:f6:44:
                    63:c3:45:60:12:90:cb:cc:89:f8:b9:7c:37:80:a9:
                    dd:04:13:12:80:ec:39:c5:02:0a:b7:65:64:58:ed:
                    22:70:c3:f9:cd:0b:c4:8d:e0:5e:88:2d:21:2c:04:
                    ca:f1:5e:d0:35:d8:77:0b:74:54:10:c6:88:58:03:
                    61:32:03:a6:c1:f2:10:9f:8a:41:fb:f6:3d:26:81:
                    ed:4c:96:ff:c2:ec:79:ce:ab:a2:9c:4e:e2:cb:a9:
                    fd:63:e8:72:92:9a:57:64:d7:3d:71:86:e6:fe:21:
                    a2:b2:ed:0c:ff:11:cf:06:28:8c:48:34:6b:d4:4b:
                    88:db:64:7b:41:70:41:17:fe:a7:b8:b7:2c:35:a5:
                    87:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:66:EB:54:93:D2:0A:A8:D6:2B:02:C3:D4:6C:27:D6:44:29:68:74
            X509v3 Authority Key Identifier:
                keyid:1C:39:D5:79:36:DD:2D:15:21:44:3E:68:DA:DD:9D:09:49:CD:E3:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HDnVeTbdLRUhRD5o2t2dCUnN4z8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/PGbrVJPSCqjWKwLD1Gwn1kQpaHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/HDnVeTbdLRUhRD5o2t2dCUnN4z8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.35.211.0/24
                IPv6:
                  2a02:778:40e::/48

    Signature Algorithm: sha256WithRSAEncryption
         e6:8d:9d:aa:28:41:93:ca:c7:8e:b0:0d:63:50:8d:7e:d7:06:
         ff:99:56:26:ca:e4:5a:98:e3:81:e4:14:9a:ad:3d:7a:a1:a6:
         19:6e:78:97:99:74:8b:35:95:3c:68:3e:f6:8f:19:a4:83:49:
         10:29:dd:4d:ab:e4:75:8e:e6:6e:2a:e2:3a:b3:54:77:0a:b2:
         50:56:04:c1:e9:81:46:68:c1:73:22:2f:dd:60:82:c4:a1:61:
         6e:3e:3e:69:d5:79:c8:42:c7:9a:72:bd:a3:7b:55:ee:98:64:
         84:f4:87:64:99:d0:80:38:33:20:3b:5c:66:d2:a1:86:43:44:
         a1:68:de:9d:48:6b:0f:a2:57:c4:43:79:a7:85:c4:8e:d0:49:
         d6:8c:af:84:8d:b9:b7:e0:a1:1d:47:a4:62:e2:6f:aa:d0:ea:
         8c:c7:b0:42:13:0c:38:38:6f:ca:99:4f:3a:bd:1b:eb:41:48:
         61:e6:89:5b:c8:16:b0:af:de:24:b3:0d:77:67:2d:3c:1d:7e:
         e4:bc:18:91:5d:43:d0:a2:c5:cc:a8:ae:8f:fd:9e:3b:4c:28:
         37:b5:28:1a:44:f8:ba:a7:40:1c:78:8e:17:d7:eb:91:76:31:
         b4:ea:7a:51:74:59:f7:36:ff:58:c3:53:eb:d7:23:e6:c5:f6:
         60:47:47:87
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIcH1RHxpyZ9PO+91plIUfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMzlkNTc5MzZkZDJkMTUyMTQ0M2U2OGRhZGQ5ZDA5NDlj
ZGUzM2YwHhcNMjQwMTAyMDQzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzY2ZWI1NDkzZDIwYWE4ZDYyYjAyYzNkNDZjMjdkNjQ0Mjk2ODc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8by9aLR7yx8qOHAFg8ItQOLpL6I
QCerdKpoQyxS41JEbw0hrDyEn+1i0fvJUSW9XzLDUq3Ok9aKo4/V0mhcQXc1vGtu
MgIZktUxav2myuAbz4NiL/STC70fmMatUHPOwP41TpVCPK8+XpzrOvWyp7Ev3sd7
9kRjw0VgEpDLzIn4uXw3gKndBBMSgOw5xQIKt2VkWO0icMP5zQvEjeBeiC0hLATK
8V7QNdh3C3RUEMaIWANhMgOmwfIQn4pB+/Y9JoHtTJb/wux5zquinE7iy6n9Y+hy
kppXZNc9cYbm/iGisu0M/xHPBiiMSDRr1EuI22R7QXBBF/6nuLcsNaWHgQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDxm61ST0gqo1isCw9RsJ9ZEKWh0MB8GA1UdIwQY
MBaAFBw51Xk23S0VIUQ+aNrdnQlJzeM/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSERuVmVUYmRMUlVoUkQ1bzJ0MmRDVW5ONHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kMzg1NmYtMDI5Yy00NDZhLWFlN2Qt
ZDdjNWRhN2MxNjc2LzEvUEdiclZKUFNDcWpXS3dMRDFHd24xa1FwYUhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kMzg1NmYtMDI5Yy00NDZhLWFlN2QtZDdjNWRhN2MxNjc2
LzEvSERuVmVUYmRMUlVoUkQ1bzJ0MmRDVW5ONHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuSPTMA8E
AgACMAkDBwAqAgd4BA4wDQYJKoZIhvcNAQELBQADggEBAOaNnaooQZPKx46wDWNQ
jX7XBv+ZVibK5FqY44HkFJqtPXqhphlueJeZdIs1lTxoPvaPGaSDSRAp3U2r5HWO
5m4q4jqzVHcKslBWBMHpgUZowXMiL91ggsShYW4+PmnVechCx5pyvaN7Ve6YZIT0
h2SZ0IA4MyA7XGbSoYZDRKFo3p1Iaw+iV8RDeaeFxI7QSdaMr4SNubfgoR1HpGLi
b6rQ6ozHsEITDDg4b8qZTzq9G+tBSGHmiVvIFrCv3iSzDXdnLTwdfuS8GJFdQ9Ci
xcyoro/9njtMKDe1KBpE+LqnQBx4jhfX65F2MbTqelF0Wfc2/1jDU+vXI+bF9mBH
R4c=
-----END CERTIFICATE-----