Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/PE58OaF0ra7iez3aqBDlnjOJoTA.roa
File:                     PE58OaF0ra7iez3aqBDlnjOJoTA.roa (raw, json)
Hash identifier:          YxRtlE4B9XbEps9IyUuSGbNOWpsQB0/AYYXe9VgxRrg=
Subject key identifier:   3C:4E:7C:39:A1:74:AD:AE:E2:7B:3D:DA:A8:10:E5:9E:33:89:A1:30
Certificate issuer:       /CN=28ab22fb2da473c5426bfcc1f880861004017087
Certificate serial:       018CC79570D3D4C07FD314EA6E7DE8AE8DD9
Authority key identifier: 28:AB:22:FB:2D:A4:73:C5:42:6B:FC:C1:F8:80:86:10:04:01:70:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KKsi-y2kc8VCa_zB-ICGEAQBcIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/PE58OaF0ra7iez3aqBDlnjOJoTA.roa
Signing time:             Tue 02 Jan 2024 00:31:48 +0000
ROA not before:           Tue 02 Jan 2024 00:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        195.85.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/KKsi-y2kc8VCa_zB-ICGEAQBcIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/KKsi-y2kc8VCa_zB-ICGEAQBcIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KKsi-y2kc8VCa_zB-ICGEAQBcIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 18:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:70:d3:d4:c0:7f:d3:14:ea:6e:7d:e8:ae:8d:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28ab22fb2da473c5426bfcc1f880861004017087
        Validity
            Not Before: Jan  2 00:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c4e7c39a174adaee27b3ddaa810e59e3389a130
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:c5:88:e9:ca:17:04:5d:2e:a1:1a:b3:4b:91:
                    bc:84:d9:51:fb:4b:fb:d8:a0:86:d5:5a:c0:f6:37:
                    c4:e5:2c:0e:ce:55:30:6e:4b:d8:23:92:a0:44:ac:
                    09:1f:56:58:e4:cc:d7:14:c6:d7:c7:46:c2:33:c4:
                    11:8c:8b:96:db:87:42:be:35:4f:91:33:44:4f:19:
                    fb:97:d7:6b:b5:44:68:04:f0:39:0e:0f:ca:41:0e:
                    5a:4b:29:68:43:50:a5:f9:9e:36:ce:a5:6d:2a:af:
                    29:55:49:c0:c9:d9:b8:20:0f:20:3e:8f:09:12:9f:
                    6e:76:fd:92:db:23:39:31:e3:92:8a:d6:84:7b:40:
                    9c:03:8c:b6:51:ed:94:31:f0:67:f5:16:1c:ab:6a:
                    f3:93:a7:f0:aa:73:8c:00:52:fb:aa:b1:c1:1b:48:
                    ec:62:95:1e:ad:ad:26:cc:85:a9:96:23:02:15:62:
                    78:1d:26:74:fb:9a:f0:dc:14:9c:bd:15:a5:ce:51:
                    6c:5f:83:1d:64:7f:83:51:06:bb:b4:78:69:cc:f0:
                    80:72:ae:fb:99:af:a4:ad:58:7f:64:ba:12:ae:06:
                    e1:ba:98:cd:5c:cd:84:aa:c3:7b:75:49:32:26:24:
                    66:73:3f:21:3f:a7:4c:bf:85:6b:98:e1:9d:6d:fb:
                    2e:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:4E:7C:39:A1:74:AD:AE:E2:7B:3D:DA:A8:10:E5:9E:33:89:A1:30
            X509v3 Authority Key Identifier:
                keyid:28:AB:22:FB:2D:A4:73:C5:42:6B:FC:C1:F8:80:86:10:04:01:70:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KKsi-y2kc8VCa_zB-ICGEAQBcIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/PE58OaF0ra7iez3aqBDlnjOJoTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/KKsi-y2kc8VCa_zB-ICGEAQBcIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:89:aa:19:95:7b:5f:f3:02:4c:49:c7:49:d7:57:63:fa:b4:
         0f:f0:ca:e9:d4:cb:20:ba:30:b2:ef:d5:bd:d3:92:82:63:cf:
         5f:20:7b:c4:2f:62:1a:c3:2d:43:af:30:f2:43:53:f6:1e:61:
         a8:d2:fa:ba:ac:8c:37:ed:b0:72:40:8e:77:7b:49:05:01:9b:
         a1:30:ac:a1:db:b3:08:65:2d:64:b0:7f:39:0e:64:ff:01:27:
         d6:fe:39:72:bf:eb:46:2f:80:01:f7:7e:ca:df:23:c7:97:87:
         c9:56:bb:e4:76:7f:2d:c4:1d:d6:51:c3:b0:af:c2:f1:27:b0:
         94:d7:5f:f6:f9:cb:b5:6e:21:67:8e:e3:63:d3:55:2b:e2:be:
         57:2e:37:84:d1:0d:83:17:50:41:09:9a:6c:35:03:57:b4:71:
         fc:18:58:a7:05:2d:f5:83:a3:ea:0e:59:00:eb:fe:ab:90:5e:
         e9:28:13:54:89:89:24:0d:f4:c1:6b:ee:64:9e:dc:c9:73:03:
         ac:20:89:71:89:6a:87:e6:2d:d1:be:44:4d:93:63:cc:d5:66:
         d2:3a:48:c5:b4:be:b2:5f:76:b2:ae:f6:75:43:49:ea:7c:7b:
         0d:34:b9:96:ff:fe:8a:b9:10:20:0b:39:0a:41:30:5a:b1:9d:
         3d:55:70:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlXDT1MB/0xTqbn3oro3ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YWIyMmZiMmRhNDczYzU0MjZiZmNjMWY4ODA4NjEwMDQw
MTcwODcwHhcNMjQwMTAyMDAzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzRlN2MzOWExNzRhZGFlZTI3YjNkZGFhODEwZTU5ZTMzODlhMTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA38WI6coXBF0uoRqzS5G8hNlR+0v7
2KCG1VrA9jfE5SwOzlUwbkvYI5KgRKwJH1ZY5MzXFMbXx0bCM8QRjIuW24dCvjVP
kTNETxn7l9drtURoBPA5Dg/KQQ5aSyloQ1Cl+Z42zqVtKq8pVUnAydm4IA8gPo8J
Ep9udv2S2yM5MeOSitaEe0CcA4y2Ue2UMfBn9RYcq2rzk6fwqnOMAFL7qrHBG0js
YpUera0mzIWpliMCFWJ4HSZ0+5rw3BScvRWlzlFsX4MdZH+DUQa7tHhpzPCAcq77
ma+krVh/ZLoSrgbhupjNXM2EqsN7dUkyJiRmcz8hP6dMv4VrmOGdbfsuXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxOfDmhdK2u4ns92qgQ5Z4ziaEwMB8GA1UdIwQY
MBaAFCirIvstpHPFQmv8wfiAhhAEAXCHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0tzaS15MmtjOFZDYV96Qi1JQ0dFQVFCY0ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mNTNkYTQtMDJlOC00OGY0LTgwYjMt
M2ExNTk1ZmM4NmVmLzEvUEU1OE9hRjByYTdpZXozYXFCRGxuak9Kb1RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mNTNkYTQtMDJlOC00OGY0LTgwYjMtM2ExNTk1ZmM4NmVm
LzEvS0tzaS15MmtjOFZDYV96Qi1JQ0dFQVFCY0ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1UMMA0G
CSqGSIb3DQEBCwUAA4IBAQAfiaoZlXtf8wJMScdJ11dj+rQP8Mrp1MsgujCy79W9
05KCY89fIHvEL2Iawy1DrzDyQ1P2HmGo0vq6rIw37bByQI53e0kFAZuhMKyh27MI
ZS1ksH85DmT/ASfW/jlyv+tGL4AB937K3yPHl4fJVrvkdn8txB3WUcOwr8LxJ7CU
11/2+cu1biFnjuNj01Ur4r5XLjeE0Q2DF1BBCZpsNQNXtHH8GFinBS31g6PqDlkA
6/6rkF7pKBNUiYkkDfTBa+5kntzJcwOsIIlxiWqH5i3RvkRNk2PM1WbSOkjFtL6y
X3ayrvZ1Q0nqfHsNNLmW//6KuRAgCzkKQTBasZ09VXCd
-----END CERTIFICATE-----