Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/PxIYjkUOKD8jl4hAZJMU0a06Am8.roa
File:                     PxIYjkUOKD8jl4hAZJMU0a06Am8.roa (raw, json)
Hash identifier:          +9udhAxFxy6waglQ2YukxmWuNL9aF0Nrxab6+ddscR4=
Subject key identifier:   3F:12:18:8E:45:0E:28:3F:23:97:88:40:64:93:14:D1:AD:3A:02:6F
Certificate issuer:       /CN=123c3de61011de07101e14dc0727395171cb03ab
Certificate serial:       01926243E250491DA6C9683EEF255F05AE13
Authority key identifier: 12:3C:3D:E6:10:11:DE:07:10:1E:14:DC:07:27:39:51:71:CB:03:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ejw95hAR3gcQHhTcByc5UXHLA6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/PxIYjkUOKD8jl4hAZJMU0a06Am8.roa
Signing time:             Sun 06 Oct 2024 14:37:48 +0000
ROA not before:           Sun 06 Oct 2024 14:37:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205814
IP address blocks:        185.122.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Ejw95hAR3gcQHhTcByc5UXHLA6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Ejw95hAR3gcQHhTcByc5UXHLA6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ejw95hAR3gcQHhTcByc5UXHLA6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:62:43:e2:50:49:1d:a6:c9:68:3e:ef:25:5f:05:ae:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=123c3de61011de07101e14dc0727395171cb03ab
        Validity
            Not Before: Oct  6 14:37:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f12188e450e283f23978840649314d1ad3a026f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:1e:3d:1b:98:d9:6c:cb:f4:cf:1c:9d:48:ea:
                    8e:3b:d9:1b:0e:73:61:15:92:fc:3c:53:53:15:c3:
                    89:b8:15:69:f3:dc:99:70:57:e8:22:96:54:81:33:
                    9a:87:f1:6e:fa:59:e6:04:65:83:24:1e:b6:6b:50:
                    75:2b:14:d4:3d:7d:32:37:cf:d1:82:e8:7f:0a:74:
                    6c:bc:4c:b8:02:bf:2a:fe:95:0f:12:80:a5:16:7f:
                    a4:c2:aa:18:3a:a8:17:6a:56:a2:1a:b8:3c:2f:c7:
                    0a:fa:b9:c3:85:15:fb:43:42:3f:2d:c8:10:52:b6:
                    4d:ad:c8:b1:c3:81:4c:e0:2a:bd:85:44:b4:1e:6f:
                    d4:52:bf:fe:68:8d:f8:52:91:b6:6a:c9:86:5c:41:
                    e0:ba:07:57:39:ba:84:24:7e:21:8c:14:55:4b:06:
                    ae:1b:48:ce:53:2e:17:94:5f:f9:ae:52:c4:9e:48:
                    61:6d:91:53:ee:0c:d5:b8:39:a7:22:33:1f:7f:45:
                    33:20:59:5a:45:fd:5d:4c:54:fb:f2:ff:6e:1b:b8:
                    d5:78:ab:0b:72:1c:f9:19:3d:6a:1d:65:16:08:00:
                    da:5f:ee:c3:5f:16:d8:01:51:fa:82:0a:e8:72:b2:
                    d3:4a:76:de:6d:bd:7d:6e:5b:33:68:58:da:23:39:
                    c9:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:12:18:8E:45:0E:28:3F:23:97:88:40:64:93:14:D1:AD:3A:02:6F
            X509v3 Authority Key Identifier:
                keyid:12:3C:3D:E6:10:11:DE:07:10:1E:14:DC:07:27:39:51:71:CB:03:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ejw95hAR3gcQHhTcByc5UXHLA6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/PxIYjkUOKD8jl4hAZJMU0a06Am8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Ejw95hAR3gcQHhTcByc5UXHLA6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:60:51:85:fe:0d:61:a6:6a:b6:f4:96:51:09:47:bf:ab:0a:
         5c:39:4e:dc:56:6c:fd:3b:9b:37:cc:7f:3d:5d:5e:15:9b:ff:
         2e:a8:36:0f:a0:02:c8:d0:c6:a6:77:41:f4:1d:3a:fe:56:33:
         25:2c:ec:35:a3:35:6d:ea:56:92:2c:64:d2:ed:92:d9:87:14:
         95:24:36:82:e6:eb:fa:93:45:ec:58:7c:03:ba:b4:83:7f:26:
         6d:81:c8:7c:3c:8b:f5:e4:eb:0a:ae:4d:57:6a:61:46:d5:02:
         e6:29:1b:6c:f2:78:4a:5a:4e:70:a9:f8:fd:c1:57:1a:ae:80:
         d5:48:ce:03:0a:7f:12:03:05:f1:7c:b7:4f:18:cc:cb:2d:03:
         eb:b5:5c:bc:5a:7d:bc:be:d9:98:29:53:20:1d:e0:91:e5:9d:
         13:ce:47:d0:d0:b7:4b:03:13:ea:4c:0a:6e:96:6c:26:ea:d1:
         02:06:19:5f:6b:36:ff:28:35:d6:89:93:69:17:f8:f5:ea:4f:
         ba:ff:f0:34:ea:fa:d3:a8:76:a5:55:14:50:fd:fd:a4:80:f1:
         90:7e:2c:99:a3:6a:51:dc:ba:e5:1a:57:1c:36:29:47:e7:d1:
         0a:1a:a9:ba:df:52:2f:21:71:40:34:a3:73:fa:f3:b1:86:80:
         1d:88:2b:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJiQ+JQSR2myWg+7yVfBa4TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyM2MzZGU2MTAxMWRlMDcxMDFlMTRkYzA3MjczOTUxNzFj
YjAzYWIwHhcNMjQxMDA2MTQzNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjEyMTg4ZTQ1MGUyODNmMjM5Nzg4NDA2NDkzMTRkMWFkM2EwMjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmR49G5jZbMv0zxydSOqOO9kbDnNh
FZL8PFNTFcOJuBVp89yZcFfoIpZUgTOah/Fu+lnmBGWDJB62a1B1KxTUPX0yN8/R
guh/CnRsvEy4Ar8q/pUPEoClFn+kwqoYOqgXalaiGrg8L8cK+rnDhRX7Q0I/LcgQ
UrZNrcixw4FM4Cq9hUS0Hm/UUr/+aI34UpG2asmGXEHgugdXObqEJH4hjBRVSwau
G0jOUy4XlF/5rlLEnkhhbZFT7gzVuDmnIjMff0UzIFlaRf1dTFT78v9uG7jVeKsL
chz5GT1qHWUWCADaX+7DXxbYAVH6ggrocrLTSnbebb19blszaFjaIznJiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8SGI5FDig/I5eIQGSTFNGtOgJvMB8GA1UdIwQY
MBaAFBI8PeYQEd4HEB4U3AcnOVFxywOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWp3OTVoQVIzZ2NRSGhUY0J5YzVVWEhMQTZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8yMjk2NTAtOGEwMS00MzcwLTk5MWUt
YjUwNGM5YWU5YmJjLzEvUHhJWWprVU9LRDhqbDRoQVpKTVUwYTA2QW04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8yMjk2NTAtOGEwMS00MzcwLTk5MWUtYjUwNGM5YWU5YmJj
LzEvRWp3OTVoQVIzZ2NRSGhUY0J5YzVVWEhMQTZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXr+MA0G
CSqGSIb3DQEBCwUAA4IBAQAYYFGF/g1hpmq29JZRCUe/qwpcOU7cVmz9O5s3zH89
XV4Vm/8uqDYPoALI0Mamd0H0HTr+VjMlLOw1ozVt6laSLGTS7ZLZhxSVJDaC5uv6
k0XsWHwDurSDfyZtgch8PIv15OsKrk1XamFG1QLmKRts8nhKWk5wqfj9wVcaroDV
SM4DCn8SAwXxfLdPGMzLLQPrtVy8Wn28vtmYKVMgHeCR5Z0TzkfQ0LdLAxPqTApu
lmwm6tECBhlfazb/KDXWiZNpF/j16k+6//A06vrTqHalVRRQ/f2kgPGQfiyZo2pR
3LrlGlccNilH59EKGqm631IvIXFANKNz+vOxhoAdiCsh
-----END CERTIFICATE-----