Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/753208-a5a4-4b71-8e74-a7eb38d48c78/1/PFZexs9BK-NfF5NXMSXMoZ7giFE.roa
File:                     PFZexs9BK-NfF5NXMSXMoZ7giFE.roa (raw, json)
Hash identifier:          LSFCyxl3oyBCebFuRg2xKldPUabF/wooHWM4diuJT94=
Subject key identifier:   3C:56:5E:C6:CF:41:2B:E3:5F:17:93:57:31:25:CC:A1:9E:E0:88:51
Certificate issuer:       /CN=ed28f57746a005ae75a8f5f9e92f7d22d61c8d34
Certificate serial:       018CC500E62434110CC68E4983DC74BD7BC1
Authority key identifier: ED:28:F5:77:46:A0:05:AE:75:A8:F5:F9:E9:2F:7D:22:D6:1C:8D:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7Sj1d0agBa51qPX56S99ItYcjTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/753208-a5a4-4b71-8e74-a7eb38d48c78/1/PFZexs9BK-NfF5NXMSXMoZ7giFE.roa
Signing time:             Mon 01 Jan 2024 12:30:19 +0000
ROA not before:           Mon 01 Jan 2024 12:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202395
IP address blocks:        195.226.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/753208-a5a4-4b71-8e74-a7eb38d48c78/1/7Sj1d0agBa51qPX56S99ItYcjTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/753208-a5a4-4b71-8e74-a7eb38d48c78/1/7Sj1d0agBa51qPX56S99ItYcjTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7Sj1d0agBa51qPX56S99ItYcjTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:e6:24:34:11:0c:c6:8e:49:83:dc:74:bd:7b:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed28f57746a005ae75a8f5f9e92f7d22d61c8d34
        Validity
            Not Before: Jan  1 12:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c565ec6cf412be35f1793573125cca19ee08851
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e1:85:26:15:b5:51:17:34:c6:0f:46:3c:d6:
                    fc:3d:37:d8:c1:6c:21:cc:89:57:fb:bd:16:2f:c7:
                    57:99:1c:ae:e9:43:16:ca:44:69:9a:f3:ae:38:7e:
                    88:08:4b:e2:9d:d1:0d:5e:5c:10:88:25:df:6e:c5:
                    6b:bd:f1:de:2d:f9:75:d7:a1:8e:33:20:f3:81:aa:
                    84:8c:2a:a9:7b:98:ea:11:bb:13:4c:d0:eb:d6:e2:
                    b2:30:2e:2c:03:d2:ab:d6:91:b5:26:b3:b0:a2:41:
                    ca:6a:2b:f4:c6:c0:bc:cf:3f:fb:62:bb:cc:4d:90:
                    d6:29:60:ac:17:77:ae:d7:99:d0:34:45:f7:ac:d0:
                    40:9b:66:4f:c0:6b:cd:7b:3a:3d:84:a6:e1:5d:80:
                    b2:d8:d8:e8:9e:66:90:20:63:f9:1c:5d:82:45:cf:
                    6f:da:74:0d:03:fb:44:31:95:ff:dd:cd:f0:7a:eb:
                    a6:7c:d0:a6:78:31:51:25:68:fa:62:b3:db:16:41:
                    88:22:56:86:d7:8e:91:b6:9e:16:10:87:b1:76:1f:
                    b6:83:ea:40:07:ea:c5:2a:e9:2f:71:9d:07:c3:69:
                    be:cb:2a:cc:ec:8a:45:72:45:c3:05:30:81:56:a8:
                    25:39:bd:b4:bb:9d:cd:85:34:95:76:75:91:9c:9f:
                    a1:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:56:5E:C6:CF:41:2B:E3:5F:17:93:57:31:25:CC:A1:9E:E0:88:51
            X509v3 Authority Key Identifier:
                keyid:ED:28:F5:77:46:A0:05:AE:75:A8:F5:F9:E9:2F:7D:22:D6:1C:8D:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7Sj1d0agBa51qPX56S99ItYcjTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/753208-a5a4-4b71-8e74-a7eb38d48c78/1/PFZexs9BK-NfF5NXMSXMoZ7giFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/753208-a5a4-4b71-8e74-a7eb38d48c78/1/7Sj1d0agBa51qPX56S99ItYcjTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.226.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:11:9e:8f:4f:96:d7:78:6b:b3:ce:0f:78:6e:59:f9:be:31:
         52:79:84:cb:3a:73:68:61:86:26:fb:ae:6f:23:7f:00:64:43:
         02:f0:e8:b6:2e:bd:75:15:69:a6:78:01:68:fe:9c:d2:38:cf:
         ac:45:c5:15:33:7d:cf:73:fb:65:98:9f:88:e8:a5:ef:7e:df:
         42:56:79:02:88:68:fa:00:51:a4:eb:00:58:a8:93:9b:00:c7:
         3c:cb:5f:a9:b6:5a:a6:cc:18:0d:8f:ea:cb:77:ec:e7:e8:a1:
         00:84:82:68:f9:d7:2a:58:ba:1b:39:30:85:54:99:86:d3:4c:
         a8:b9:05:c5:67:39:57:63:6c:02:3d:84:4b:14:a2:2d:83:ce:
         20:a8:65:c0:30:fd:6d:be:49:d2:ac:68:82:a3:80:d7:7a:3f:
         a0:bc:c3:87:3e:bb:dd:1d:47:36:d3:bb:51:7a:09:8d:11:98:
         6c:47:df:fb:42:5f:da:6e:37:ea:e1:ff:e0:02:25:dc:4d:83:
         15:48:8f:c4:23:9a:b7:3f:cb:fe:3d:3e:df:4c:56:db:26:94:
         3e:81:79:4c:b3:17:b6:74:7a:70:df:44:34:6d:37:df:6f:a8:
         de:ab:a6:57:d8:11:51:26:1d:67:27:81:6c:98:ec:9a:e5:88:
         60:bc:2a:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAOYkNBEMxo5Jg9x0vXvBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkMjhmNTc3NDZhMDA1YWU3NWE4ZjVmOWU5MmY3ZDIyZDYx
YzhkMzQwHhcNMjQwMTAxMTIzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzU2NWVjNmNmNDEyYmUzNWYxNzkzNTczMTI1Y2NhMTllZTA4ODUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOGFJhW1URc0xg9GPNb8PTfYwWwh
zIlX+70WL8dXmRyu6UMWykRpmvOuOH6ICEvindENXlwQiCXfbsVrvfHeLfl116GO
MyDzgaqEjCqpe5jqEbsTTNDr1uKyMC4sA9Kr1pG1JrOwokHKaiv0xsC8zz/7YrvM
TZDWKWCsF3eu15nQNEX3rNBAm2ZPwGvNezo9hKbhXYCy2NjonmaQIGP5HF2CRc9v
2nQNA/tEMZX/3c3weuumfNCmeDFRJWj6YrPbFkGIIlaG146Rtp4WEIexdh+2g+pA
B+rFKukvcZ0Hw2m+yyrM7IpFckXDBTCBVqglOb20u53NhTSVdnWRnJ+h6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxWXsbPQSvjXxeTVzElzKGe4IhRMB8GA1UdIwQY
MBaAFO0o9XdGoAWudaj1+ekvfSLWHI00MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1NqMWQwYWdCYTUxcVBYNTZTOTlJdFljalRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS83NTMyMDgtYTVhNC00YjcxLThlNzQt
YTdlYjM4ZDQ4Yzc4LzEvUEZaZXhzOUJLLU5mRjVOWE1TWE1vWjdnaUZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS83NTMyMDgtYTVhNC00YjcxLThlNzQtYTdlYjM4ZDQ4Yzc4
LzEvN1NqMWQwYWdCYTUxcVBYNTZTOTlJdFljalRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+LcMA0G
CSqGSIb3DQEBCwUAA4IBAQBSEZ6PT5bXeGuzzg94bln5vjFSeYTLOnNoYYYm+65v
I38AZEMC8Oi2Lr11FWmmeAFo/pzSOM+sRcUVM33Pc/tlmJ+I6KXvft9CVnkCiGj6
AFGk6wBYqJObAMc8y1+ptlqmzBgNj+rLd+zn6KEAhIJo+dcqWLobOTCFVJmG00yo
uQXFZzlXY2wCPYRLFKItg84gqGXAMP1tvknSrGiCo4DXej+gvMOHPrvdHUc207tR
egmNEZhsR9/7Ql/abjfq4f/gAiXcTYMVSI/EI5q3P8v+PT7fTFbbJpQ+gXlMsxe2
dHpw30Q0bTffb6jeq6ZX2BFRJh1nJ4FsmOya5YhgvCpw
-----END CERTIFICATE-----