Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/470cda-d0ec-4323-ae9b-994af5c34402/1/PknYBKIwc7jiBuxG6D-ihwK2MzE.roa
File:                     PknYBKIwc7jiBuxG6D-ihwK2MzE.roa (raw, json)
Hash identifier:          SBpT4BSDNyr+X2lXF3l0JMZfSJ0ZUFzq6ZRtip9IRR4=
Subject key identifier:   3E:49:D8:04:A2:30:73:B8:E2:06:EC:46:E8:3F:A2:87:02:B6:33:31
Certificate issuer:       /CN=b930da21518184145f6d7621b5a13bd54035ac83
Certificate serial:       018CC6B800CA4579D2704D4D601362806F7F
Authority key identifier: B9:30:DA:21:51:81:84:14:5F:6D:76:21:B5:A1:3B:D5:40:35:AC:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uTDaIVGBhBRfbXYhtaE71UA1rIM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/470cda-d0ec-4323-ae9b-994af5c34402/1/PknYBKIwc7jiBuxG6D-ihwK2MzE.roa
Signing time:             Mon 01 Jan 2024 20:29:56 +0000
ROA not before:           Mon 01 Jan 2024 20:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6855
IP address blocks:        185.152.28.0/22 maxlen: 22
                          2a07:7d40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/470cda-d0ec-4323-ae9b-994af5c34402/1/uTDaIVGBhBRfbXYhtaE71UA1rIM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/470cda-d0ec-4323-ae9b-994af5c34402/1/uTDaIVGBhBRfbXYhtaE71UA1rIM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uTDaIVGBhBRfbXYhtaE71UA1rIM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:00:ca:45:79:d2:70:4d:4d:60:13:62:80:6f:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b930da21518184145f6d7621b5a13bd54035ac83
        Validity
            Not Before: Jan  1 20:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e49d804a23073b8e206ec46e83fa28702b63331
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:76:cc:de:c2:13:f3:b5:b6:81:9c:ca:a3:d1:
                    db:99:e6:e8:f8:4d:0a:72:b7:3c:bf:28:3d:8d:d9:
                    f6:77:82:28:e4:e4:78:41:77:3c:cd:92:d9:48:4b:
                    88:4a:ff:dd:20:e7:19:f3:f3:ce:5f:0d:ff:fc:79:
                    d1:39:b2:80:23:e8:4a:f5:cb:3d:73:11:a4:5f:b9:
                    4e:5f:2f:86:d6:20:cb:a3:97:9d:f8:81:b6:51:f8:
                    ed:45:84:17:5c:8a:cc:1b:79:76:51:80:12:5a:18:
                    54:d7:c4:99:6a:41:3a:e5:fd:c9:e2:f8:8d:a6:60:
                    c3:2c:70:11:54:45:29:7d:d7:32:7f:a9:68:a3:76:
                    7e:6c:f4:ca:e7:67:02:dd:ce:e2:b9:87:7e:63:ff:
                    da:d4:b1:07:04:dc:8d:e4:e5:ce:26:56:c9:60:13:
                    eb:7f:56:38:59:aa:56:6b:fc:12:eb:49:d4:af:e2:
                    40:5d:25:45:37:0d:b7:5d:e6:54:9a:fa:2a:a2:14:
                    00:c7:2b:a6:2a:37:9f:f3:b0:07:b4:b1:0d:31:fd:
                    ae:00:09:19:da:3b:0e:ea:0f:4d:18:42:54:1b:dd:
                    c1:a1:d9:4c:19:fb:11:b0:7b:93:31:46:68:a9:b6:
                    ef:da:02:07:24:af:49:bb:79:8c:e7:45:90:95:c0:
                    89:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:49:D8:04:A2:30:73:B8:E2:06:EC:46:E8:3F:A2:87:02:B6:33:31
            X509v3 Authority Key Identifier:
                keyid:B9:30:DA:21:51:81:84:14:5F:6D:76:21:B5:A1:3B:D5:40:35:AC:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uTDaIVGBhBRfbXYhtaE71UA1rIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/470cda-d0ec-4323-ae9b-994af5c34402/1/PknYBKIwc7jiBuxG6D-ihwK2MzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/470cda-d0ec-4323-ae9b-994af5c34402/1/uTDaIVGBhBRfbXYhtaE71UA1rIM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.152.28.0/22
                IPv6:
                  2a07:7d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:57:79:4c:3e:55:c0:3f:6a:8b:56:26:ba:ed:e5:d7:6a:b4:
         09:58:74:6c:a1:1e:fa:49:64:e5:47:16:19:9f:e6:45:ea:72:
         82:92:d2:fc:1e:6e:8c:80:90:27:ec:73:07:6a:6a:cc:53:93:
         9b:15:83:02:2f:9a:d8:06:9e:cb:ff:f9:35:e4:1e:81:97:43:
         e1:e1:87:31:ba:d2:b7:5e:d5:f3:f9:0e:2a:54:72:31:86:47:
         b0:12:80:fb:25:f6:52:a4:04:dc:a2:58:55:ca:94:e0:48:07:
         14:39:3a:03:8d:ad:e4:6d:1b:6f:6b:3b:3a:af:d1:6f:27:83:
         6c:8b:39:82:78:41:d8:6b:7a:b9:b2:c2:94:d1:9d:44:ef:e5:
         9f:4b:69:fc:38:76:0f:cd:7e:82:3a:1c:41:b6:68:b3:9d:c8:
         a5:e8:47:8a:17:8a:fa:d9:45:a0:97:a2:5f:0b:72:b2:b0:2e:
         ed:b8:a1:17:9c:60:54:7f:97:d7:48:72:c0:63:81:0f:57:cb:
         72:13:c3:c4:2e:cd:5b:da:44:60:72:d9:00:9c:02:56:74:ad:
         13:8c:58:e8:f7:3f:29:35:db:11:29:c1:8e:fe:53:4c:e9:5e:
         cc:e6:43:20:7f:81:d8:3c:66:d8:1e:df:7b:78:70:3a:55:ce:
         68:cd:cd:64
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuADKRXnScE1NYBNigG9/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MzBkYTIxNTE4MTg0MTQ1ZjZkNzYyMWI1YTEzYmQ1NDAz
NWFjODMwHhcNMjQwMTAxMjAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTQ5ZDgwNGEyMzA3M2I4ZTIwNmVjNDZlODNmYTI4NzAyYjYzMzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3bM3sIT87W2gZzKo9Hbmebo+E0K
crc8vyg9jdn2d4Io5OR4QXc8zZLZSEuISv/dIOcZ8/POXw3//HnRObKAI+hK9cs9
cxGkX7lOXy+G1iDLo5ed+IG2UfjtRYQXXIrMG3l2UYASWhhU18SZakE65f3J4viN
pmDDLHARVEUpfdcyf6loo3Z+bPTK52cC3c7iuYd+Y//a1LEHBNyN5OXOJlbJYBPr
f1Y4WapWa/wS60nUr+JAXSVFNw23XeZUmvoqohQAxyumKjef87AHtLENMf2uAAkZ
2jsO6g9NGEJUG93BodlMGfsRsHuTMUZoqbbv2gIHJK9Ju3mM50WQlcCJwwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD5J2ASiMHO44gbsRug/oocCtjMxMB8GA1UdIwQY
MBaAFLkw2iFRgYQUX212IbWhO9VANayDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVREYUlWR0JoQlJmYlhZaHRhRTcxVUExcklNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80NzBjZGEtZDBlYy00MzIzLWFlOWIt
OTk0YWY1YzM0NDAyLzEvUGtuWUJLSXdjN2ppQnV4RzZELWlod0syTXpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80NzBjZGEtZDBlYy00MzIzLWFlOWItOTk0YWY1YzM0NDAy
LzEvdVREYUlWR0JoQlJmYlhZaHRhRTcxVUExcklNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZgcMA0E
AgACMAcDBQAqB31AMA0GCSqGSIb3DQEBCwUAA4IBAQBHV3lMPlXAP2qLVia67eXX
arQJWHRsoR76SWTlRxYZn+ZF6nKCktL8Hm6MgJAn7HMHamrMU5ObFYMCL5rYBp7L
//k15B6Bl0Ph4YcxutK3XtXz+Q4qVHIxhkewEoD7JfZSpATcolhVypTgSAcUOToD
ja3kbRtvazs6r9FvJ4NsizmCeEHYa3q5ssKU0Z1E7+WfS2n8OHYPzX6COhxBtmiz
ncil6EeKF4r62UWgl6JfC3KysC7tuKEXnGBUf5fXSHLAY4EPV8tyE8PELs1b2kRg
ctkAnAJWdK0TjFjo9z8pNdsRKcGO/lNM6V7M5kMgf4HYPGbYHt97eHA6Vc5ozc1k
-----END CERTIFICATE-----