Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/PDBHDT9Ey-CIRopcCcPeOfP7QbI.roa
File:                     PDBHDT9Ey-CIRopcCcPeOfP7QbI.roa (raw, json)
Hash identifier:          1gg+4WTpUXa0NgAzEHoxsAIp0J0VDHvIAbex8ZeH+o4=
Subject key identifier:   3C:30:47:0D:3F:44:CB:E0:88:46:8A:5C:09:C3:DE:39:F3:FB:41:B2
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       018DB7EFCAD7F05CEB8F325F8CC240AF5BA4
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/PDBHDT9Ey-CIRopcCcPeOfP7QbI.roa
Signing time:             Sat 17 Feb 2024 16:39:21 +0000
ROA not before:           Sat 17 Feb 2024 16:39:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        185.121.26.0/23 maxlen: 24
                          2a05:b0c4:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b7:ef:ca:d7:f0:5c:eb:8f:32:5f:8c:c2:40:af:5b:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Feb 17 16:39:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c30470d3f44cbe088468a5c09c3de39f3fb41b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:cc:b1:76:88:bd:07:10:44:d5:c5:47:f7:0c:
                    8c:4c:c0:51:08:a5:5a:92:03:f9:d0:54:f7:d6:e1:
                    07:98:04:b2:0c:e9:30:cb:7e:b1:10:2e:49:1c:ba:
                    ba:9b:b7:87:47:85:aa:b7:fa:1c:8d:31:5f:11:9d:
                    81:ea:f2:70:5b:1e:95:d4:c7:ca:c8:0d:97:d7:7b:
                    b1:44:2c:cb:4a:d9:e3:bd:ba:53:59:e2:09:c1:c7:
                    55:1a:61:96:e9:8f:23:e2:da:ef:11:41:01:09:f0:
                    5e:9b:da:dd:8f:3d:5e:8e:de:2d:d7:a5:12:67:e6:
                    08:fe:c8:1f:08:6f:57:f7:7f:37:ed:4c:8e:95:4b:
                    69:16:d9:f0:c6:61:5c:c1:84:c9:9c:0b:23:25:78:
                    97:c5:08:88:24:d0:12:08:fd:2b:b2:ad:83:79:06:
                    77:63:a7:a4:c3:a2:51:f3:3f:63:ba:f8:64:86:b8:
                    25:58:22:05:11:ab:f9:13:4e:98:54:f2:4c:07:c2:
                    cf:2c:84:e8:d7:35:88:49:cc:1e:09:a4:f3:07:86:
                    eb:ab:66:42:c3:02:e6:49:92:4c:00:19:58:62:bc:
                    01:82:b2:0c:f3:d4:f1:85:30:82:2b:09:b5:e3:51:
                    28:94:40:d3:b0:e5:da:8a:1c:7b:2a:15:50:33:1d:
                    a3:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:30:47:0D:3F:44:CB:E0:88:46:8A:5C:09:C3:DE:39:F3:FB:41:B2
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/PDBHDT9Ey-CIRopcCcPeOfP7QbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.26.0/23
                IPv6:
                  2a05:b0c4:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:72:44:f2:b9:2a:f5:79:ee:b3:74:f4:3a:49:1e:c8:1a:72:
         a2:b5:3e:1a:d5:16:96:79:1d:ff:20:93:4f:7a:73:5e:35:f0:
         89:09:67:48:a3:d5:1c:ed:02:40:80:a2:bd:9d:c3:55:97:b6:
         cf:27:95:f5:5f:82:51:c4:58:e0:f8:71:f6:3a:26:90:1d:1d:
         b3:ba:88:ac:c0:23:60:d5:56:03:05:4a:21:77:25:f1:db:e6:
         a3:6b:08:ec:37:0b:77:7c:b3:7b:6f:88:98:ab:c0:d2:c2:3a:
         e8:37:a9:9b:8d:da:d6:57:8f:f2:c9:e6:b4:e8:ff:0c:2e:ee:
         f6:c4:9d:5b:a7:e6:eb:93:61:9b:16:82:57:57:e4:6f:b4:ae:
         15:36:47:3f:59:32:0e:db:f9:c7:5b:5c:b1:68:4d:23:a8:64:
         7a:60:74:d3:79:80:2b:86:a9:f2:62:55:39:1f:22:2f:2f:22:
         ff:34:d7:2f:89:33:b2:59:e4:92:06:f7:5a:97:29:fa:bc:a4:
         35:a3:a9:c3:3e:02:dd:fb:52:84:3c:d0:39:04:4c:a0:ef:0d:
         81:df:db:35:8a:8d:c3:d3:45:c6:ad:6f:95:f0:94:23:9e:2c:
         0b:2b:03:c3:aa:57:ae:47:bc:37:01:82:5c:76:a4:1a:5a:73:
         17:33:8e:46
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY2378rX8FzrjzJfjMJAr1ukMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwMjE3MTYzOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzMwNDcwZDNmNDRjYmUwODg0NjhhNWMwOWMzZGUzOWYzZmI0MWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcyxdoi9BxBE1cVH9wyMTMBRCKVa
kgP50FT31uEHmASyDOkwy36xEC5JHLq6m7eHR4Wqt/ocjTFfEZ2B6vJwWx6V1MfK
yA2X13uxRCzLStnjvbpTWeIJwcdVGmGW6Y8j4trvEUEBCfBem9rdjz1ejt4t16US
Z+YI/sgfCG9X93837UyOlUtpFtnwxmFcwYTJnAsjJXiXxQiIJNASCP0rsq2DeQZ3
Y6ekw6JR8z9juvhkhrglWCIFEav5E06YVPJMB8LPLITo1zWIScweCaTzB4brq2ZC
wwLmSZJMABlYYrwBgrIM89TxhTCCKwm141EolEDTsOXaihx7KhVQMx2jkwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDwwRw0/RMvgiEaKXAnD3jnz+0GyMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvUERCSERUOUV5LUNJUm9wY0NjUGVPZlA3UWJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuXkaMA8E
AgACMAkDBwAqBbDEAAIwDQYJKoZIhvcNAQELBQADggEBABdyRPK5KvV57rN09DpJ
HsgacqK1PhrVFpZ5Hf8gk096c1418IkJZ0ij1RztAkCAor2dw1WXts8nlfVfglHE
WOD4cfY6JpAdHbO6iKzAI2DVVgMFSiF3JfHb5qNrCOw3C3d8s3tviJirwNLCOug3
qZuN2tZXj/LJ5rTo/wwu7vbEnVun5uuTYZsWgldX5G+0rhU2Rz9ZMg7b+cdbXLFo
TSOoZHpgdNN5gCuGqfJiVTkfIi8vIv801y+JM7JZ5JIG91qXKfq8pDWjqcM+At37
UoQ80DkETKDvDYHf2zWKjcPTRcatb5XwlCOeLAsrA8OqV65HvDcBglx2pBpacxcz
jkY=
-----END CERTIFICATE-----