Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/pnScRFEVYRbJCnEJIGuLU6jaj4c.roa
File:                     pnScRFEVYRbJCnEJIGuLU6jaj4c.roa (raw, json)
Hash identifier:          i2PxGDGThB/0z7KdwvZ+W21/w+pvRLd2hKJkXZ3GH+g=
Subject key identifier:   A6:74:9C:44:51:15:61:16:C9:0A:71:09:20:6B:8B:53:A8:DA:8F:87
Certificate issuer:       /CN=d9ba32024e2cb6142295112fe61f6b1bc3457bcb
Certificate serial:       01928211410F67AD858E26A6FCB9B9699ECC
Authority key identifier: D9:BA:32:02:4E:2C:B6:14:22:95:11:2F:E6:1F:6B:1B:C3:45:7B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2boyAk4sthQilREv5h9rG8NFe8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/pnScRFEVYRbJCnEJIGuLU6jaj4c.roa
Signing time:             Sat 12 Oct 2024 18:50:21 +0000
ROA not before:           Sat 12 Oct 2024 18:50:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50978
IP address blocks:        194.30.167.0/24 maxlen: 24
                          195.93.166.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/2boyAk4sthQilREv5h9rG8NFe8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/2boyAk4sthQilREv5h9rG8NFe8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2boyAk4sthQilREv5h9rG8NFe8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:82:11:41:0f:67:ad:85:8e:26:a6:fc:b9:b9:69:9e:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9ba32024e2cb6142295112fe61f6b1bc3457bcb
        Validity
            Not Before: Oct 12 18:50:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6749c4451156116c90a7109206b8b53a8da8f87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:19:8a:9b:a3:9c:d0:9f:0e:b9:e0:92:6e:6f:
                    7a:d9:72:9f:85:10:1f:e0:f4:1c:bb:ba:f5:1b:45:
                    92:61:64:83:30:b2:63:ef:93:1c:fb:5e:e2:3a:ce:
                    81:02:5a:3c:e9:ef:37:a8:f2:24:50:38:05:a1:73:
                    9f:da:73:22:ea:84:c5:33:c1:85:74:41:7c:51:26:
                    67:06:d1:01:91:7e:c9:52:cd:d6:b7:56:2e:7f:9e:
                    be:7e:61:56:0c:32:13:29:14:67:2c:b7:e1:65:d5:
                    8f:66:1a:02:b4:64:ae:f6:54:ea:3b:4d:f4:fa:4c:
                    c0:7d:59:42:9f:bb:6e:33:3a:6b:86:7a:60:1c:2c:
                    21:da:2c:9f:90:32:fd:c4:9d:b4:b8:70:bf:1c:dd:
                    83:4e:8b:cd:47:be:4d:7d:6c:50:91:b2:d5:38:5e:
                    49:80:48:ac:14:f7:cc:74:94:c3:bc:c8:db:b3:ec:
                    40:73:fd:70:e9:c6:18:13:8b:68:b7:ec:23:77:43:
                    cb:40:57:e7:e2:01:b1:9b:9c:fc:54:19:24:1a:15:
                    7b:82:15:c7:cf:e0:32:96:24:db:41:13:95:0b:86:
                    31:d1:61:1d:20:09:5e:62:22:1c:46:3a:a2:b2:17:
                    f0:1c:69:dd:89:ba:80:20:8f:e7:77:14:12:e6:dd:
                    37:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:74:9C:44:51:15:61:16:C9:0A:71:09:20:6B:8B:53:A8:DA:8F:87
            X509v3 Authority Key Identifier:
                keyid:D9:BA:32:02:4E:2C:B6:14:22:95:11:2F:E6:1F:6B:1B:C3:45:7B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2boyAk4sthQilREv5h9rG8NFe8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/pnScRFEVYRbJCnEJIGuLU6jaj4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/2boyAk4sthQilREv5h9rG8NFe8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.30.167.0/24
                  195.93.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:43:7e:1c:13:d6:c3:53:a1:e9:46:c0:9f:02:69:8d:a1:f0:
         10:db:84:91:bf:8b:57:83:c9:a2:5b:e3:26:e1:55:0b:b9:bd:
         ec:ba:f3:31:39:4e:fd:ea:93:88:32:50:d4:31:47:e7:13:59:
         c3:64:8a:5e:7e:26:63:4a:99:08:d7:4f:7a:81:d9:8b:c7:7f:
         a8:0c:64:b5:de:cc:ef:63:b8:67:3f:6d:68:d9:88:34:f5:2f:
         20:60:b9:63:27:d0:ca:70:fd:96:a1:fe:f2:98:b9:13:c7:6e:
         f0:af:20:07:fd:d6:84:34:0e:6d:84:53:da:b8:09:f6:89:f2:
         ee:33:f9:8f:78:88:1d:70:57:4a:95:41:4a:42:be:9c:43:17:
         4d:67:e7:e2:37:bc:35:13:b0:93:17:26:01:7c:73:58:84:4a:
         72:35:bd:9d:da:77:9a:fb:fb:63:79:26:f2:c1:d2:77:9a:3c:
         24:cb:7e:d6:71:25:68:21:fa:43:9a:05:1d:d5:16:03:1b:33:
         bf:0b:64:68:a4:08:b2:6f:04:a8:7b:f6:90:70:73:46:32:9e:
         49:c3:69:47:e8:32:7f:16:ce:61:90:0d:de:cf:83:d2:74:ab:
         e2:66:2c:38:6b:b5:2e:8a:d9:f4:45:ba:58:aa:da:d5:35:e6:
         db:4f:49:5e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZKCEUEPZ62Fjiam/Lm5aZ7MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YmEzMjAyNGUyY2I2MTQyMjk1MTEyZmU2MWY2YjFiYzM0
NTdiY2IwHhcNMjQxMDEyMTg1MDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjc0OWM0NDUxMTU2MTE2YzkwYTcxMDkyMDZiOGI1M2E4ZGE4Zjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4xmKm6Oc0J8OueCSbm962XKfhRAf
4PQcu7r1G0WSYWSDMLJj75Mc+17iOs6BAlo86e83qPIkUDgFoXOf2nMi6oTFM8GF
dEF8USZnBtEBkX7JUs3Wt1Yuf56+fmFWDDITKRRnLLfhZdWPZhoCtGSu9lTqO030
+kzAfVlCn7tuMzprhnpgHCwh2iyfkDL9xJ20uHC/HN2DTovNR75NfWxQkbLVOF5J
gEisFPfMdJTDvMjbs+xAc/1w6cYYE4tot+wjd0PLQFfn4gGxm5z8VBkkGhV7ghXH
z+AyliTbQROVC4Yx0WEdIAleYiIcRjqishfwHGndibqAII/ndxQS5t03ZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKZ0nERRFWEWyQpxCSBri1Oo2o+HMB8GA1UdIwQY
MBaAFNm6MgJOLLYUIpURL+YfaxvDRXvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmJveUFrNHN0aFFpbFJFdjVoOXJHOE5GZThzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9mNjMzMDMtMTc2ZC00MTc2LWFiYmYt
N2RmOWU0YTIzOGNjLzEvcG5TY1JGRVZZUmJKQ25FSklHdUxVNmphajRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9mNjMzMDMtMTc2ZC00MTc2LWFiYmYtN2RmOWU0YTIzOGNj
LzEvMmJveUFrNHN0aFFpbFJFdjVoOXJHOE5GZThzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwh6nAwQB
w12mMA0GCSqGSIb3DQEBCwUAA4IBAQBEQ34cE9bDU6HpRsCfAmmNofAQ24SRv4tX
g8miW+Mm4VULub3suvMxOU796pOIMlDUMUfnE1nDZIpefiZjSpkI1096gdmLx3+o
DGS13szvY7hnP21o2Yg09S8gYLljJ9DKcP2Wof7ymLkTx27wryAH/daENA5thFPa
uAn2ifLuM/mPeIgdcFdKlUFKQr6cQxdNZ+fiN7w1E7CTFyYBfHNYhEpyNb2d2nea
+/tjeSbywdJ3mjwky37WcSVoIfpDmgUd1RYDGzO/C2RopAiybwSoe/aQcHNGMp5J
w2lH6DJ/Fs5hkA3ez4PSdKviZiw4a7Uuitn0RbpYqtrVNebbT0le
-----END CERTIFICATE-----