Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/6a5394-0b05-4538-b0cd-9f6890f92e60/1/PJiX8lGaCywCSJg9obEeKowBMxc.roa
File:                     PJiX8lGaCywCSJg9obEeKowBMxc.roa (raw, json)
Hash identifier:          iTlA9ES4WoSbt7R0h/pb8YI/UEBgKq5pg+m+D4nW0tY=
Subject key identifier:   3C:98:97:F2:51:9A:0B:2C:02:48:98:3D:A1:B1:1E:2A:8C:01:33:17
Certificate issuer:       /CN=98a533308740bbbd217bf69dce90b3f541208457
Certificate serial:       018CC8DF987F339F5F2DBC2FF4969E7A47AC
Authority key identifier: 98:A5:33:30:87:40:BB:BD:21:7B:F6:9D:CE:90:B3:F5:41:20:84:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mKUzMIdAu70he_adzpCz9UEghFc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/6a5394-0b05-4538-b0cd-9f6890f92e60/1/PJiX8lGaCywCSJg9obEeKowBMxc.roa
Signing time:             Tue 02 Jan 2024 06:32:25 +0000
ROA not before:           Tue 02 Jan 2024 06:32:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60144
IP address blocks:        185.111.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/6a5394-0b05-4538-b0cd-9f6890f92e60/1/mKUzMIdAu70he_adzpCz9UEghFc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/6a5394-0b05-4538-b0cd-9f6890f92e60/1/mKUzMIdAu70he_adzpCz9UEghFc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mKUzMIdAu70he_adzpCz9UEghFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:98:7f:33:9f:5f:2d:bc:2f:f4:96:9e:7a:47:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98a533308740bbbd217bf69dce90b3f541208457
        Validity
            Not Before: Jan  2 06:32:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c9897f2519a0b2c0248983da1b11e2a8c013317
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b9:88:79:87:1d:10:12:9e:2d:a6:5c:ae:25:
                    62:eb:59:a4:d1:7a:a1:39:01:f8:72:7e:b3:aa:f0:
                    db:d5:25:e4:96:0a:49:10:ae:0b:99:a5:08:fd:fc:
                    7e:b1:5a:0d:e0:d1:5c:a3:71:a9:32:0a:e1:2e:2d:
                    ac:88:9f:e1:75:2b:98:b2:a3:47:d1:79:04:a1:7e:
                    59:4e:93:ed:b6:d3:3a:32:02:1d:ef:a8:21:be:72:
                    75:bc:3d:25:31:3e:bf:89:46:c0:5a:c9:bf:ad:b3:
                    05:dc:54:aa:21:b8:3b:b3:70:76:56:0a:a5:8d:97:
                    95:83:0c:44:42:1d:52:a7:1e:3f:5d:e7:3e:b7:96:
                    11:95:c6:ff:47:df:b9:00:8e:98:4a:7a:8f:78:11:
                    03:1d:c4:96:37:e9:85:e6:23:d0:4d:fd:81:2b:c9:
                    11:7c:64:4a:77:bd:5b:41:71:f9:9d:03:8b:a1:fb:
                    89:14:be:c1:f8:68:0c:da:91:16:9a:c1:3c:62:46:
                    18:1c:8d:26:e9:67:08:e2:39:b0:b9:00:1a:30:00:
                    d5:e8:cc:4b:8b:4a:a5:bc:e7:1c:12:cf:40:b6:b7:
                    70:7e:13:eb:b4:03:ee:63:67:b4:f1:10:63:ff:7e:
                    be:fa:2f:89:bb:53:f7:a0:ca:ec:58:b9:b7:7b:09:
                    03:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:98:97:F2:51:9A:0B:2C:02:48:98:3D:A1:B1:1E:2A:8C:01:33:17
            X509v3 Authority Key Identifier:
                keyid:98:A5:33:30:87:40:BB:BD:21:7B:F6:9D:CE:90:B3:F5:41:20:84:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mKUzMIdAu70he_adzpCz9UEghFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/6a5394-0b05-4538-b0cd-9f6890f92e60/1/PJiX8lGaCywCSJg9obEeKowBMxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/6a5394-0b05-4538-b0cd-9f6890f92e60/1/mKUzMIdAu70he_adzpCz9UEghFc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:22:e7:dc:91:82:00:63:b5:65:39:84:4d:d0:27:3d:b2:17:
         b1:cd:cd:b0:3d:9c:c4:9b:aa:e3:82:26:13:1f:4f:23:56:de:
         3b:53:0e:2e:bc:f3:a2:b6:1d:b9:46:39:43:3f:be:0f:09:b6:
         99:fa:21:91:94:93:4e:06:9e:f2:50:93:54:76:b7:7e:54:b2:
         a5:c3:5d:e0:5d:81:19:03:90:a0:4c:6f:34:8d:0d:b1:d7:6d:
         5e:94:db:03:b5:d1:d0:8c:c9:35:a0:84:1a:56:80:88:32:cc:
         14:25:57:1e:8f:8e:e4:aa:67:7e:1b:50:1f:44:87:63:18:ab:
         1e:be:9c:43:be:b3:47:80:04:a1:7a:35:8b:73:b9:48:b5:d6:
         e3:fa:86:7d:e6:8f:ab:ed:86:93:c6:83:f7:ae:d6:57:89:e7:
         39:30:c7:c4:b9:8c:ed:db:28:79:27:a3:62:95:a1:03:c4:1e:
         03:ea:d2:3a:1b:ee:d0:13:e9:fc:de:66:d3:cf:8b:fd:ce:22:
         aa:68:e6:a2:fe:9f:a2:d4:a0:c2:8c:66:42:6b:37:aa:2f:bb:
         dc:a0:1f:cf:37:8c:2b:b9:1d:c4:62:53:d4:37:a5:1e:1a:9b:
         1f:df:54:bf:07:93:12:9e:93:c8:eb:cb:f3:22:7e:df:84:15:
         69:14:bc:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI35h/M59fLbwv9JaeekesMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4YTUzMzMwODc0MGJiYmQyMTdiZjY5ZGNlOTBiM2Y1NDEy
MDg0NTcwHhcNMjQwMTAyMDYzMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzk4OTdmMjUxOWEwYjJjMDI0ODk4M2RhMWIxMWUyYThjMDEzMzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rmIeYcdEBKeLaZcriVi61mk0Xqh
OQH4cn6zqvDb1SXklgpJEK4LmaUI/fx+sVoN4NFco3GpMgrhLi2siJ/hdSuYsqNH
0XkEoX5ZTpPtttM6MgId76ghvnJ1vD0lMT6/iUbAWsm/rbMF3FSqIbg7s3B2Vgql
jZeVgwxEQh1Spx4/Xec+t5YRlcb/R9+5AI6YSnqPeBEDHcSWN+mF5iPQTf2BK8kR
fGRKd71bQXH5nQOLofuJFL7B+GgM2pEWmsE8YkYYHI0m6WcI4jmwuQAaMADV6MxL
i0qlvOccEs9AtrdwfhPrtAPuY2e08RBj/36++i+Ju1P3oMrsWLm3ewkD8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDyYl/JRmgssAkiYPaGxHiqMATMXMB8GA1UdIwQY
MBaAFJilMzCHQLu9IXv2nc6Qs/VBIIRXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUtVek1JZEF1NzBoZV9hZHpwQ3o5VUVnaEZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi82YTUzOTQtMGIwNS00NTM4LWIwY2Qt
OWY2ODkwZjkyZTYwLzEvUEppWDhsR2FDeXdDU0pnOW9iRWVLb3dCTXhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi82YTUzOTQtMGIwNS00NTM4LWIwY2QtOWY2ODkwZjkyZTYw
LzEvbUtVek1JZEF1NzBoZV9hZHpwQ3o5VUVnaEZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW/rMA0G
CSqGSIb3DQEBCwUAA4IBAQBRIufckYIAY7VlOYRN0Cc9shexzc2wPZzEm6rjgiYT
H08jVt47Uw4uvPOith25RjlDP74PCbaZ+iGRlJNOBp7yUJNUdrd+VLKlw13gXYEZ
A5CgTG80jQ2x121elNsDtdHQjMk1oIQaVoCIMswUJVcej47kqmd+G1AfRIdjGKse
vpxDvrNHgAShejWLc7lItdbj+oZ95o+r7YaTxoP3rtZXiec5MMfEuYzt2yh5J6Ni
laEDxB4D6tI6G+7QE+n83mbTz4v9ziKqaOai/p+i1KDCjGZCazeqL7vcoB/PN4wr
uR3EYlPUN6UeGpsf31S/B5MSnpPI68vzIn7fhBVpFLw2
-----END CERTIFICATE-----