Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/031fcb-b74e-4e75-a7b9-90e65412252a/1/PvvM-L4joclHZzhl9-9L-RvDGz4.roa
File:                     PvvM-L4joclHZzhl9-9L-RvDGz4.roa (raw, json)
Hash identifier:          nD+B+S9hnqTEHdO8PD4OIfJEHOf7EGXRcVx70NXgGFw=
Subject key identifier:   3E:FB:CC:F8:BE:23:A1:C9:47:67:38:65:F7:EF:4B:F9:1B:C3:1B:3E
Certificate issuer:       /CN=36a4668ff83814af90a78b4fc8d262325058cbc6
Certificate serial:       018CC2DB385D4178AAF1E5F9A0A1DB55E7F3
Authority key identifier: 36:A4:66:8F:F8:38:14:AF:90:A7:8B:4F:C8:D2:62:32:50:58:CB:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NqRmj_g4FK-Qp4tPyNJiMlBYy8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/031fcb-b74e-4e75-a7b9-90e65412252a/1/PvvM-L4joclHZzhl9-9L-RvDGz4.roa
Signing time:             Mon 01 Jan 2024 02:29:55 +0000
ROA not before:           Mon 01 Jan 2024 02:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210096
IP address blocks:        85.235.76.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/031fcb-b74e-4e75-a7b9-90e65412252a/1/NqRmj_g4FK-Qp4tPyNJiMlBYy8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/031fcb-b74e-4e75-a7b9-90e65412252a/1/NqRmj_g4FK-Qp4tPyNJiMlBYy8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NqRmj_g4FK-Qp4tPyNJiMlBYy8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:38:5d:41:78:aa:f1:e5:f9:a0:a1:db:55:e7:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36a4668ff83814af90a78b4fc8d262325058cbc6
        Validity
            Not Before: Jan  1 02:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3efbccf8be23a1c947673865f7ef4bf91bc31b3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a6:2f:b4:20:45:f9:57:fa:70:b1:7d:73:89:
                    1a:9a:f6:ec:85:eb:ea:2c:62:59:04:e2:01:51:25:
                    a4:2e:4b:2d:e7:34:ad:44:26:be:d8:44:23:fa:a9:
                    d8:c6:f0:6b:83:13:9d:72:d2:8f:e4:6d:52:8f:88:
                    a1:6e:c8:ae:31:5e:2f:70:a4:79:9d:a7:22:bf:ec:
                    2f:11:e0:88:7c:b8:7a:44:3d:e4:54:c2:14:fb:f1:
                    19:19:46:68:13:4f:67:d1:04:71:94:86:d0:7d:5d:
                    09:4c:68:e4:1b:e2:85:b9:8a:78:61:05:3d:23:ef:
                    bc:dc:c6:b5:b6:40:a4:3a:65:b5:af:49:cd:75:c2:
                    47:91:33:84:03:fc:da:35:11:9f:52:48:4a:ef:4a:
                    9e:ea:87:23:a8:18:f9:aa:71:f1:9c:95:fe:ab:91:
                    67:13:50:d6:50:d2:35:3b:a9:22:3f:36:72:4c:2d:
                    73:20:0b:51:30:9c:c5:b7:b9:92:8b:fe:74:16:88:
                    ef:3d:86:50:7d:b4:cb:80:98:05:a3:30:6c:d7:28:
                    ab:2f:3c:f3:42:d9:cf:2c:8e:ee:b7:bf:37:0d:b4:
                    26:86:bf:e7:f1:99:71:11:7e:d3:42:bb:a4:c1:01:
                    59:a9:d3:4c:38:e8:0f:e4:79:e7:67:60:32:6d:80:
                    f0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:FB:CC:F8:BE:23:A1:C9:47:67:38:65:F7:EF:4B:F9:1B:C3:1B:3E
            X509v3 Authority Key Identifier:
                keyid:36:A4:66:8F:F8:38:14:AF:90:A7:8B:4F:C8:D2:62:32:50:58:CB:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NqRmj_g4FK-Qp4tPyNJiMlBYy8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/031fcb-b74e-4e75-a7b9-90e65412252a/1/PvvM-L4joclHZzhl9-9L-RvDGz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/031fcb-b74e-4e75-a7b9-90e65412252a/1/NqRmj_g4FK-Qp4tPyNJiMlBYy8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.235.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:f8:c6:15:7f:62:e5:62:ab:bc:a1:3d:25:ee:4f:ae:76:70:
         84:a4:4a:2f:df:ba:55:79:ed:52:59:ab:68:6d:3f:c2:37:89:
         a4:28:4c:f4:cc:50:d9:9e:8b:8f:85:9c:dc:c4:64:83:de:86:
         8a:1c:5d:71:83:5b:7d:1b:1a:b1:19:ec:ac:4d:1e:1a:e9:b8:
         0d:d8:3d:7f:6e:35:52:45:52:3e:2e:5d:06:0b:56:e9:e0:1f:
         9e:6a:1c:be:ed:4c:5b:fc:80:2d:fd:eb:6c:a1:e0:e9:e6:60:
         b5:3e:e9:07:11:16:e9:09:59:24:33:68:07:1d:75:50:dc:b6:
         b5:ed:37:86:78:1b:15:f4:e4:ab:1e:8a:fd:55:a7:bd:86:13:
         1d:f9:c3:c5:32:37:da:5b:08:34:66:0d:f6:62:a6:18:95:60:
         10:a8:dd:b2:86:42:74:ea:b9:55:40:3c:2e:19:f4:0a:3c:15:
         37:ca:49:c4:1b:56:7c:8e:dd:43:1e:d0:f8:2d:2c:ea:23:f5:
         34:d2:a2:23:3f:ec:d2:1e:20:e9:81:1b:ee:a3:e2:ee:5a:8b:
         f0:26:e3:3a:e1:ba:37:88:95:98:4f:02:86:8b:3a:a2:fd:5d:
         4a:45:ad:de:ba:ee:71:06:dc:da:7f:89:b0:f7:41:84:76:7a:
         29:57:c2:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zhdQXiq8eX5oKHbVefzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YTQ2NjhmZjgzODE0YWY5MGE3OGI0ZmM4ZDI2MjMyNTA1
OGNiYzYwHhcNMjQwMTAxMDIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWZiY2NmOGJlMjNhMWM5NDc2NzM4NjVmN2VmNGJmOTFiYzMxYjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqYvtCBF+Vf6cLF9c4kamvbshevq
LGJZBOIBUSWkLkst5zStRCa+2EQj+qnYxvBrgxOdctKP5G1Sj4ihbsiuMV4vcKR5
naciv+wvEeCIfLh6RD3kVMIU+/EZGUZoE09n0QRxlIbQfV0JTGjkG+KFuYp4YQU9
I++83Ma1tkCkOmW1r0nNdcJHkTOEA/zaNRGfUkhK70qe6ocjqBj5qnHxnJX+q5Fn
E1DWUNI1O6kiPzZyTC1zIAtRMJzFt7mSi/50FojvPYZQfbTLgJgFozBs1yirLzzz
QtnPLI7ut783DbQmhr/n8ZlxEX7TQrukwQFZqdNMOOgP5HnnZ2AybYDwqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD77zPi+I6HJR2c4ZffvS/kbwxs+MB8GA1UdIwQY
MBaAFDakZo/4OBSvkKeLT8jSYjJQWMvGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnFSbWpfZzRGSy1RcDR0UHlOSmlNbEJZeThZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8wMzFmY2ItYjc0ZS00ZTc1LWE3Yjkt
OTBlNjU0MTIyNTJhLzEvUHZ2TS1MNGpvY2xIWnpobDktOUwtUnZER3o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8wMzFmY2ItYjc0ZS00ZTc1LWE3YjktOTBlNjU0MTIyNTJh
LzEvTnFSbWpfZzRGSy1RcDR0UHlOSmlNbEJZeThZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVetMMA0G
CSqGSIb3DQEBCwUAA4IBAQBI+MYVf2LlYqu8oT0l7k+udnCEpEov37pVee1SWato
bT/CN4mkKEz0zFDZnouPhZzcxGSD3oaKHF1xg1t9GxqxGeysTR4a6bgN2D1/bjVS
RVI+Ll0GC1bp4B+eahy+7Uxb/IAt/etsoeDp5mC1PukHERbpCVkkM2gHHXVQ3La1
7TeGeBsV9OSrHor9Vae9hhMd+cPFMjfaWwg0Zg32YqYYlWAQqN2yhkJ06rlVQDwu
GfQKPBU3yknEG1Z8jt1DHtD4LSzqI/U00qIjP+zSHiDpgRvuo+LuWovwJuM64bo3
iJWYTwKGizqi/V1KRa3euu5xBtzaf4mw90GEdnopV8Iu
-----END CERTIFICATE-----