Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/PPzH0O6Hmha59-lMmEmQUrt80p8.roa
File:                     PPzH0O6Hmha59-lMmEmQUrt80p8.roa (raw, json)
Hash identifier:          BFqWJPuqi3Ee440qz7PsnxKPPdjKCAdOUl04OF2d0tw=
Subject key identifier:   3C:FC:C7:D0:EE:87:9A:16:B9:F7:E9:4C:98:49:90:52:BB:7C:D2:9F
Certificate issuer:       /CN=8f3818554a51808eefb829ec7465a3222f270123
Certificate serial:       018CC801A571310FB990BA0A9036F0F22F88
Authority key identifier: 8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/PPzH0O6Hmha59-lMmEmQUrt80p8.roa
Signing time:             Tue 02 Jan 2024 02:30:00 +0000
ROA not before:           Tue 02 Jan 2024 02:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28809
IP address blocks:        85.91.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:a5:71:31:0f:b9:90:ba:0a:90:36:f0:f2:2f:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3818554a51808eefb829ec7465a3222f270123
        Validity
            Not Before: Jan  2 02:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cfcc7d0ee879a16b9f7e94c98499052bb7cd29f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:e2:ee:77:d2:98:5f:7e:8a:91:52:69:f6:7a:
                    53:df:9b:bf:33:16:e8:39:3c:4b:80:9e:d0:01:1c:
                    e6:73:80:9d:2e:f4:d7:b1:a1:d8:7e:be:94:8e:93:
                    7a:0e:f9:a4:8a:52:12:1d:f9:e0:5f:93:a7:33:f2:
                    63:e9:99:d7:98:02:be:c0:36:01:d3:7e:88:2d:bc:
                    45:e2:5d:e1:fd:e6:de:8c:46:c8:a1:e8:fb:2f:09:
                    0a:f1:d3:14:cb:58:f6:3e:6d:8c:a6:6c:75:d8:72:
                    43:63:7f:6b:9f:d5:55:6d:38:d4:fb:1d:c3:fb:60:
                    dc:3f:85:85:e6:67:27:85:86:aa:a9:cb:5b:15:3d:
                    5b:08:e0:78:7c:ee:48:6f:d7:e1:ad:d8:36:a0:ad:
                    09:e3:ab:d5:94:e9:8e:aa:1f:b7:05:4b:bf:a9:7a:
                    ca:73:70:64:ad:92:24:d9:7b:59:f1:30:06:ce:88:
                    c7:27:88:d5:31:a5:b3:36:71:1e:81:03:f7:c6:d6:
                    5d:39:28:d5:d7:c1:33:0f:ad:c9:75:45:f9:cb:97:
                    4b:a7:92:16:d2:d3:4e:56:b3:a3:08:f1:d8:5d:4f:
                    83:12:09:bf:ee:dd:69:99:81:bf:1d:e6:e8:24:56:
                    61:57:a8:8f:58:91:49:c9:53:e2:e5:55:6b:36:76:
                    f2:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:FC:C7:D0:EE:87:9A:16:B9:F7:E9:4C:98:49:90:52:BB:7C:D2:9F
            X509v3 Authority Key Identifier:
                keyid:8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/PPzH0O6Hmha59-lMmEmQUrt80p8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.91.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:af:94:0a:49:ba:81:db:78:51:bd:be:25:6b:b1:3e:11:3c:
         69:6d:2f:1a:3c:d5:48:16:bc:f8:31:ee:6e:ba:df:9b:a8:3b:
         6b:e3:b5:c9:05:41:32:8a:5c:62:57:25:ea:a9:fa:13:b2:65:
         51:57:e2:ef:d8:93:79:d8:eb:31:8a:4f:55:90:7d:0f:04:67:
         a7:5c:9e:1c:4a:43:09:c0:9d:3e:17:82:7b:b9:20:9b:a8:2e:
         d5:b4:f4:72:41:fd:e8:6f:82:94:41:c0:f0:2e:ef:19:d7:65:
         bb:7d:f4:9e:c5:54:07:90:94:4b:cd:55:03:6e:21:c0:dd:fb:
         1c:91:da:5b:f9:f4:d8:23:75:81:1b:5e:d4:ef:fb:bb:f7:1b:
         2b:b4:e4:3e:23:4b:91:dc:b6:75:c0:ff:a3:95:44:08:f1:4e:
         5e:b9:cf:d8:17:b6:33:9f:f1:e4:72:47:7c:97:fb:c7:53:f8:
         4b:72:64:ef:34:4e:a6:93:92:98:3b:9d:9a:3d:ff:95:1e:c7:
         8a:ef:eb:1f:c1:a5:76:7b:34:1a:bb:f8:de:6a:cc:20:ac:39:
         83:03:8f:a9:7a:17:68:e0:da:29:8e:cd:f8:a3:eb:7c:2b:c8:
         6d:85:20:64:68:d0:53:a0:56:0d:d6:c5:50:0a:8c:8a:ae:d5:
         94:c9:6c:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAaVxMQ+5kLoKkDbw8i+IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzgxODU1NGE1MTgwOGVlZmI4MjllYzc0NjVhMzIyMmYy
NzAxMjMwHhcNMjQwMTAyMDIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2ZjYzdkMGVlODc5YTE2YjlmN2U5NGM5ODQ5OTA1MmJiN2NkMjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+Lud9KYX36KkVJp9npT35u/Mxbo
OTxLgJ7QARzmc4CdLvTXsaHYfr6UjpN6DvmkilISHfngX5OnM/Jj6ZnXmAK+wDYB
036ILbxF4l3h/ebejEbIoej7LwkK8dMUy1j2Pm2Mpmx12HJDY39rn9VVbTjU+x3D
+2DcP4WF5mcnhYaqqctbFT1bCOB4fO5Ib9fhrdg2oK0J46vVlOmOqh+3BUu/qXrK
c3BkrZIk2XtZ8TAGzojHJ4jVMaWzNnEegQP3xtZdOSjV18EzD63JdUX5y5dLp5IW
0tNOVrOjCPHYXU+DEgm/7t1pmYG/HeboJFZhV6iPWJFJyVPi5VVrNnbymwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDz8x9Duh5oWuffpTJhJkFK7fNKfMB8GA1UdIwQY
MBaAFI84GFVKUYCO77gp7HRloyIvJwEjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgt
YmZiNGJhMzBlNDVhLzEvUFB6SDBPNkhtaGE1OS1sTW1FbVFVcnQ4MHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgtYmZiNGJhMzBlNDVh
LzEvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVVtqMA0G
CSqGSIb3DQEBCwUAA4IBAQC3r5QKSbqB23hRvb4la7E+ETxpbS8aPNVIFrz4Me5u
ut+bqDtr47XJBUEyilxiVyXqqfoTsmVRV+Lv2JN52Osxik9VkH0PBGenXJ4cSkMJ
wJ0+F4J7uSCbqC7VtPRyQf3ob4KUQcDwLu8Z12W7ffSexVQHkJRLzVUDbiHA3fsc
kdpb+fTYI3WBG17U7/u79xsrtOQ+I0uR3LZ1wP+jlUQI8U5euc/YF7Yzn/Hkckd8
l/vHU/hLcmTvNE6mk5KYO52aPf+VHseK7+sfwaV2ezQau/jeaswgrDmDA4+pehdo
4Nopjs34o+t8K8hthSBkaNBToFYN1sVQCoyKrtWUyWxs
-----END CERTIFICATE-----