Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/PiducLYIJyv114fmypHbXEqWWws.roa
File:                     PiducLYIJyv114fmypHbXEqWWws.roa (raw, json)
Hash identifier:          ZMGV5dWo9BJskdx8DAF28xcYNdONRWVn5FpM/dzwbcw=
Subject key identifier:   3E:27:6E:70:B6:08:27:2B:F5:D7:87:E6:CA:91:DB:5C:4A:96:5B:0B
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       018CC7944703A6BDAF16704A6DDAD92D66D1
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/PiducLYIJyv114fmypHbXEqWWws.roa
Signing time:             Tue 02 Jan 2024 00:30:32 +0000
ROA not before:           Tue 02 Jan 2024 00:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25462
IP address blocks:        87.245.216.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:47:03:a6:bd:af:16:70:4a:6d:da:d9:2d:66:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jan  2 00:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e276e70b608272bf5d787e6ca91db5c4a965b0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7d:fb:8a:78:fb:31:2a:a6:cd:74:c0:f7:1b:
                    df:a9:86:5f:44:a6:67:40:27:14:98:9e:60:68:a8:
                    59:54:63:ec:a2:8b:3a:8c:88:d5:f3:c1:76:95:14:
                    4c:a9:15:8a:a9:7a:41:59:5e:7e:e3:64:cc:f5:60:
                    ad:e7:77:a3:3e:77:43:1a:5f:3c:45:6f:6c:61:56:
                    f2:dd:99:09:0c:27:3f:48:83:09:fc:68:f9:b3:4d:
                    33:77:3c:00:60:a6:ac:04:4d:8c:25:90:48:ce:77:
                    a9:6e:16:70:2e:a3:1b:cc:ae:f4:58:40:d7:a9:78:
                    a0:0f:c8:5f:6d:69:19:bc:d8:49:88:22:37:c8:76:
                    1d:c6:a4:74:54:5f:c0:a7:8f:fa:b4:88:0f:43:04:
                    ce:0e:76:9c:f3:44:62:5d:dc:c1:50:8d:bf:15:f2:
                    e1:13:e7:dc:f3:57:92:13:b8:05:59:5b:74:c1:7e:
                    56:6d:02:51:9e:f6:ad:01:57:09:ed:b5:63:ee:04:
                    0f:aa:a6:ee:e6:50:14:6d:ba:d3:22:c2:86:05:10:
                    c1:15:f8:12:3e:db:78:9d:27:a0:cb:f5:69:76:ca:
                    c4:b9:44:dd:c1:83:f9:7e:a2:96:c4:b2:43:52:90:
                    36:42:de:b6:a1:c3:07:db:12:d5:63:8e:a7:32:d5:
                    9f:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:27:6E:70:B6:08:27:2B:F5:D7:87:E6:CA:91:DB:5C:4A:96:5B:0B
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/PiducLYIJyv114fmypHbXEqWWws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.245.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         04:d3:c4:d7:8e:a2:7b:50:ca:d2:ae:7f:cb:b4:3c:ad:4a:2b:
         6b:e5:7c:f0:db:e2:d0:67:cf:11:b9:b2:fb:54:01:d7:f1:6a:
         cf:ce:55:f3:79:be:b7:b2:38:b6:37:3d:9f:75:dd:35:35:80:
         9a:f3:5f:4d:15:64:b2:c1:e4:43:44:2f:f5:38:0a:77:8f:01:
         df:7a:1e:69:f8:bd:a4:82:12:33:67:60:ad:ed:37:6c:f9:8f:
         0d:5e:42:c9:e3:0d:c6:4c:52:16:88:ce:53:3a:3a:18:68:4f:
         6b:63:cd:29:cb:fc:8e:e7:21:4d:65:61:6a:53:1a:b8:c3:51:
         2f:a4:83:b5:99:f3:d8:c4:5a:58:24:fd:bb:84:56:34:26:46:
         87:66:a7:4f:a3:4e:80:ac:53:c3:a0:52:bf:23:c6:de:79:2e:
         57:7e:d3:f0:73:11:29:68:40:7f:5a:e2:2a:99:fd:09:3e:13:
         62:16:cb:2c:d1:cd:39:f2:23:e0:ac:43:76:f8:15:57:1c:90:
         96:cb:d4:96:bb:a0:fa:da:9b:38:6f:8a:ad:bb:f3:ae:bd:92:
         36:28:cd:c2:dd:cb:a0:f5:3d:58:78:28:e7:6b:8b:b3:9f:23:
         96:d1:6a:64:b0:76:a5:60:c1:31:2b:43:7b:6c:8e:b3:77:d9:
         0b:76:f1:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEcDpr2vFnBKbdrZLWbRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjQwMTAyMDAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTI3NmU3MGI2MDgyNzJiZjVkNzg3ZTZjYTkxZGI1YzRhOTY1YjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvX37inj7MSqmzXTA9xvfqYZfRKZn
QCcUmJ5gaKhZVGPsoos6jIjV88F2lRRMqRWKqXpBWV5+42TM9WCt53ejPndDGl88
RW9sYVby3ZkJDCc/SIMJ/Gj5s00zdzwAYKasBE2MJZBIznepbhZwLqMbzK70WEDX
qXigD8hfbWkZvNhJiCI3yHYdxqR0VF/Ap4/6tIgPQwTODnac80RiXdzBUI2/FfLh
E+fc81eSE7gFWVt0wX5WbQJRnvatAVcJ7bVj7gQPqqbu5lAUbbrTIsKGBRDBFfgS
Ptt4nSegy/VpdsrEuUTdwYP5fqKWxLJDUpA2Qt62ocMH2xLVY46nMtWfzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4nbnC2CCcr9deH5sqR21xKllsLMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvUGlkdWNMWUlKeXYxMTRmbXlwSGJYRXFXV3dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDV/XYMA0G
CSqGSIb3DQEBCwUAA4IBAQAE08TXjqJ7UMrSrn/LtDytSitr5Xzw2+LQZ88RubL7
VAHX8WrPzlXzeb63sji2Nz2fdd01NYCa819NFWSyweRDRC/1OAp3jwHfeh5p+L2k
ghIzZ2Ct7Tds+Y8NXkLJ4w3GTFIWiM5TOjoYaE9rY80py/yO5yFNZWFqUxq4w1Ev
pIO1mfPYxFpYJP27hFY0JkaHZqdPo06ArFPDoFK/I8beeS5XftPwcxEpaEB/WuIq
mf0JPhNiFsss0c058iPgrEN2+BVXHJCWy9SWu6D62ps4b4qtu/OuvZI2KM3C3cug
9T1YeCjna4uznyOW0WpksHalYMExK0N7bI6zd9kLdvFF
-----END CERTIFICATE-----