Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/pFXR8H7YcozpzsF_qYjXu9F0GHk.roa
File:                     pFXR8H7YcozpzsF_qYjXu9F0GHk.roa (raw, json)
Hash identifier:          M3Z7wzUAKpJwFoDgd0Gjaygh5xUN2kYr7yPgyGHNvvg=
Subject key identifier:   A4:55:D1:F0:7E:D8:72:8C:E9:CE:C1:7F:A9:88:D7:BB:D1:74:18:79
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018CC94D3B61085B5F43321467C45D7C65A6
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/pFXR8H7YcozpzsF_qYjXu9F0GHk.roa
Signing time:             Tue 02 Jan 2024 08:32:11 +0000
ROA not before:           Tue 02 Jan 2024 08:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        212.111.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 04:04:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:3b:61:08:5b:5f:43:32:14:67:c4:5d:7c:65:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 08:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a455d1f07ed8728ce9cec17fa988d7bbd1741879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a3:86:d9:cf:af:38:30:f4:ff:f0:25:84:3c:
                    45:b4:27:c8:c0:fe:d1:07:60:8b:98:db:5c:8f:b0:
                    eb:ae:40:af:72:06:56:81:5c:ac:1c:77:19:d8:69:
                    a5:17:f0:40:60:f2:72:a8:ff:9b:c0:38:12:d5:73:
                    01:f9:83:7e:10:c0:b6:7c:e3:31:7f:df:02:10:29:
                    d1:10:ac:2f:35:3e:96:a6:46:5b:05:46:68:04:f5:
                    6f:ad:bd:f4:f1:3d:c8:72:2d:92:bf:7b:5c:a7:09:
                    bc:bb:df:1d:72:f3:b7:02:dd:92:b9:d5:34:6f:da:
                    20:bb:cf:f1:19:7d:5b:24:29:28:c6:09:ff:f9:a3:
                    e4:ad:a7:13:01:78:1c:dd:b2:6b:64:47:34:12:62:
                    fc:ed:91:47:5c:9e:96:e5:bb:c8:6e:9b:ae:d9:6b:
                    8c:3d:69:df:62:e6:dc:17:14:bd:53:f9:8e:e9:c3:
                    83:03:4f:fb:e7:94:ae:3a:8d:0b:f4:ab:31:6c:fd:
                    11:7c:2f:cf:c4:b3:71:bc:73:b2:47:f5:74:fc:71:
                    c9:95:2c:28:e3:28:41:bf:74:a1:1a:91:1f:de:7a:
                    b6:75:36:63:e8:ed:e1:38:b5:ef:c5:00:d4:f6:0f:
                    8d:1a:f1:2a:83:b2:9f:0b:0e:18:4e:66:e7:5d:66:
                    25:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:55:D1:F0:7E:D8:72:8C:E9:CE:C1:7F:A9:88:D7:BB:D1:74:18:79
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/pFXR8H7YcozpzsF_qYjXu9F0GHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.111.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:9d:c2:e6:22:06:db:b2:29:0e:0a:8f:ae:17:41:f0:c5:60:
         24:34:33:5f:64:99:9e:b8:8b:0b:14:82:d5:08:f4:f7:31:1b:
         db:78:bd:6a:64:bf:29:40:b3:82:b0:7f:b5:75:df:09:5d:88:
         42:92:8a:6b:ae:17:07:b3:43:30:7c:95:7c:2b:20:56:03:e1:
         c9:24:d0:39:2d:70:fe:ae:d4:63:58:8b:34:27:2e:55:2e:9b:
         b0:43:22:48:62:85:73:69:93:1a:cf:3a:31:2a:b7:fc:20:2b:
         b1:d8:30:2e:78:1d:4a:f3:f5:f0:04:33:de:64:29:62:1d:1b:
         83:02:fb:64:ae:f0:fb:79:58:99:06:bb:47:34:d0:c7:3e:fa:
         44:d2:21:72:73:c7:e6:91:2f:29:2a:a4:42:39:01:f2:e3:f6:
         fc:c2:14:5b:68:bd:f9:e6:28:d1:5d:a8:2a:bd:f0:ff:4f:19:
         94:f5:9f:52:e9:17:78:6e:37:0d:aa:39:22:97:77:bb:fc:97:
         76:06:f9:06:25:ce:ab:1a:da:a6:ee:06:0b:db:e6:c7:0d:53:
         09:a3:96:45:c7:48:02:f1:cf:3b:42:8d:e9:89:4c:cd:7f:71:
         99:99:df:52:61:ab:60:86:32:23:cc:72:d6:47:6a:f6:23:e1:
         7e:c8:07:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTTthCFtfQzIUZ8RdfGWmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwMTAyMDgzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDU1ZDFmMDdlZDg3MjhjZTljZWMxN2ZhOTg4ZDdiYmQxNzQxODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqOG2c+vODD0//AlhDxFtCfIwP7R
B2CLmNtcj7DrrkCvcgZWgVysHHcZ2GmlF/BAYPJyqP+bwDgS1XMB+YN+EMC2fOMx
f98CECnREKwvNT6WpkZbBUZoBPVvrb308T3Ici2Sv3tcpwm8u98dcvO3At2SudU0
b9ogu8/xGX1bJCkoxgn/+aPkracTAXgc3bJrZEc0EmL87ZFHXJ6W5bvIbpuu2WuM
PWnfYubcFxS9U/mO6cODA0/755SuOo0L9KsxbP0RfC/PxLNxvHOyR/V0/HHJlSwo
4yhBv3ShGpEf3nq2dTZj6O3hOLXvxQDU9g+NGvEqg7KfCw4YTmbnXWYlAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRV0fB+2HKM6c7Bf6mI17vRdBh5MB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvcEZYUjhIN1ljb3pwenNGX3FZalh1OUYwR0hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1G/cMA0G
CSqGSIb3DQEBCwUAA4IBAQBxncLmIgbbsikOCo+uF0HwxWAkNDNfZJmeuIsLFILV
CPT3MRvbeL1qZL8pQLOCsH+1dd8JXYhCkoprrhcHs0MwfJV8KyBWA+HJJNA5LXD+
rtRjWIs0Jy5VLpuwQyJIYoVzaZMazzoxKrf8ICux2DAueB1K8/XwBDPeZCliHRuD
AvtkrvD7eViZBrtHNNDHPvpE0iFyc8fmkS8pKqRCOQHy4/b8whRbaL355ijRXagq
vfD/TxmU9Z9S6Rd4bjcNqjkil3e7/Jd2BvkGJc6rGtqm7gYL2+bHDVMJo5ZFx0gC
8c87Qo3piUzNf3GZmd9SYatghjIjzHLWR2r2I+F+yAcK
-----END CERTIFICATE-----