Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/ec23cc-da5a-4d2b-95d9-7db3ec6fa302/1/Pfd9uLKOETdr6YTqfKMplIWUh4k.roa
File:                     Pfd9uLKOETdr6YTqfKMplIWUh4k.roa (raw, json)
Hash identifier:          zXc7hMC0z3vNfPZLo7csYBHZ/ASJRgX7VOGpIsNiQ58=
Subject key identifier:   3D:F7:7D:B8:B2:8E:11:37:6B:E9:84:EA:7C:A3:29:94:85:94:87:89
Certificate issuer:       /CN=d103af197645a4941c6cdb08669af008b79102be
Certificate serial:       018CC9BCC5858D9E294C040ACB0849E8DD93
Authority key identifier: D1:03:AF:19:76:45:A4:94:1C:6C:DB:08:66:9A:F0:08:B7:91:02:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0QOvGXZFpJQcbNsIZprwCLeRAr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/ec23cc-da5a-4d2b-95d9-7db3ec6fa302/1/Pfd9uLKOETdr6YTqfKMplIWUh4k.roa
Signing time:             Tue 02 Jan 2024 10:34:00 +0000
ROA not before:           Tue 02 Jan 2024 10:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8455
IP address blocks:        185.158.164.0/22 maxlen: 24
                          2a07:ae80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/ec23cc-da5a-4d2b-95d9-7db3ec6fa302/1/0QOvGXZFpJQcbNsIZprwCLeRAr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/ec23cc-da5a-4d2b-95d9-7db3ec6fa302/1/0QOvGXZFpJQcbNsIZprwCLeRAr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0QOvGXZFpJQcbNsIZprwCLeRAr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c5:85:8d:9e:29:4c:04:0a:cb:08:49:e8:dd:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d103af197645a4941c6cdb08669af008b79102be
        Validity
            Not Before: Jan  2 10:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3df77db8b28e11376be984ea7ca3299485948789
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:3d:c5:41:81:89:74:51:a4:ac:a9:bd:dc:0d:
                    f2:a7:4b:8d:56:e9:d5:2a:31:8c:bd:20:b2:e3:eb:
                    4a:67:5b:ce:7a:53:c8:6c:ee:04:81:b0:2d:2b:f7:
                    1d:e6:04:53:fc:a5:64:85:5a:6c:7c:70:59:e0:fa:
                    ba:d9:1c:a2:d2:55:d7:62:ff:f0:cb:58:0e:92:05:
                    a9:c4:ac:f5:cf:db:f0:d2:ee:45:b0:4c:6a:13:8a:
                    81:33:0a:b2:22:0b:66:dc:e0:bf:a2:a9:93:1e:a8:
                    56:00:33:38:92:ce:8b:28:40:e8:bd:7f:d8:b9:93:
                    aa:40:dd:08:cc:41:31:4e:45:e3:de:62:f1:c9:f1:
                    d6:54:2c:7a:35:0d:ca:28:80:62:8b:9e:69:e5:88:
                    f7:e1:74:7a:b9:91:be:10:ee:7f:ca:5e:f4:d5:99:
                    3d:5f:2d:c4:97:47:bd:9f:85:78:d0:c9:66:76:b9:
                    63:bc:83:d0:be:37:da:c4:15:e5:1f:7f:6f:15:1c:
                    5b:fe:a4:54:5e:40:c1:6f:84:77:24:bc:14:31:ad:
                    08:c7:ca:c5:8d:94:99:34:d1:c0:25:12:16:2d:71:
                    97:9d:55:97:6f:d3:31:58:e6:c0:49:7d:54:b2:e5:
                    30:7e:88:e6:cb:9f:52:5a:85:d5:67:49:6d:1e:9d:
                    e5:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:F7:7D:B8:B2:8E:11:37:6B:E9:84:EA:7C:A3:29:94:85:94:87:89
            X509v3 Authority Key Identifier:
                keyid:D1:03:AF:19:76:45:A4:94:1C:6C:DB:08:66:9A:F0:08:B7:91:02:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0QOvGXZFpJQcbNsIZprwCLeRAr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/ec23cc-da5a-4d2b-95d9-7db3ec6fa302/1/Pfd9uLKOETdr6YTqfKMplIWUh4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/ec23cc-da5a-4d2b-95d9-7db3ec6fa302/1/0QOvGXZFpJQcbNsIZprwCLeRAr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.164.0/22
                IPv6:
                  2a07:ae80::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:7b:52:07:f7:a2:a6:e9:67:1c:95:a3:b7:86:44:66:20:8c:
         13:e8:c3:a9:a4:a0:6d:1e:d2:4a:de:61:49:de:a2:dc:17:1b:
         6e:43:36:46:40:ac:eb:5e:6a:3b:b4:69:0a:91:0c:3a:7a:9f:
         d1:9f:f6:32:28:9d:77:95:aa:b3:56:d1:37:14:d3:c0:28:a7:
         92:99:3f:29:f4:1d:0f:f2:b9:76:a3:d9:89:43:71:ac:ed:51:
         3f:3d:52:bd:91:d8:5d:6e:2d:16:7a:01:c9:50:bd:a7:8f:cf:
         8a:9c:07:38:50:ba:58:7e:72:40:6f:13:b7:30:a5:6b:f5:b8:
         62:7a:9c:c6:86:75:fd:a6:02:81:ed:00:88:f2:68:99:8f:56:
         10:cd:0d:f6:92:84:0b:70:5b:5b:c1:9a:f4:f1:74:17:66:e7:
         9d:c0:c0:fe:92:50:92:7b:44:5c:48:1e:02:3a:c8:9f:e3:98:
         33:5d:a4:da:d7:f7:9b:c7:f4:35:82:18:6e:47:15:af:54:c7:
         69:83:e4:32:db:83:63:4a:b0:c5:22:d0:0e:00:39:ee:58:90:
         c3:49:f0:07:20:a6:0c:ae:d9:68:41:a7:70:2a:43:e5:14:be:
         19:d5:83:cc:06:a1:00:b4:31:9c:c8:97:2b:53:34:8e:49:cc:
         bf:bd:db:c8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvMWFjZ4pTAQKywhJ6N2TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxMDNhZjE5NzY0NWE0OTQxYzZjZGIwODY2OWFmMDA4Yjc5
MTAyYmUwHhcNMjQwMTAyMTAzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGY3N2RiOGIyOGUxMTM3NmJlOTg0ZWE3Y2EzMjk5NDg1OTQ4Nzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuT3FQYGJdFGkrKm93A3yp0uNVunV
KjGMvSCy4+tKZ1vOelPIbO4EgbAtK/cd5gRT/KVkhVpsfHBZ4Pq62Ryi0lXXYv/w
y1gOkgWpxKz1z9vw0u5FsExqE4qBMwqyIgtm3OC/oqmTHqhWADM4ks6LKEDovX/Y
uZOqQN0IzEExTkXj3mLxyfHWVCx6NQ3KKIBii55p5Yj34XR6uZG+EO5/yl701Zk9
Xy3El0e9n4V40MlmdrljvIPQvjfaxBXlH39vFRxb/qRUXkDBb4R3JLwUMa0Ix8rF
jZSZNNHAJRIWLXGXnVWXb9MxWObASX1UsuUwfojmy59SWoXVZ0ltHp3lZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD33fbiyjhE3a+mE6nyjKZSFlIeJMB8GA1UdIwQY
MBaAFNEDrxl2RaSUHGzbCGaa8Ai3kQK+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFFPdkdYWkZwSlFjYk5zSVpwcndDTGVSQXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9lYzIzY2MtZGE1YS00ZDJiLTk1ZDkt
N2RiM2VjNmZhMzAyLzEvUGZkOXVMS09FVGRyNllUcWZLTXBsSVdVaDRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9lYzIzY2MtZGE1YS00ZDJiLTk1ZDktN2RiM2VjNmZhMzAy
LzEvMFFPdkdYWkZwSlFjYk5zSVpwcndDTGVSQXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZ6kMA0E
AgACMAcDBQMqB66AMA0GCSqGSIb3DQEBCwUAA4IBAQApe1IH96Km6WcclaO3hkRm
IIwT6MOppKBtHtJK3mFJ3qLcFxtuQzZGQKzrXmo7tGkKkQw6ep/Rn/YyKJ13laqz
VtE3FNPAKKeSmT8p9B0P8rl2o9mJQ3Gs7VE/PVK9kdhdbi0WegHJUL2nj8+KnAc4
ULpYfnJAbxO3MKVr9bhiepzGhnX9pgKB7QCI8miZj1YQzQ32koQLcFtbwZr08XQX
ZuedwMD+klCSe0RcSB4COsif45gzXaTa1/ebx/Q1ghhuRxWvVMdpg+Qy24NjSrDF
ItAOADnuWJDDSfAHIKYMrtloQadwKkPlFL4Z1YPMBqEAtDGcyJcrUzSOScy/vdvI
-----END CERTIFICATE-----