Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/PjLE24XQYxRSk63sy2Mi7xhdblk.roa
File:                     PjLE24XQYxRSk63sy2Mi7xhdblk.roa (raw, json)
Hash identifier:          L/fgX4E6LitCXr1bC1+bhl+ME2I90TFKlwPJVMDVUxk=
Subject key identifier:   3E:32:C4:DB:85:D0:63:14:52:93:AD:EC:CB:63:22:EF:18:5D:6E:59
Certificate issuer:       /CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
Certificate serial:       018CC64B443BA71CA6F1D665F3C2CF821717
Authority key identifier: AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/PjLE24XQYxRSk63sy2Mi7xhdblk.roa
Signing time:             Mon 01 Jan 2024 18:31:10 +0000
ROA not before:           Mon 01 Jan 2024 18:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21086
IP address blocks:        92.245.190.0/23 maxlen: 24
                          92.245.188.0/24 maxlen: 24
                          92.245.160.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:44:3b:a7:1c:a6:f1:d6:65:f3:c2:cf:82:17:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
        Validity
            Not Before: Jan  1 18:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e32c4db85d063145293adeccb6322ef185d6e59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:8b:f7:95:ac:50:96:4b:1e:4e:b1:45:f5:c4:
                    57:78:0b:22:6a:aa:76:a1:64:28:3b:40:0f:39:9b:
                    e9:45:7b:34:29:6f:90:47:0a:bd:41:d4:17:9f:38:
                    2a:df:cf:23:0c:b1:82:73:72:13:f2:71:cd:5e:ee:
                    c1:41:67:05:e5:51:b0:8c:0f:d7:29:95:db:a1:65:
                    a4:a6:fc:29:d5:17:11:7a:1e:9f:a9:e8:a7:6c:3f:
                    1f:86:b6:74:fa:47:41:5b:09:93:71:66:19:2b:91:
                    46:8d:97:67:a8:1e:a0:14:ad:7f:38:b9:39:fb:3a:
                    f2:c6:69:ca:c8:c5:83:7c:2a:d9:d7:77:a4:f2:18:
                    c9:a3:ef:ad:3c:b2:f5:7e:15:8a:8a:cb:f4:cc:0e:
                    3d:44:dd:d4:8a:e2:f4:77:da:0e:34:ca:3c:12:c9:
                    58:cc:cb:f8:d1:54:bb:69:d4:82:04:e6:47:87:71:
                    e4:cd:df:f0:ae:ba:f3:f3:5b:04:29:09:6a:e9:8f:
                    fa:4c:dc:82:0e:65:7c:bd:7d:cc:58:44:3a:08:3e:
                    d2:84:12:c8:cb:03:b5:82:0b:9c:b8:fd:29:8c:a5:
                    6d:df:17:b2:13:17:4b:17:cf:82:73:72:32:09:90:
                    ff:be:ec:09:fe:64:58:4f:09:51:da:96:06:bd:f2:
                    d2:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:32:C4:DB:85:D0:63:14:52:93:AD:EC:CB:63:22:EF:18:5D:6E:59
            X509v3 Authority Key Identifier:
                keyid:AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/PjLE24XQYxRSk63sy2Mi7xhdblk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.245.160.0/22
                  92.245.188.0/24
                  92.245.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:3f:95:2e:1a:1c:ee:f9:f7:9b:cb:70:ce:93:ca:52:c3:11:
         32:af:98:a5:9b:22:5c:af:82:42:01:d0:03:d3:71:4e:ad:3b:
         2e:11:2a:43:bc:b5:05:3b:e3:0d:e9:81:c4:a6:57:c8:49:e1:
         57:05:22:6b:66:4e:cd:b6:52:75:e1:3f:a3:69:26:c1:2e:71:
         20:b0:4a:07:88:44:07:62:36:8f:f7:7d:b9:f2:9f:cb:77:4a:
         2f:5b:32:c5:48:24:e1:d0:77:24:94:c9:3d:21:63:f1:9c:21:
         f1:ad:9f:83:39:09:d2:3f:c2:86:5e:f2:04:b3:68:f8:f7:47:
         82:81:74:3e:88:13:37:70:b5:a7:d3:eb:40:02:92:93:85:5c:
         3f:ba:41:a4:35:82:b2:06:aa:cf:46:81:35:f7:c8:08:aa:43:
         58:62:ad:2b:2b:87:7b:8c:b6:75:a3:00:f1:4b:2b:06:60:f4:
         d6:2a:dd:b5:ce:20:a0:02:c3:5d:c9:16:1d:58:03:23:1b:11:
         7f:a9:a8:2c:98:44:ab:27:56:16:f1:a9:09:6c:23:94:a5:15:
         1d:03:12:c4:4d:e1:bc:1f:fd:04:de:69:65:ef:fc:ea:ae:1d:
         13:82:00:0f:ee:d5:15:68:33:3e:56:92:4c:f3:e0:e0:11:bb:
         58:df:b3:39
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGS0Q7pxym8dZl88LPghcXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjN2NjMzM0ZjUxZDJiNmViNGUyN2Q2ZDU2YjliY2UzZTg1
NTYwY2MwHhcNMjQwMTAxMTgzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTMyYzRkYjg1ZDA2MzE0NTI5M2FkZWNjYjYzMjJlZjE4NWQ2ZTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4v3laxQlkseTrFF9cRXeAsiaqp2
oWQoO0APOZvpRXs0KW+QRwq9QdQXnzgq388jDLGCc3IT8nHNXu7BQWcF5VGwjA/X
KZXboWWkpvwp1RcReh6fqeinbD8fhrZ0+kdBWwmTcWYZK5FGjZdnqB6gFK1/OLk5
+zryxmnKyMWDfCrZ13ek8hjJo++tPLL1fhWKisv0zA49RN3UiuL0d9oONMo8EslY
zMv40VS7adSCBOZHh3Hkzd/wrrrz81sEKQlq6Y/6TNyCDmV8vX3MWEQ6CD7ShBLI
ywO1ggucuP0pjKVt3xeyExdLF8+Cc3IyCZD/vuwJ/mRYTwlR2pYGvfLS4wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFD4yxNuF0GMUUpOt7MtjIu8YXW5ZMB8GA1UdIwQY
MBaAFKx8wzT1HStutOJ9bVa5vOPoVWDMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTct
MWNmMTViMmJhN2JlLzEvUGpMRTI0WFFZeFJTazYzc3kyTWk3eGhkYmxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTctMWNmMTViMmJhN2Jl
LzEvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCXPWgAwQA
XPW8AwQBXPW+MA0GCSqGSIb3DQEBCwUAA4IBAQAHP5UuGhzu+feby3DOk8pSwxEy
r5ilmyJcr4JCAdAD03FOrTsuESpDvLUFO+MN6YHEplfISeFXBSJrZk7NtlJ14T+j
aSbBLnEgsEoHiEQHYjaP93258p/Ld0ovWzLFSCTh0HcklMk9IWPxnCHxrZ+DOQnS
P8KGXvIEs2j490eCgXQ+iBM3cLWn0+tAApKThVw/ukGkNYKyBqrPRoE198gIqkNY
Yq0rK4d7jLZ1owDxSysGYPTWKt21ziCgAsNdyRYdWAMjGxF/qagsmESrJ1YW8akJ
bCOUpRUdAxLETeG8H/0E3mll7/zqrh0TggAP7tUVaDM+VpJM8+DgEbtY37M5
-----END CERTIFICATE-----