Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/pcN6ZHMgWh0ETf52pDE_H9fQawc.roa
File:                     pcN6ZHMgWh0ETf52pDE_H9fQawc.roa (raw, json)
Hash identifier:          UqjihroTujDFw7o0zGtNlKnEQ1EDhv+NUG6nzVtA7xI=
Subject key identifier:   A5:C3:7A:64:73:20:5A:1D:04:4D:FE:76:A4:31:3F:1F:D7:D0:6B:07
Certificate issuer:       /CN=a3717ea54b95942fad81a943edb1c10f9df94afb
Certificate serial:       01929EF125DC717F4582ACBCF6D525A3ECF1
Authority key identifier: A3:71:7E:A5:4B:95:94:2F:AD:81:A9:43:ED:B1:C1:0F:9D:F9:4A:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o3F-pUuVlC-tgalD7bHBD535Svs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/pcN6ZHMgWh0ETf52pDE_H9fQawc.roa
Signing time:             Fri 18 Oct 2024 09:24:16 +0000
ROA not before:           Fri 18 Oct 2024 09:24:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197075
IP address blocks:        195.177.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/o3F-pUuVlC-tgalD7bHBD535Svs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/o3F-pUuVlC-tgalD7bHBD535Svs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o3F-pUuVlC-tgalD7bHBD535Svs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9e:f1:25:dc:71:7f:45:82:ac:bc:f6:d5:25:a3:ec:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3717ea54b95942fad81a943edb1c10f9df94afb
        Validity
            Not Before: Oct 18 09:24:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5c37a6473205a1d044dfe76a4313f1fd7d06b07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:05:0b:22:36:8c:32:d3:ba:42:06:9f:3e:9c:
                    dc:83:37:32:44:e3:55:62:c2:c8:96:7a:e3:d8:27:
                    9e:c9:ac:10:22:c6:1e:42:4c:15:59:71:4e:1e:fb:
                    bc:ea:04:53:78:22:62:a6:83:7c:37:a9:ae:5e:16:
                    73:93:1b:8c:07:8b:29:28:e7:0e:91:06:c0:b7:ae:
                    58:9a:bd:da:13:20:4e:68:ff:de:be:36:ad:a0:0f:
                    40:6c:21:65:12:ab:59:2e:04:e1:27:b6:42:a0:e6:
                    33:b9:ea:74:e5:0c:29:ba:a3:fa:cb:fd:ba:36:d5:
                    88:f0:e5:ad:87:e5:6c:ff:ef:98:fe:71:bc:7e:af:
                    e9:51:be:1c:3a:32:fa:fd:83:fb:9c:08:19:f1:84:
                    80:e2:73:fe:0d:4c:cb:39:02:93:85:0c:1b:20:87:
                    b6:2b:f8:24:9c:c4:a7:b6:83:ef:3c:65:0c:e6:34:
                    1e:40:51:b8:5c:de:76:1d:85:34:2a:dc:43:75:28:
                    0c:51:31:ae:9c:10:bd:e6:0c:95:d2:25:b5:85:c8:
                    c9:50:a4:fa:47:e0:de:cf:0d:72:f7:8d:94:49:91:
                    3d:43:98:79:b0:df:ee:c2:d2:30:1e:f4:40:df:88:
                    34:77:43:29:a4:ba:86:7a:eb:a6:7b:b1:8b:11:8f:
                    3e:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:C3:7A:64:73:20:5A:1D:04:4D:FE:76:A4:31:3F:1F:D7:D0:6B:07
            X509v3 Authority Key Identifier:
                keyid:A3:71:7E:A5:4B:95:94:2F:AD:81:A9:43:ED:B1:C1:0F:9D:F9:4A:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o3F-pUuVlC-tgalD7bHBD535Svs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/pcN6ZHMgWh0ETf52pDE_H9fQawc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/o3F-pUuVlC-tgalD7bHBD535Svs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.177.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:ed:3b:94:b9:61:50:08:fd:5e:08:a7:7a:31:fb:0a:54:64:
         be:b4:3f:b7:79:2c:f2:f1:04:d1:a4:81:2a:b9:5f:f0:36:db:
         6d:3d:9f:a4:d9:4c:bf:6b:f4:35:70:a9:be:06:f8:ae:05:16:
         26:06:c3:1c:7b:01:7e:93:bc:ad:37:a4:8c:70:ce:78:81:25:
         36:0b:7f:bf:25:be:dd:b4:58:94:b8:8d:39:a0:2c:84:13:a7:
         84:b8:9f:53:4a:0d:ac:7b:27:20:cd:e4:eb:15:62:08:ff:10:
         37:27:92:c7:91:e1:59:26:e8:06:da:42:42:6d:3e:88:83:7a:
         c1:45:87:4c:9b:6d:5b:62:a7:5f:ad:4e:13:6d:67:0a:ec:3b:
         ee:97:24:f4:b9:82:76:23:05:0c:dd:42:03:82:12:1b:f1:5e:
         b6:e8:af:20:73:e7:79:c5:02:7c:de:e5:8e:97:fb:9b:58:43:
         1e:fa:f6:0d:05:9f:0e:08:ad:db:00:62:80:e1:c7:4a:fe:95:
         b1:d1:4d:16:95:89:69:00:4e:de:ad:02:22:91:b3:1a:02:40:
         85:69:d3:77:ab:a2:f8:17:bc:d5:b1:01:65:d8:65:41:66:1a:
         85:a1:e3:06:a9:38:30:05:ea:79:27:12:d9:01:59:b4:47:f3:
         2e:25:57:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKe8SXccX9Fgqy89tUlo+zxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNzE3ZWE1NGI5NTk0MmZhZDgxYTk0M2VkYjFjMTBmOWRm
OTRhZmIwHhcNMjQxMDE4MDkyNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWMzN2E2NDczMjA1YTFkMDQ0ZGZlNzZhNDMxM2YxZmQ3ZDA2YjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgULIjaMMtO6QgafPpzcgzcyRONV
YsLIlnrj2CeeyawQIsYeQkwVWXFOHvu86gRTeCJipoN8N6muXhZzkxuMB4spKOcO
kQbAt65Ymr3aEyBOaP/evjatoA9AbCFlEqtZLgThJ7ZCoOYzuep05QwpuqP6y/26
NtWI8OWth+Vs/++Y/nG8fq/pUb4cOjL6/YP7nAgZ8YSA4nP+DUzLOQKThQwbIIe2
K/gknMSntoPvPGUM5jQeQFG4XN52HYU0KtxDdSgMUTGunBC95gyV0iW1hcjJUKT6
R+Dezw1y942USZE9Q5h5sN/uwtIwHvRA34g0d0MppLqGeuume7GLEY8+owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKXDemRzIFodBE3+dqQxPx/X0GsHMB8GA1UdIwQY
MBaAFKNxfqVLlZQvrYGpQ+2xwQ+d+Ur7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzNGLXBVdVZsQy10Z2FsRDdiSEJENTM1U3ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9iNTQ4ZDUtODJmZS00NmMyLWI5OTct
MTU3YWQwYWM1MjBhLzEvcGNONlpITWdXaDBFVGY1MnBERV9IOWZRYXdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9iNTQ4ZDUtODJmZS00NmMyLWI5OTctMTU3YWQwYWM1MjBh
LzEvbzNGLXBVdVZsQy10Z2FsRDdiSEJENTM1U3ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7FyMA0G
CSqGSIb3DQEBCwUAA4IBAQB87TuUuWFQCP1eCKd6MfsKVGS+tD+3eSzy8QTRpIEq
uV/wNtttPZ+k2Uy/a/Q1cKm+BviuBRYmBsMcewF+k7ytN6SMcM54gSU2C3+/Jb7d
tFiUuI05oCyEE6eEuJ9TSg2seycgzeTrFWII/xA3J5LHkeFZJugG2kJCbT6Ig3rB
RYdMm21bYqdfrU4TbWcK7DvulyT0uYJ2IwUM3UIDghIb8V626K8gc+d5xQJ83uWO
l/ubWEMe+vYNBZ8OCK3bAGKA4cdK/pWx0U0WlYlpAE7erQIikbMaAkCFadN3q6L4
F7zVsQFl2GVBZhqFoeMGqTgwBep5JxLZAVm0R/MuJVet
-----END CERTIFICATE-----