Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/a71248-a465-40d4-a2cf-a41b50aa272d/1/PJqvfoxrY9TUKPALlbiy9-3SaoY.roa
File:                     PJqvfoxrY9TUKPALlbiy9-3SaoY.roa (raw, json)
Hash identifier:          l5k8yFsvgSxq4Nc3aWgjyjmVIoDadK6iTCXVVsTX2RE=
Subject key identifier:   3C:9A:AF:7E:8C:6B:63:D4:D4:28:F0:0B:95:B8:B2:F7:ED:D2:6A:86
Certificate issuer:       /CN=4b25df8620374243e3c5eab25550af24e0eff48c
Certificate serial:       018CC501541389AC992B596EB5FE85BEE571
Authority key identifier: 4B:25:DF:86:20:37:42:43:E3:C5:EA:B2:55:50:AF:24:E0:EF:F4:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SyXfhiA3QkPjxeqyVVCvJODv9Iw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/a71248-a465-40d4-a2cf-a41b50aa272d/1/PJqvfoxrY9TUKPALlbiy9-3SaoY.roa
Signing time:             Mon 01 Jan 2024 12:30:47 +0000
ROA not before:           Mon 01 Jan 2024 12:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43279
IP address blocks:        185.208.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/a71248-a465-40d4-a2cf-a41b50aa272d/1/SyXfhiA3QkPjxeqyVVCvJODv9Iw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/a71248-a465-40d4-a2cf-a41b50aa272d/1/SyXfhiA3QkPjxeqyVVCvJODv9Iw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SyXfhiA3QkPjxeqyVVCvJODv9Iw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 18:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:54:13:89:ac:99:2b:59:6e:b5:fe:85:be:e5:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b25df8620374243e3c5eab25550af24e0eff48c
        Validity
            Not Before: Jan  1 12:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c9aaf7e8c6b63d4d428f00b95b8b2f7edd26a86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:2e:63:b2:8b:00:68:c3:c1:39:4a:df:cc:ae:
                    c4:22:e2:c5:ad:2e:5e:7a:d6:55:2a:4e:e8:d8:99:
                    11:af:8f:8d:5c:91:25:3a:e8:2a:23:60:da:bc:73:
                    0c:bd:48:90:21:02:18:fe:7a:ef:4c:cb:56:f3:4c:
                    2e:e8:8d:1a:ec:a0:b3:3a:76:f2:66:c2:c2:75:fc:
                    61:d3:35:01:5d:c6:93:54:c7:05:69:a9:92:fd:c2:
                    73:3b:8f:f0:31:75:2a:ae:a3:5d:e2:13:b5:b0:1a:
                    64:33:09:b4:65:2b:76:2d:9e:b3:fe:39:03:89:ed:
                    6b:34:a5:e9:eb:01:24:bd:e0:6c:9f:b6:1e:e6:fa:
                    27:37:90:b4:5a:fb:bc:c0:ee:26:73:24:02:10:b3:
                    3d:39:98:72:02:a4:ba:94:c8:b1:f7:4a:03:39:5b:
                    80:07:00:78:fd:3a:8f:7c:a5:19:ef:44:a3:db:eb:
                    6c:18:6c:4c:9d:d6:dc:46:8c:b5:ff:de:e2:7c:ee:
                    72:b8:18:ff:6c:4e:9f:87:a8:aa:2d:21:ff:0f:d2:
                    db:4c:16:f5:2d:be:b6:31:42:32:84:48:65:ae:14:
                    6c:ad:f2:75:9e:43:96:eb:ec:00:4d:5e:40:9c:e0:
                    d8:5c:e6:e3:4c:36:a3:82:03:3d:42:d8:e9:a0:2f:
                    05:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:9A:AF:7E:8C:6B:63:D4:D4:28:F0:0B:95:B8:B2:F7:ED:D2:6A:86
            X509v3 Authority Key Identifier:
                keyid:4B:25:DF:86:20:37:42:43:E3:C5:EA:B2:55:50:AF:24:E0:EF:F4:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SyXfhiA3QkPjxeqyVVCvJODv9Iw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/a71248-a465-40d4-a2cf-a41b50aa272d/1/PJqvfoxrY9TUKPALlbiy9-3SaoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/a71248-a465-40d4-a2cf-a41b50aa272d/1/SyXfhiA3QkPjxeqyVVCvJODv9Iw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:8c:f2:3e:cb:82:f1:30:c8:1e:a6:b3:0a:2c:52:59:35:1d:
         fd:f3:51:ad:e7:c3:4e:21:02:34:cb:9e:f8:d3:63:18:d3:4a:
         92:e6:4a:8c:dc:e4:75:4d:fa:76:e1:00:5a:2f:a4:4f:31:d5:
         47:d7:8b:14:0f:65:e6:cc:6f:12:11:1b:49:cb:4b:8c:c6:95:
         aa:d7:f7:02:bb:3b:86:f1:b2:69:06:25:4b:ea:a7:6f:e8:70:
         33:d1:64:85:29:a6:f5:04:ca:3c:cf:af:25:bf:71:d2:60:93:
         b5:88:83:ec:64:c2:37:87:c8:df:91:24:52:77:26:93:3e:fd:
         80:47:06:c3:a1:dd:b3:58:a4:b0:9f:75:ca:80:81:1c:92:7c:
         be:8a:57:5e:fc:f5:f0:d9:95:f3:ba:f5:4e:be:ab:47:99:c5:
         c6:1d:79:f0:67:6c:87:69:70:39:a4:dc:84:ed:6f:a3:31:9c:
         a2:19:2d:bc:9d:f7:15:5f:95:58:0f:a0:76:8b:10:01:78:cd:
         ac:79:e6:86:6d:20:44:0a:f4:a5:08:f3:a1:18:66:de:e7:90:
         e3:be:1a:87:b7:c3:e5:60:d6:16:94:85:39:0f:8e:d8:65:cc:
         f8:21:5b:2b:c9:01:8f:a6:88:dd:b3:bc:e8:b5:45:1b:e6:61:
         57:db:c1:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAVQTiayZK1lutf6FvuVxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiMjVkZjg2MjAzNzQyNDNlM2M1ZWFiMjU1NTBhZjI0ZTBl
ZmY0OGMwHhcNMjQwMTAxMTIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzlhYWY3ZThjNmI2M2Q0ZDQyOGYwMGI5NWI4YjJmN2VkZDI2YTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnS5jsosAaMPBOUrfzK7EIuLFrS5e
etZVKk7o2JkRr4+NXJElOugqI2DavHMMvUiQIQIY/nrvTMtW80wu6I0a7KCzOnby
ZsLCdfxh0zUBXcaTVMcFaamS/cJzO4/wMXUqrqNd4hO1sBpkMwm0ZSt2LZ6z/jkD
ie1rNKXp6wEkveBsn7Ye5vonN5C0Wvu8wO4mcyQCELM9OZhyAqS6lMix90oDOVuA
BwB4/TqPfKUZ70Sj2+tsGGxMndbcRoy1/97ifO5yuBj/bE6fh6iqLSH/D9LbTBb1
Lb62MUIyhEhlrhRsrfJ1nkOW6+wATV5AnODYXObjTDajggM9QtjpoC8FlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDyar36Ma2PU1CjwC5W4svft0mqGMB8GA1UdIwQY
MBaAFEsl34YgN0JD48XqslVQryTg7/SMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3lYZmhpQTNRa1BqeGVxeVZWQ3ZKT0R2OUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9hNzEyNDgtYTQ2NS00MGQ0LWEyY2Yt
YTQxYjUwYWEyNzJkLzEvUEpxdmZveHJZOVRVS1BBTGxiaXk5LTNTYW9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9hNzEyNDgtYTQ2NS00MGQ0LWEyY2YtYTQxYjUwYWEyNzJk
LzEvU3lYZmhpQTNRa1BqeGVxeVZWQ3ZKT0R2OUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudDoMA0G
CSqGSIb3DQEBCwUAA4IBAQBijPI+y4LxMMgeprMKLFJZNR3981Gt58NOIQI0y574
02MY00qS5kqM3OR1Tfp24QBaL6RPMdVH14sUD2XmzG8SERtJy0uMxpWq1/cCuzuG
8bJpBiVL6qdv6HAz0WSFKab1BMo8z68lv3HSYJO1iIPsZMI3h8jfkSRSdyaTPv2A
RwbDod2zWKSwn3XKgIEckny+ilde/PXw2ZXzuvVOvqtHmcXGHXnwZ2yHaXA5pNyE
7W+jMZyiGS28nfcVX5VYD6B2ixABeM2seeaGbSBECvSlCPOhGGbe55DjvhqHt8Pl
YNYWlIU5D47YZcz4IVsryQGPpojds7zotUUb5mFX28G6
-----END CERTIFICATE-----