Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/e326b9-795f-4a0b-9efd-e69be395b0f7/1/PpcdogixcULNIbouBJ6rUarSsOQ.roa
File:                     PpcdogixcULNIbouBJ6rUarSsOQ.roa (raw, json)
Hash identifier:          aoEzrzQ6jN9jWA0r7vP1QFEQNfsVl+ZNhzO0jI2+6eQ=
Subject key identifier:   3E:97:1D:A2:08:B1:71:42:CD:21:BA:2E:04:9E:AB:51:AA:D2:B0:E4
Certificate issuer:       /CN=0d7413dcf537374a70daa31fd9a99fd29b033239
Certificate serial:       018CCA99A4DDC5211E74A8FDADBCF1AFEBA7
Authority key identifier: 0D:74:13:DC:F5:37:37:4A:70:DA:A3:1F:D9:A9:9F:D2:9B:03:32:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXQT3PU3N0pw2qMf2amf0psDMjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/e326b9-795f-4a0b-9efd-e69be395b0f7/1/PpcdogixcULNIbouBJ6rUarSsOQ.roa
Signing time:             Tue 02 Jan 2024 14:35:15 +0000
ROA not before:           Tue 02 Jan 2024 14:35:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48173
IP address blocks:        91.229.178.0/23 maxlen: 24
                          193.169.180.0/23 maxlen: 24
                          91.241.72.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/e326b9-795f-4a0b-9efd-e69be395b0f7/1/DXQT3PU3N0pw2qMf2amf0psDMjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/e326b9-795f-4a0b-9efd-e69be395b0f7/1/DXQT3PU3N0pw2qMf2amf0psDMjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXQT3PU3N0pw2qMf2amf0psDMjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:a4:dd:c5:21:1e:74:a8:fd:ad:bc:f1:af:eb:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7413dcf537374a70daa31fd9a99fd29b033239
        Validity
            Not Before: Jan  2 14:35:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e971da208b17142cd21ba2e049eab51aad2b0e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:2e:ce:d3:a5:25:c8:de:6e:be:78:ef:64:80:
                    ce:82:6a:73:d6:6a:a3:99:85:c8:20:39:f3:25:65:
                    4d:13:84:f4:a5:ff:e7:33:22:4c:7f:16:eb:e4:42:
                    86:02:42:06:c7:88:3c:3e:96:50:de:f5:c3:79:4e:
                    60:47:06:20:25:2b:68:ce:67:fa:45:3f:4d:60:50:
                    f2:c9:64:d8:9d:ff:b0:46:a5:2f:ae:2f:79:99:28:
                    4a:c5:f6:31:57:33:91:2d:23:01:f0:bb:35:e4:88:
                    c8:ef:79:04:d7:09:fd:fa:8b:2b:54:d1:85:b9:2b:
                    07:f5:0d:cb:e0:ba:fb:e1:f6:a7:9b:bf:b6:00:74:
                    2c:4f:76:e3:75:a7:1f:fb:4d:ec:81:1c:81:14:c2:
                    b7:d1:92:f2:0a:40:10:7f:7f:ab:49:14:38:29:e0:
                    3a:7b:67:16:93:f1:10:fe:3f:dd:ae:93:f6:63:a7:
                    3e:40:f1:55:82:09:63:89:e3:4c:f8:4b:05:6e:14:
                    65:52:be:bc:90:a7:52:bd:f6:8b:2d:0e:0b:48:a6:
                    d2:cd:f2:07:2d:29:04:a0:82:ff:ff:15:e6:6e:23:
                    31:a1:69:f2:10:5c:be:d8:3a:55:44:30:f6:d3:26:
                    bf:2d:08:d4:5a:de:17:e9:02:1d:99:33:c2:1d:a5:
                    e5:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:97:1D:A2:08:B1:71:42:CD:21:BA:2E:04:9E:AB:51:AA:D2:B0:E4
            X509v3 Authority Key Identifier:
                keyid:0D:74:13:DC:F5:37:37:4A:70:DA:A3:1F:D9:A9:9F:D2:9B:03:32:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXQT3PU3N0pw2qMf2amf0psDMjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/e326b9-795f-4a0b-9efd-e69be395b0f7/1/PpcdogixcULNIbouBJ6rUarSsOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/e326b9-795f-4a0b-9efd-e69be395b0f7/1/DXQT3PU3N0pw2qMf2amf0psDMjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.178.0/23
                  91.241.72.0/22
                  193.169.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:6f:ac:93:ae:a1:e1:1f:b2:60:36:4a:93:dc:96:ed:29:ff:
         c0:c8:a8:14:24:cc:c6:47:21:91:6b:b5:af:e7:69:23:3e:6b:
         b8:0d:7b:e0:d5:12:25:42:63:42:61:e1:5f:18:44:13:27:bf:
         e8:ab:a3:76:f1:8b:ae:bb:4f:75:03:64:34:70:1a:d8:2f:85:
         21:6d:dc:28:01:c8:3f:dd:1a:d8:e9:76:c2:5b:da:e5:f9:18:
         b5:b9:7f:56:18:d8:20:53:ff:55:0c:fa:cb:a6:71:c4:5e:0c:
         0d:58:2f:0e:30:f4:9f:1b:d7:b3:43:df:3d:01:ed:6c:7a:5a:
         d8:0f:c9:9f:4e:97:db:cd:c1:74:6e:f6:11:66:2d:a0:b0:0a:
         ff:0e:07:83:60:19:05:28:76:3d:35:94:70:db:8b:7c:29:3c:
         38:64:02:06:77:a8:14:ab:12:13:45:11:ff:c6:2a:9d:75:c9:
         3b:2a:5d:d0:c2:ef:4a:c7:2d:37:d5:19:66:00:c4:4e:c5:b0:
         52:8c:01:b1:c0:66:0c:5e:03:97:44:8e:44:84:e7:a7:8e:07:
         8b:de:38:37:22:27:91:9a:cd:d0:b6:c5:ac:9e:ea:54:06:c2:
         f0:87:54:2e:ed:b2:5c:14:78:e1:ef:4e:32:c7:06:9c:da:45:
         30:df:96:7a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKmaTdxSEedKj9rbzxr+unMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzQxM2RjZjUzNzM3NGE3MGRhYTMxZmQ5YTk5ZmQyOWIw
MzMyMzkwHhcNMjQwMTAyMTQzNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTk3MWRhMjA4YjE3MTQyY2QyMWJhMmUwNDllYWI1MWFhZDJiMGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhC7O06UlyN5uvnjvZIDOgmpz1mqj
mYXIIDnzJWVNE4T0pf/nMyJMfxbr5EKGAkIGx4g8PpZQ3vXDeU5gRwYgJStozmf6
RT9NYFDyyWTYnf+wRqUvri95mShKxfYxVzORLSMB8Ls15IjI73kE1wn9+osrVNGF
uSsH9Q3L4Lr74fanm7+2AHQsT3bjdacf+03sgRyBFMK30ZLyCkAQf3+rSRQ4KeA6
e2cWk/EQ/j/drpP2Y6c+QPFVggljieNM+EsFbhRlUr68kKdSvfaLLQ4LSKbSzfIH
LSkEoIL//xXmbiMxoWnyEFy+2DpVRDD20ya/LQjUWt4X6QIdmTPCHaXlfwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFD6XHaIIsXFCzSG6LgSeq1Gq0rDkMB8GA1UdIwQY
MBaAFA10E9z1NzdKcNqjH9mpn9KbAzI5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhRVDNQVTNOMHB3MnFNZjJhbWYwcHNETWprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9lMzI2YjktNzk1Zi00YTBiLTllZmQt
ZTY5YmUzOTViMGY3LzEvUHBjZG9naXhjVUxOSWJvdUJKNnJVYXJTc09RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9lMzI2YjktNzk1Zi00YTBiLTllZmQtZTY5YmUzOTViMGY3
LzEvRFhRVDNQVTNOMHB3MnFNZjJhbWYwcHNETWprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBW+WyAwQC
W/FIAwQBwam0MA0GCSqGSIb3DQEBCwUAA4IBAQCSb6yTrqHhH7JgNkqT3JbtKf/A
yKgUJMzGRyGRa7Wv52kjPmu4DXvg1RIlQmNCYeFfGEQTJ7/oq6N28Yuuu091A2Q0
cBrYL4UhbdwoAcg/3RrY6XbCW9rl+Ri1uX9WGNggU/9VDPrLpnHEXgwNWC8OMPSf
G9ezQ989Ae1selrYD8mfTpfbzcF0bvYRZi2gsAr/DgeDYBkFKHY9NZRw24t8KTw4
ZAIGd6gUqxITRRH/xiqddck7Kl3Qwu9Kxy031RlmAMROxbBSjAGxwGYMXgOXRI5E
hOenjgeL3jg3IieRms3QtsWsnupUBsLwh1Qu7bJcFHjh704yxwac2kUw35Z6
-----END CERTIFICATE-----