Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/98149a-b996-45dc-8fcc-53e6c14fcc0c/1/PfIePew8ESte-6wpkDr_9AgczZM.roa
File:                     PfIePew8ESte-6wpkDr_9AgczZM.roa (raw, json)
Hash identifier:          SzaS4fceQ5AszyCatgho9oR5T5j00A+iBWLs+PWcavU=
Subject key identifier:   3D:F2:1E:3D:EC:3C:11:2B:5E:FB:AC:29:90:3A:FF:F4:08:1C:CD:93
Certificate issuer:       /CN=a5e69bd82d5ec0c7bd3d5dc9f92902f35e357a45
Certificate serial:       018CC8DECB2E682D250FBDC1D9FC7C061F8D
Authority key identifier: A5:E6:9B:D8:2D:5E:C0:C7:BD:3D:5D:C9:F9:29:02:F3:5E:35:7A:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/peab2C1ewMe9PV3J-SkC8141ekU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/98149a-b996-45dc-8fcc-53e6c14fcc0c/1/PfIePew8ESte-6wpkDr_9AgczZM.roa
Signing time:             Tue 02 Jan 2024 06:31:33 +0000
ROA not before:           Tue 02 Jan 2024 06:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207932
IP address blocks:        194.127.200.0/24 maxlen: 24
                          194.127.201.0/24 maxlen: 24
                          194.127.212.0/24 maxlen: 24
                          194.127.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/98149a-b996-45dc-8fcc-53e6c14fcc0c/1/peab2C1ewMe9PV3J-SkC8141ekU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/98149a-b996-45dc-8fcc-53e6c14fcc0c/1/peab2C1ewMe9PV3J-SkC8141ekU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/peab2C1ewMe9PV3J-SkC8141ekU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:cb:2e:68:2d:25:0f:bd:c1:d9:fc:7c:06:1f:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5e69bd82d5ec0c7bd3d5dc9f92902f35e357a45
        Validity
            Not Before: Jan  2 06:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3df21e3dec3c112b5efbac29903afff4081ccd93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:da:58:e3:c9:76:1b:8e:09:ee:c9:20:d4:c2:
                    25:78:b2:b1:83:37:99:59:6a:9d:fc:5d:ea:78:91:
                    bd:d4:8f:58:af:4b:0a:50:21:96:b4:60:de:35:6b:
                    b0:e8:e7:58:af:ef:8c:b4:cd:a1:b3:19:db:af:12:
                    49:2d:2f:6a:98:f5:ba:07:67:d6:4c:5a:99:94:69:
                    ac:7a:4a:85:96:22:f2:75:b2:8d:8e:e8:ea:ee:b3:
                    f2:f0:82:fc:9b:a7:0a:ba:c1:c9:a3:d1:0e:a3:3a:
                    23:24:ad:a3:ca:1c:1a:c2:76:a9:13:b4:15:c3:2b:
                    56:26:00:07:b6:1a:f4:fa:64:fe:6a:ee:94:f8:13:
                    a2:1d:3f:22:2b:8b:90:b3:99:5b:4f:e1:67:50:6b:
                    d9:e1:7f:e7:9c:ea:37:f8:64:39:ca:97:e1:0b:4d:
                    7c:21:d1:c4:59:92:73:79:88:18:78:0f:97:1e:d6:
                    0d:aa:47:61:55:d1:1a:17:49:68:1b:96:d6:d8:fc:
                    a3:01:23:18:39:40:3a:5d:19:5d:ff:4b:dd:a1:5c:
                    9a:9e:27:df:3a:74:e8:ea:fb:8e:27:0e:53:9c:0c:
                    3c:28:4f:3e:7a:89:70:7f:49:ec:48:87:4f:ec:f3:
                    4e:33:ab:72:b6:18:eb:e6:2c:ca:a1:fe:6c:ac:e0:
                    97:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:F2:1E:3D:EC:3C:11:2B:5E:FB:AC:29:90:3A:FF:F4:08:1C:CD:93
            X509v3 Authority Key Identifier:
                keyid:A5:E6:9B:D8:2D:5E:C0:C7:BD:3D:5D:C9:F9:29:02:F3:5E:35:7A:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/peab2C1ewMe9PV3J-SkC8141ekU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/98149a-b996-45dc-8fcc-53e6c14fcc0c/1/PfIePew8ESte-6wpkDr_9AgczZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/98149a-b996-45dc-8fcc-53e6c14fcc0c/1/peab2C1ewMe9PV3J-SkC8141ekU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.200.0/23
                  194.127.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:30:3b:76:35:9d:ab:81:7c:4e:8b:48:4c:33:47:24:ad:6c:
         8b:0e:cc:04:a6:06:83:2d:0c:c6:c5:90:9b:e7:8b:f8:b3:ff:
         7c:c2:43:c7:bc:75:76:c0:3b:12:f2:0a:4a:55:2f:bf:10:2c:
         86:e9:43:20:4e:ee:0b:16:9a:e1:a9:86:b2:b2:80:c5:d3:ee:
         ef:32:4a:85:33:dd:27:f2:86:b7:64:00:69:12:9a:04:f1:82:
         6e:55:76:2e:6b:3c:1a:ac:f2:20:f3:b0:11:67:0f:0a:68:ff:
         fa:24:03:fb:61:47:88:20:5f:0b:c5:01:49:12:57:88:e2:43:
         f5:c9:a6:1d:b2:a0:20:4c:04:b4:fd:94:7d:fd:ad:46:41:74:
         be:ce:84:40:fe:db:ca:5a:d0:48:f3:5a:d4:13:05:63:79:39:
         8c:97:60:aa:ab:3c:74:18:86:86:6a:3b:4b:7f:10:32:97:30:
         7e:31:09:6a:98:c1:a6:b7:3c:1c:3c:8b:bf:31:63:cc:01:05:
         0f:eb:d1:8e:fb:42:71:ce:75:74:22:04:f5:34:77:71:f0:88:
         7d:16:55:e8:c8:3a:58:e8:4e:3b:27:b7:db:4f:1f:47:9f:75:
         1f:8c:4a:38:1f:47:84:96:6d:be:2d:76:57:63:1c:0a:3f:ed:
         41:6d:b9:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3ssuaC0lD73B2fx8Bh+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1ZTY5YmQ4MmQ1ZWMwYzdiZDNkNWRjOWY5MjkwMmYzNWUz
NTdhNDUwHhcNMjQwMTAyMDYzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGYyMWUzZGVjM2MxMTJiNWVmYmFjMjk5MDNhZmZmNDA4MWNjZDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9pY48l2G44J7skg1MIleLKxgzeZ
WWqd/F3qeJG91I9Yr0sKUCGWtGDeNWuw6OdYr++MtM2hsxnbrxJJLS9qmPW6B2fW
TFqZlGmsekqFliLydbKNjujq7rPy8IL8m6cKusHJo9EOozojJK2jyhwawnapE7QV
wytWJgAHthr0+mT+au6U+BOiHT8iK4uQs5lbT+FnUGvZ4X/nnOo3+GQ5ypfhC018
IdHEWZJzeYgYeA+XHtYNqkdhVdEaF0loG5bW2PyjASMYOUA6XRld/0vdoVyaniff
OnTo6vuOJw5TnAw8KE8+eolwf0nsSIdP7PNOM6tythjr5izKof5srOCX2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD3yHj3sPBErXvusKZA6//QIHM2TMB8GA1UdIwQY
MBaAFKXmm9gtXsDHvT1dyfkpAvNeNXpFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGVhYjJDMWV3TWU5UFYzSi1Ta0M4MTQxZWtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS85ODE0OWEtYjk5Ni00NWRjLThmY2Mt
NTNlNmMxNGZjYzBjLzEvUGZJZVBldzhFU3RlLTZ3cGtEcl85QWdjelpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS85ODE0OWEtYjk5Ni00NWRjLThmY2MtNTNlNmMxNGZjYzBj
LzEvcGVhYjJDMWV3TWU5UFYzSi1Ta0M4MTQxZWtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwn/IAwQB
wn/UMA0GCSqGSIb3DQEBCwUAA4IBAQCXMDt2NZ2rgXxOi0hMM0ckrWyLDswEpgaD
LQzGxZCb54v4s/98wkPHvHV2wDsS8gpKVS+/ECyG6UMgTu4LFprhqYaysoDF0+7v
MkqFM90n8oa3ZABpEpoE8YJuVXYuazwarPIg87ARZw8KaP/6JAP7YUeIIF8LxQFJ
EleI4kP1yaYdsqAgTAS0/ZR9/a1GQXS+zoRA/tvKWtBI81rUEwVjeTmMl2Cqqzx0
GIaGajtLfxAylzB+MQlqmMGmtzwcPIu/MWPMAQUP69GO+0JxznV0IgT1NHdx8Ih9
FlXoyDpY6E47J7fbTx9Hn3UfjEo4H0eElm2+LXZXYxwKP+1BbblJ
-----END CERTIFICATE-----