Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/PjFGyXRC86d2JT6mNbHO50oltUA.roa
File:                     PjFGyXRC86d2JT6mNbHO50oltUA.roa (raw, json)
Hash identifier:          BDa4aWY3+TMbXWg8ZJ5+4eIRVaav49K7+nH4fXp+K7E=
Subject key identifier:   3E:31:46:C9:74:42:F3:A7:76:25:3E:A6:35:B1:CE:E7:4A:25:B5:40
Certificate issuer:       /CN=4b405caab34bbfde6b8ee66c600860c6ce96f32b
Certificate serial:       018CC79524CBE416B03115763D4F98E068ED
Authority key identifier: 4B:40:5C:AA:B3:4B:BF:DE:6B:8E:E6:6C:60:08:60:C6:CE:96:F3:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/PjFGyXRC86d2JT6mNbHO50oltUA.roa
Signing time:             Tue 02 Jan 2024 00:31:29 +0000
ROA not before:           Tue 02 Jan 2024 00:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62031
IP address blocks:        195.82.176.0/24 maxlen: 24
                          195.82.178.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/S0BcqrNLv95rjuZsYAhgxs6W8ys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/S0BcqrNLv95rjuZsYAhgxs6W8ys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:24:cb:e4:16:b0:31:15:76:3d:4f:98:e0:68:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b405caab34bbfde6b8ee66c600860c6ce96f32b
        Validity
            Not Before: Jan  2 00:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e3146c97442f3a776253ea635b1cee74a25b540
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c6:7d:3c:84:d4:99:61:9e:54:38:58:a7:1a:
                    0f:d8:9a:c6:05:11:c2:a1:be:2d:e3:13:54:f2:27:
                    ef:a3:8e:db:d4:eb:26:ab:4b:a4:92:f1:ae:85:a9:
                    29:68:09:3c:18:25:82:81:f9:c9:a3:ae:96:49:64:
                    2f:2d:70:05:1c:42:cf:33:cd:de:55:0a:ae:c0:12:
                    63:36:67:ae:31:20:89:d6:3f:df:49:47:82:69:d2:
                    52:4d:5f:de:be:b6:a1:b0:8e:f3:a5:44:9d:54:05:
                    cb:f4:89:a0:49:63:0e:e3:73:dc:36:50:0f:15:51:
                    d6:22:a3:ca:77:d8:55:d2:34:57:23:c1:18:39:f9:
                    03:79:d2:2d:31:39:f8:76:35:49:26:ad:4b:fe:f9:
                    19:58:c2:ce:b0:e6:86:90:8f:6f:a9:dc:3c:b5:d2:
                    c2:ea:ab:f1:8f:55:20:d5:d6:98:e2:59:6c:66:28:
                    af:9d:e5:02:6b:64:c9:22:a1:65:2f:f8:25:7d:15:
                    c1:44:d9:0a:ca:4e:3d:3b:52:91:c8:1d:bf:12:b1:
                    29:9b:74:1a:b7:a1:5e:19:23:d6:4c:55:76:95:3b:
                    82:2a:28:98:ae:2d:d4:77:f7:91:98:0b:99:04:fd:
                    16:a1:fe:de:06:d9:4e:85:61:6f:cc:82:66:72:28:
                    f4:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:31:46:C9:74:42:F3:A7:76:25:3E:A6:35:B1:CE:E7:4A:25:B5:40
            X509v3 Authority Key Identifier:
                keyid:4B:40:5C:AA:B3:4B:BF:DE:6B:8E:E6:6C:60:08:60:C6:CE:96:F3:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/PjFGyXRC86d2JT6mNbHO50oltUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/S0BcqrNLv95rjuZsYAhgxs6W8ys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.82.176.0/24
                  195.82.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         59:b1:a1:b2:c4:4f:5f:ec:61:42:8e:c0:9c:d7:fa:40:7a:f4:
         18:d4:75:95:f4:81:f4:d2:9b:a8:30:f6:d6:c4:3f:fd:2a:1e:
         9a:45:58:b1:0b:37:e2:56:09:2f:0f:bf:ad:22:8e:64:3a:56:
         92:8b:b7:45:74:94:d9:57:32:bf:59:a0:93:93:60:66:b6:57:
         da:4f:37:32:0e:4a:1c:80:d0:3d:6e:3a:5f:ba:02:be:50:ed:
         6a:c8:70:50:8c:33:90:ba:2b:78:2a:85:54:90:0e:1c:22:06:
         0f:84:09:48:f6:87:2f:71:7e:2d:d6:36:8c:3a:4f:42:63:ae:
         24:bb:a9:de:2d:03:b3:5f:5d:a1:1c:fc:74:2f:f5:4e:bb:a9:
         ef:75:45:10:b8:db:40:5f:3b:c2:c0:55:99:7d:f4:d8:7c:4c:
         50:33:08:45:38:42:65:48:40:95:c1:42:94:90:6d:8e:b5:bf:
         5e:1b:c4:3e:80:4a:5f:8e:50:36:6d:fb:be:d7:5b:12:d8:b2:
         84:4a:65:73:04:13:e3:f4:34:03:33:8f:c5:35:cd:de:ae:28:
         a1:e5:3d:45:d8:f8:bc:5d:37:47:8e:69:fb:67:50:72:a7:f2:
         fa:18:f5:50:c2:53:5d:e5:40:de:ab:4e:4d:83:e0:71:f4:46:
         98:40:2e:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlSTL5BawMRV2PU+Y4GjtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNDA1Y2FhYjM0YmJmZGU2YjhlZTY2YzYwMDg2MGM2Y2U5
NmYzMmIwHhcNMjQwMTAyMDAzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTMxNDZjOTc0NDJmM2E3NzYyNTNlYTYzNWIxY2VlNzRhMjViNTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsZ9PITUmWGeVDhYpxoP2JrGBRHC
ob4t4xNU8ifvo47b1Osmq0ukkvGuhakpaAk8GCWCgfnJo66WSWQvLXAFHELPM83e
VQquwBJjNmeuMSCJ1j/fSUeCadJSTV/evrahsI7zpUSdVAXL9ImgSWMO43PcNlAP
FVHWIqPKd9hV0jRXI8EYOfkDedItMTn4djVJJq1L/vkZWMLOsOaGkI9vqdw8tdLC
6qvxj1Ug1daY4llsZiivneUCa2TJIqFlL/glfRXBRNkKyk49O1KRyB2/ErEpm3Qa
t6FeGSPWTFV2lTuCKiiYri3Ud/eRmAuZBP0Wof7eBtlOhWFvzIJmcij0lwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD4xRsl0QvOndiU+pjWxzudKJbVAMB8GA1UdIwQY
MBaAFEtAXKqzS7/ea47mbGAIYMbOlvMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzBCY3FyTkx2OTVyanVac1lBaGd4czZXOHlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS85MTRkMzktMzAyMC00Yjc5LWFkMjYt
ZDg3YWZmYjhiYzYxLzEvUGpGR3lYUkM4NmQySlQ2bU5iSE81MG9sdFVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS85MTRkMzktMzAyMC00Yjc5LWFkMjYtZDg3YWZmYjhiYzYx
LzEvUzBCY3FyTkx2OTVyanVac1lBaGd4czZXOHlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw1KwAwQB
w1KyMA0GCSqGSIb3DQEBCwUAA4IBAQBZsaGyxE9f7GFCjsCc1/pAevQY1HWV9IH0
0puoMPbWxD/9Kh6aRVixCzfiVgkvD7+tIo5kOlaSi7dFdJTZVzK/WaCTk2Bmtlfa
TzcyDkocgNA9bjpfugK+UO1qyHBQjDOQuit4KoVUkA4cIgYPhAlI9ocvcX4t1jaM
Ok9CY64ku6neLQOzX12hHPx0L/VOu6nvdUUQuNtAXzvCwFWZffTYfExQMwhFOEJl
SECVwUKUkG2Otb9eG8Q+gEpfjlA2bfu+11sS2LKESmVzBBPj9DQDM4/FNc3eriih
5T1F2Pi8XTdHjmn7Z1Byp/L6GPVQwlNd5UDeq05Ng+Bx9EaYQC63
-----END CERTIFICATE-----