Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/1bd1be-cdde-45ae-a124-a7bd83a8f56c/1/PgeLUdDfnLL5GViuwWhP1hRPQ9M.roa
File:                     PgeLUdDfnLL5GViuwWhP1hRPQ9M.roa (raw, json)
Hash identifier:          ke6julZBDVqSKmhZx240zjZ8aAh+bXqD5HZcB1NPCfg=
Subject key identifier:   3E:07:8B:51:D0:DF:9C:B2:F9:19:58:AE:C1:68:4F:D6:14:4F:43:D3
Certificate issuer:       /CN=5f45b134c091410e31423eac2ccad0aedb8a6ec5
Certificate serial:       018CC8DE7A9BAFAA21BEA2FF601F5B3E04FF
Authority key identifier: 5F:45:B1:34:C0:91:41:0E:31:42:3E:AC:2C:CA:D0:AE:DB:8A:6E:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X0WxNMCRQQ4xQj6sLMrQrtuKbsU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/1bd1be-cdde-45ae-a124-a7bd83a8f56c/1/PgeLUdDfnLL5GViuwWhP1hRPQ9M.roa
Signing time:             Tue 02 Jan 2024 06:31:12 +0000
ROA not before:           Tue 02 Jan 2024 06:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25460
IP address blocks:        193.32.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/1bd1be-cdde-45ae-a124-a7bd83a8f56c/1/X0WxNMCRQQ4xQj6sLMrQrtuKbsU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/1bd1be-cdde-45ae-a124-a7bd83a8f56c/1/X0WxNMCRQQ4xQj6sLMrQrtuKbsU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X0WxNMCRQQ4xQj6sLMrQrtuKbsU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:7a:9b:af:aa:21:be:a2:ff:60:1f:5b:3e:04:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f45b134c091410e31423eac2ccad0aedb8a6ec5
        Validity
            Not Before: Jan  2 06:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e078b51d0df9cb2f91958aec1684fd6144f43d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d3:2d:3f:9a:f5:1a:f5:6f:d6:f2:84:83:7f:
                    c6:f7:c5:e2:ee:30:29:fb:97:5c:3f:82:5b:c4:77:
                    88:89:bc:b3:48:91:35:90:6d:9c:99:b8:5c:90:83:
                    19:fb:63:b0:f7:04:8e:22:fb:8a:03:d1:e7:c9:77:
                    f3:6f:2e:ec:b6:13:09:80:43:60:b7:10:ce:e9:84:
                    4b:86:9f:ac:66:31:5b:36:16:49:41:e9:8f:a8:7b:
                    70:60:26:06:0c:8d:74:d5:bc:18:5b:bb:96:70:d5:
                    9b:cd:76:43:73:35:bd:fa:d8:06:50:e0:0b:af:a5:
                    49:f7:99:e7:7c:f9:44:9a:af:5d:66:7b:cd:08:d2:
                    f3:a3:db:6f:5d:70:1a:22:01:c2:7e:0c:0e:fc:6f:
                    bc:03:25:01:3b:ce:11:30:f9:f0:cd:fd:85:1a:73:
                    e9:87:8a:64:e4:85:20:68:33:2d:94:df:ef:03:6a:
                    8e:86:f4:02:88:ba:a4:9e:32:8f:45:56:6d:f1:8a:
                    e3:48:f7:5d:75:a4:4f:d5:27:64:06:61:d9:88:cb:
                    f0:fe:e4:bc:60:b2:cd:de:2c:1d:24:b1:36:fc:e6:
                    5d:d8:f6:be:f3:88:d2:65:1f:c5:9c:bf:3b:e5:87:
                    95:6d:95:50:6f:59:9f:23:d2:49:d1:8c:86:eb:03:
                    22:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:07:8B:51:D0:DF:9C:B2:F9:19:58:AE:C1:68:4F:D6:14:4F:43:D3
            X509v3 Authority Key Identifier:
                keyid:5F:45:B1:34:C0:91:41:0E:31:42:3E:AC:2C:CA:D0:AE:DB:8A:6E:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X0WxNMCRQQ4xQj6sLMrQrtuKbsU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/1bd1be-cdde-45ae-a124-a7bd83a8f56c/1/PgeLUdDfnLL5GViuwWhP1hRPQ9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/1bd1be-cdde-45ae-a124-a7bd83a8f56c/1/X0WxNMCRQQ4xQj6sLMrQrtuKbsU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:e3:53:05:82:c2:72:b0:7f:ca:88:b1:2d:3c:bc:76:cb:6d:
         51:f5:77:51:2e:ec:15:69:fd:0c:e7:49:ae:e3:5e:0f:91:a5:
         ff:76:a8:fa:94:8c:9e:2f:b3:7d:47:02:46:5b:60:99:2e:38:
         a6:d9:6d:aa:fb:dc:b6:63:64:5f:c8:48:c7:98:6d:ab:ca:e3:
         21:33:be:f4:2a:76:3d:b4:b1:94:9e:5c:7a:2b:84:44:b8:9a:
         8f:eb:29:37:d2:fd:c1:c0:3b:0b:3b:cc:54:d1:44:9c:e8:3c:
         c1:09:32:9a:64:48:bd:62:91:98:b1:76:b7:62:47:3a:d0:93:
         75:0a:93:50:03:85:37:ac:ce:31:67:b9:1d:75:6e:53:c6:22:
         5d:98:9e:c2:72:0b:0c:74:e4:00:3e:e5:4e:d2:db:9d:8a:2a:
         fb:ec:f8:0e:c7:3e:41:af:ef:4b:c9:52:e1:0b:e1:8f:0b:e6:
         33:99:39:72:11:b7:dd:dc:ef:12:6c:b6:f9:98:0f:c1:05:40:
         90:42:71:2d:1f:c6:e3:1e:ce:09:2a:df:bf:e0:01:6c:6a:fe:
         19:0c:4b:64:f4:5e:17:f9:b7:aa:27:8f:12:39:64:b5:a2:fd:
         71:da:b4:e6:23:78:19:81:03:f0:ea:2d:bf:f4:54:27:a4:94:
         c9:9d:ad:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3nqbr6ohvqL/YB9bPgT/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmNDViMTM0YzA5MTQxMGUzMTQyM2VhYzJjY2FkMGFlZGI4
YTZlYzUwHhcNMjQwMTAyMDYzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTA3OGI1MWQwZGY5Y2IyZjkxOTU4YWVjMTY4NGZkNjE0NGY0M2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NMtP5r1GvVv1vKEg3/G98Xi7jAp
+5dcP4JbxHeIibyzSJE1kG2cmbhckIMZ+2Ow9wSOIvuKA9HnyXfzby7sthMJgENg
txDO6YRLhp+sZjFbNhZJQemPqHtwYCYGDI101bwYW7uWcNWbzXZDczW9+tgGUOAL
r6VJ95nnfPlEmq9dZnvNCNLzo9tvXXAaIgHCfgwO/G+8AyUBO84RMPnwzf2FGnPp
h4pk5IUgaDMtlN/vA2qOhvQCiLqknjKPRVZt8YrjSPdddaRP1SdkBmHZiMvw/uS8
YLLN3iwdJLE2/OZd2Pa+84jSZR/FnL875YeVbZVQb1mfI9JJ0YyG6wMioQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4Hi1HQ35yy+RlYrsFoT9YUT0PTMB8GA1UdIwQY
MBaAFF9FsTTAkUEOMUI+rCzK0K7bim7FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDBXeE5NQ1JRUTR4UWo2c0xNclFydHVLYnNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8xYmQxYmUtY2RkZS00NWFlLWExMjQt
YTdiZDgzYThmNTZjLzEvUGdlTFVkRGZuTEw1R1ZpdXdXaFAxaFJQUTlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8xYmQxYmUtY2RkZS00NWFlLWExMjQtYTdiZDgzYThmNTZj
LzEvWDBXeE5NQ1JRUTR4UWo2c0xNclFydHVLYnNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSASMA0G
CSqGSIb3DQEBCwUAA4IBAQCV41MFgsJysH/KiLEtPLx2y21R9XdRLuwVaf0M50mu
414PkaX/dqj6lIyeL7N9RwJGW2CZLjim2W2q+9y2Y2RfyEjHmG2ryuMhM770KnY9
tLGUnlx6K4REuJqP6yk30v3BwDsLO8xU0USc6DzBCTKaZEi9YpGYsXa3Ykc60JN1
CpNQA4U3rM4xZ7kddW5TxiJdmJ7CcgsMdOQAPuVO0tudiir77PgOxz5Br+9LyVLh
C+GPC+YzmTlyEbfd3O8SbLb5mA/BBUCQQnEtH8bjHs4JKt+/4AFsav4ZDEtk9F4X
+beqJ48SOWS1ov1x2rTmI3gZgQPw6i2/9FQnpJTJna3C
-----END CERTIFICATE-----