Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/PLU8wqNdMXnL9v3tJJzISiKB10E.roa
File:                     PLU8wqNdMXnL9v3tJJzISiKB10E.roa (raw, json)
Hash identifier:          VqGtKJSXmrM4NojpQ2fDKWSLpkBqvw8V5Igvg7IZsCo=
Subject key identifier:   3C:B5:3C:C2:A3:5D:31:79:CB:F6:FD:ED:24:9C:C8:4A:22:81:D7:41
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       01942521B4E75CF2229274989B444399351B
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/PLU8wqNdMXnL9v3tJJzISiKB10E.roa
Signing time:             Thu 02 Jan 2025 03:49:13 +0000
ROA not before:           Thu 02 Jan 2025 03:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.150.197.0/24 maxlen: 24
                          91.213.174.0/24 maxlen: 24
                          91.213.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 01:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:b4:e7:5c:f2:22:92:74:98:9b:44:43:99:35:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  2 03:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3cb53cc2a35d3179cbf6fded249cc84a2281d741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e5:09:78:f2:0e:4c:23:20:20:6c:c2:b0:a6:
                    78:0a:f5:72:c4:9f:36:53:92:35:bb:fc:c2:33:ba:
                    7d:84:55:55:86:e0:73:e9:c4:4d:e0:68:17:66:63:
                    a1:e2:19:2b:8c:ee:c2:3c:3d:cb:51:5e:39:e9:3e:
                    ab:01:e7:8e:a6:78:64:f2:fc:f7:38:b8:b1:d4:db:
                    0b:66:e5:1b:85:8e:36:8c:a5:63:61:16:cf:0c:46:
                    33:0d:ae:29:30:03:08:cd:90:e9:21:d5:96:fc:17:
                    56:b8:4c:b5:02:3e:43:6e:95:03:db:ad:e8:1d:13:
                    22:3d:a1:06:2e:97:34:84:41:fa:a3:a8:d3:24:79:
                    bb:84:ad:70:e5:99:4b:42:2b:32:84:72:65:a4:8c:
                    a5:eb:01:f8:43:1e:c5:ad:c8:58:a7:13:02:37:54:
                    aa:bb:35:a1:cd:f6:b9:4d:04:08:d2:85:2b:64:7f:
                    31:c8:7f:d2:7b:4e:9b:98:9a:bf:28:da:c6:8c:93:
                    3c:b3:9d:a2:cf:cb:5c:19:f4:65:da:dc:60:ac:8c:
                    b7:46:a7:e7:48:32:0a:06:c5:22:69:71:0b:45:7b:
                    a4:23:a4:27:05:ff:05:58:20:66:a5:ea:3e:37:64:
                    e2:e2:fa:20:e5:b5:8f:67:0d:a0:07:43:82:52:4d:
                    4c:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:B5:3C:C2:A3:5D:31:79:CB:F6:FD:ED:24:9C:C8:4A:22:81:D7:41
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/PLU8wqNdMXnL9v3tJJzISiKB10E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.197.0/24
                  91.213.174.0/24
                  91.213.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:ab:32:dc:33:ec:db:0f:a5:f9:52:a2:60:ad:4e:3b:f7:e4:
         2d:b2:c3:51:5f:30:08:6d:c3:88:30:e6:07:e8:3c:a5:50:09:
         48:ec:74:7f:56:09:3f:d1:73:b0:77:93:fc:17:8d:43:89:29:
         53:f6:1b:9d:92:66:4a:50:39:7b:94:be:67:eb:20:9b:17:a7:
         81:fa:e8:10:f5:87:e2:2e:89:7b:39:4e:e3:53:94:c8:73:b5:
         27:5a:23:65:76:9f:97:78:ed:60:d0:53:67:dd:d6:4d:e9:e6:
         18:fe:a5:9b:85:8d:58:ec:18:b7:1e:aa:52:86:4e:b9:2b:97:
         2b:73:fd:39:b6:0e:5f:9f:dc:4c:e4:2b:c0:ab:49:65:0d:e3:
         1b:78:07:e2:08:07:46:ef:95:00:e3:be:03:15:c8:71:76:d4:
         72:63:bf:07:8e:31:28:49:09:ca:bd:b3:7d:ae:ff:89:3a:8e:
         ab:47:b3:92:0a:68:50:b9:d7:02:3e:cf:fa:bc:a9:12:1f:76:
         5e:d3:26:2d:a2:67:84:18:1b:c8:39:06:93:49:75:6c:f3:38:
         77:cb:33:80:81:e2:d0:b5:56:2c:52:b6:f6:4b:93:c3:14:90:
         f5:0a:de:b6:42:ca:f1:0a:69:2e:64:47:61:45:02:79:28:ae:
         b2:36:2f:d6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIbTnXPIiknSYm0RDmTUbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjUwMTAyMDM0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2I1M2NjMmEzNWQzMTc5Y2JmNmZkZWQyNDljYzg0YTIyODFkNzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeUJePIOTCMgIGzCsKZ4CvVyxJ82
U5I1u/zCM7p9hFVVhuBz6cRN4GgXZmOh4hkrjO7CPD3LUV456T6rAeeOpnhk8vz3
OLix1NsLZuUbhY42jKVjYRbPDEYzDa4pMAMIzZDpIdWW/BdWuEy1Aj5DbpUD263o
HRMiPaEGLpc0hEH6o6jTJHm7hK1w5ZlLQisyhHJlpIyl6wH4Qx7FrchYpxMCN1Sq
uzWhzfa5TQQI0oUrZH8xyH/Se06bmJq/KNrGjJM8s52iz8tcGfRl2txgrIy3Rqfn
SDIKBsUiaXELRXukI6QnBf8FWCBmpeo+N2Ti4vog5bWPZw2gB0OCUk1MQQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDy1PMKjXTF5y/b97SScyEoigddBMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvUExVOHdxTmRNWG5MOXYzdEpKeklTaUtCMTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALZbFAwQA
W9WuAwQAW9W6MA0GCSqGSIb3DQEBCwUAA4IBAQBPqzLcM+zbD6X5UqJgrU479+Qt
ssNRXzAIbcOIMOYH6DylUAlI7HR/Vgk/0XOwd5P8F41DiSlT9hudkmZKUDl7lL5n
6yCbF6eB+ugQ9YfiLol7OU7jU5TIc7UnWiNldp+XeO1g0FNn3dZN6eYY/qWbhY1Y
7Bi3HqpShk65K5crc/05tg5fn9xM5CvAq0llDeMbeAfiCAdG75UA474DFchxdtRy
Y78HjjEoSQnKvbN9rv+JOo6rR7OSCmhQudcCPs/6vKkSH3Ze0yYtomeEGBvIOQaT
SXVs8zh3yzOAgeLQtVYsUrb2S5PDFJD1Ct62QsrxCmkuZEdhRQJ5KK6yNi/W
-----END CERTIFICATE-----