Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/388c70-e4c7-420d-8188-8be146253356/1/PgJWXwBQaCHbRRP-IotpZ92QIBQ.roa
File:                     PgJWXwBQaCHbRRP-IotpZ92QIBQ.roa (raw, json)
Hash identifier:          xYQsy3pMjN7C/C6gSmAGmRi3MkJ/N6wrKk6aQury8e0=
Subject key identifier:   3E:02:56:5F:00:50:68:21:DB:45:13:FE:22:8B:69:67:DD:90:20:14
Certificate issuer:       /CN=662f55d377127f28ce26b78fd83becf41becad4b
Certificate serial:       018CC726183A5C84E0EF46D44B0BE6CD4C5E
Authority key identifier: 66:2F:55:D3:77:12:7F:28:CE:26:B7:8F:D8:3B:EC:F4:1B:EC:AD:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zi9V03cSfyjOJreP2Dvs9BvsrUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/388c70-e4c7-420d-8188-8be146253356/1/PgJWXwBQaCHbRRP-IotpZ92QIBQ.roa
Signing time:             Mon 01 Jan 2024 22:30:11 +0000
ROA not before:           Mon 01 Jan 2024 22:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        31.25.237.0/24 maxlen: 24
                          31.25.236.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/388c70-e4c7-420d-8188-8be146253356/1/Zi9V03cSfyjOJreP2Dvs9BvsrUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/388c70-e4c7-420d-8188-8be146253356/1/Zi9V03cSfyjOJreP2Dvs9BvsrUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zi9V03cSfyjOJreP2Dvs9BvsrUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:18:3a:5c:84:e0:ef:46:d4:4b:0b:e6:cd:4c:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=662f55d377127f28ce26b78fd83becf41becad4b
        Validity
            Not Before: Jan  1 22:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e02565f00506821db4513fe228b6967dd902014
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ac:e5:e3:07:ef:c2:d9:77:1e:b7:fc:85:bb:
                    29:4a:a1:ea:ec:d7:3e:08:ba:8c:41:3d:14:78:19:
                    d6:f5:9c:07:d1:2e:67:02:2c:9f:91:f2:ad:5c:1d:
                    3e:82:5e:f2:f7:33:85:eb:c5:b6:7d:24:a1:b7:43:
                    46:f9:53:56:5b:fe:f7:3f:6d:46:ef:55:2f:65:91:
                    30:f0:e8:f8:33:63:8b:7d:dc:f9:a6:4a:a4:97:9b:
                    ad:35:0e:b2:a3:b5:ad:9d:b2:e8:f7:78:85:d7:20:
                    1f:d9:b1:78:9f:b6:b6:99:a4:39:f5:72:aa:8c:56:
                    ba:88:74:27:51:3e:57:45:96:fa:92:23:64:12:af:
                    6b:45:c7:5c:40:dd:a0:46:f7:60:7b:1a:b7:b9:c3:
                    88:16:14:85:4c:50:e0:73:f1:6e:db:00:b3:0e:50:
                    fb:66:f4:f7:12:48:c2:52:86:d1:f2:4e:43:49:64:
                    8e:db:02:4e:ae:65:e5:a7:be:ae:11:8f:3e:a4:0d:
                    06:1d:72:fd:61:75:f2:ff:07:56:ea:7b:07:34:cd:
                    4e:bb:af:0e:15:e5:cc:a2:3a:f2:d4:8e:b3:40:94:
                    a4:9d:49:6e:46:34:d8:d8:ce:d9:f8:44:75:7d:39:
                    5b:87:23:0b:ff:5b:5b:36:a2:e4:de:31:5d:8c:c3:
                    03:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:02:56:5F:00:50:68:21:DB:45:13:FE:22:8B:69:67:DD:90:20:14
            X509v3 Authority Key Identifier:
                keyid:66:2F:55:D3:77:12:7F:28:CE:26:B7:8F:D8:3B:EC:F4:1B:EC:AD:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zi9V03cSfyjOJreP2Dvs9BvsrUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/388c70-e4c7-420d-8188-8be146253356/1/PgJWXwBQaCHbRRP-IotpZ92QIBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/388c70-e4c7-420d-8188-8be146253356/1/Zi9V03cSfyjOJreP2Dvs9BvsrUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.25.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:dc:d8:39:56:42:9f:27:26:b8:9d:7f:cf:0c:5f:fc:da:4a:
         35:55:ac:89:37:ea:28:85:b3:31:14:83:82:9d:35:55:7c:db:
         ac:42:dd:40:74:5a:8c:05:b8:21:48:d0:53:8d:43:3f:62:a0:
         d5:f6:20:97:85:aa:78:92:17:08:15:3c:10:da:b1:17:7b:08:
         64:18:46:1e:63:3b:1c:e3:07:b8:7e:44:19:bc:3a:02:c8:73:
         d0:e5:11:8d:c9:4b:3d:58:73:49:c1:7e:88:6d:09:c4:8b:80:
         9c:c0:54:8e:ac:a6:b1:5a:c9:e0:ea:5a:c2:5d:fd:bc:99:18:
         db:65:09:2f:d3:06:96:71:2b:22:ea:a9:bc:5f:2e:92:2f:81:
         b4:43:56:23:35:e5:88:26:6d:bb:81:f1:41:15:59:4e:32:20:
         47:91:f0:09:83:7e:93:d2:78:5b:cd:9b:25:c0:65:31:0f:6c:
         1b:72:49:bc:00:29:27:52:82:27:98:c2:0d:66:4d:cd:f1:bf:
         1a:3e:4e:f6:24:4b:2b:33:1e:3e:6f:35:8f:02:df:6c:b3:ae:
         9c:8c:bf:cc:5e:f8:ac:4b:1a:03:43:cb:ff:15:a0:1c:20:bc:
         a6:33:61:9a:c3:af:9a:49:38:ff:49:fb:3a:56:4f:9a:c8:9e:
         a3:83:0b:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJhg6XITg70bUSwvmzUxeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MmY1NWQzNzcxMjdmMjhjZTI2Yjc4ZmQ4M2JlY2Y0MWJl
Y2FkNGIwHhcNMjQwMTAxMjIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTAyNTY1ZjAwNTA2ODIxZGI0NTEzZmUyMjhiNjk2N2RkOTAyMDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6zl4wfvwtl3Hrf8hbspSqHq7Nc+
CLqMQT0UeBnW9ZwH0S5nAiyfkfKtXB0+gl7y9zOF68W2fSSht0NG+VNWW/73P21G
71UvZZEw8Oj4M2OLfdz5pkqkl5utNQ6yo7WtnbLo93iF1yAf2bF4n7a2maQ59XKq
jFa6iHQnUT5XRZb6kiNkEq9rRcdcQN2gRvdgexq3ucOIFhSFTFDgc/Fu2wCzDlD7
ZvT3EkjCUobR8k5DSWSO2wJOrmXlp76uEY8+pA0GHXL9YXXy/wdW6nsHNM1Ou68O
FeXMojry1I6zQJSknUluRjTY2M7Z+ER1fTlbhyML/1tbNqLk3jFdjMMDswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4CVl8AUGgh20UT/iKLaWfdkCAUMB8GA1UdIwQY
MBaAFGYvVdN3En8ozia3j9g77PQb7K1LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmk5VjAzY1NmeWpPSnJlUDJEdnM5QnZzclVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zODhjNzAtZTRjNy00MjBkLTgxODgt
OGJlMTQ2MjUzMzU2LzEvUGdKV1h3QlFhQ0hiUlJQLUlvdHBaOTJRSUJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zODhjNzAtZTRjNy00MjBkLTgxODgtOGJlMTQ2MjUzMzU2
LzEvWmk5VjAzY1NmeWpPSnJlUDJEdnM5QnZzclVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCHxnsMA0G
CSqGSIb3DQEBCwUAA4IBAQBj3Ng5VkKfJya4nX/PDF/82ko1VayJN+oohbMxFIOC
nTVVfNusQt1AdFqMBbghSNBTjUM/YqDV9iCXhap4khcIFTwQ2rEXewhkGEYeYzsc
4we4fkQZvDoCyHPQ5RGNyUs9WHNJwX6IbQnEi4CcwFSOrKaxWsng6lrCXf28mRjb
ZQkv0waWcSsi6qm8Xy6SL4G0Q1YjNeWIJm27gfFBFVlOMiBHkfAJg36T0nhbzZsl
wGUxD2wbckm8ACknUoInmMINZk3N8b8aPk72JEsrMx4+bzWPAt9ss66cjL/MXvis
SxoDQ8v/FaAcILymM2Gaw6+aSTj/Sfs6Vk+ayJ6jgwsH
-----END CERTIFICATE-----