Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/PCBfSV5_lfy2glKXbk15D1wu1HY.roa
File:                     PCBfSV5_lfy2glKXbk15D1wu1HY.roa (raw, json)
Hash identifier:          UGZx0w4Fy1zDzqZhYpTK6hHi4xJtKeR0w2Q4xW7SZlo=
Subject key identifier:   3C:20:5F:49:5E:7F:95:FC:B6:82:52:97:6E:4D:79:0F:5C:2E:D4:76
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       018CCA2A444665B97B5CD798F1DEF1ED7A72
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/PCBfSV5_lfy2glKXbk15D1wu1HY.roa
Signing time:             Tue 02 Jan 2024 12:33:36 +0000
ROA not before:           Tue 02 Jan 2024 12:33:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        80.71.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:44:46:65:b9:7b:5c:d7:98:f1:de:f1:ed:7a:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jan  2 12:33:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c205f495e7f95fcb68252976e4d790f5c2ed476
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:29:e7:d1:4b:f7:b9:90:b0:9a:ce:96:d8:72:
                    05:5e:fb:eb:fb:0a:07:66:b9:8d:ca:b7:b3:48:f5:
                    89:a1:a7:29:77:d1:18:20:17:5b:f7:9a:83:fe:ab:
                    63:f4:c3:62:e8:8f:2a:f0:11:bd:f4:df:12:14:23:
                    de:ec:a3:4d:d9:04:e4:17:23:19:bf:51:9f:be:36:
                    48:6f:9b:82:3d:57:d1:3a:cb:7a:48:5d:ae:7f:a9:
                    26:52:1a:b5:2a:aa:7e:7b:42:35:55:6b:bb:f8:87:
                    29:15:9a:48:f2:56:7d:66:46:90:5e:6f:ad:bd:9b:
                    b6:2a:52:73:7c:c6:57:54:00:63:07:2f:57:47:0d:
                    b9:87:e5:e8:44:b6:0a:22:ea:d5:3c:b4:0e:53:3c:
                    bc:06:32:f7:61:bd:c7:39:72:20:46:ce:2a:f3:99:
                    f6:c8:85:07:8c:09:03:95:29:bf:f8:3c:47:1f:43:
                    a9:05:1a:dd:6b:d3:09:1c:64:9a:d6:47:e8:9c:2e:
                    36:de:2f:84:fe:14:f2:6d:5a:99:1d:4d:77:ef:7f:
                    9b:8f:93:35:24:0f:2d:6c:db:7f:6d:66:a5:72:8c:
                    ab:57:4c:44:20:5f:f8:2d:cb:dd:a0:29:8f:3c:59:
                    31:1f:09:3c:29:3a:df:85:02:29:05:f5:1a:f5:c1:
                    88:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:20:5F:49:5E:7F:95:FC:B6:82:52:97:6E:4D:79:0F:5C:2E:D4:76
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/PCBfSV5_lfy2glKXbk15D1wu1HY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:6f:e8:cf:32:fc:a6:78:2a:5c:e5:9f:74:60:24:3c:53:a6:
         e9:49:1e:27:f1:c0:3e:bb:bf:96:75:e3:50:35:e4:3f:07:a3:
         a6:11:f7:3a:57:e7:95:f3:fe:f0:bc:c3:72:e3:ba:37:0e:e9:
         02:fd:96:f8:71:9a:fc:0d:04:1a:23:32:3f:2b:60:2e:4a:8b:
         6a:c9:b3:2c:a3:62:2e:36:c3:82:71:7e:ce:19:61:8a:88:57:
         9d:1c:35:27:ae:36:4f:e3:7f:47:d1:6d:10:77:02:e8:c0:eb:
         98:d5:7b:3c:cf:2f:d4:bd:21:5c:6c:0d:19:78:41:fe:a1:52:
         1a:46:c6:d5:e0:a6:07:da:64:fb:37:e8:08:40:ee:a7:48:f3:
         6e:97:9a:ec:09:85:2b:0e:47:e4:2e:07:90:6b:b9:92:d5:e8:
         0f:fe:bd:3f:25:e1:37:53:f9:93:00:69:c6:7c:72:e9:ca:68:
         99:6b:8e:d2:b3:20:d9:48:8d:89:e3:4f:da:44:a6:35:23:04:
         57:3b:58:6f:28:c6:5d:b3:ee:13:1d:49:bc:cb:e9:a0:90:43:
         a7:9c:a2:1d:fa:17:6f:2b:3b:4c:2b:a1:5a:33:11:9d:51:c3:
         8b:1a:1d:21:5c:5c:79:f1:a1:0a:18:eb:25:0d:40:8b:f4:a3:
         67:c1:29:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKkRGZbl7XNeY8d7x7XpyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQwMTAyMTIzMzM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzIwNWY0OTVlN2Y5NWZjYjY4MjUyOTc2ZTRkNzkwZjVjMmVkNDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlinn0Uv3uZCwms6W2HIFXvvr+woH
ZrmNyrezSPWJoacpd9EYIBdb95qD/qtj9MNi6I8q8BG99N8SFCPe7KNN2QTkFyMZ
v1GfvjZIb5uCPVfROst6SF2uf6kmUhq1Kqp+e0I1VWu7+IcpFZpI8lZ9ZkaQXm+t
vZu2KlJzfMZXVABjBy9XRw25h+XoRLYKIurVPLQOUzy8BjL3Yb3HOXIgRs4q85n2
yIUHjAkDlSm/+DxHH0OpBRrda9MJHGSa1kfonC423i+E/hTybVqZHU1373+bj5M1
JA8tbNt/bWalcoyrV0xEIF/4LcvdoCmPPFkxHwk8KTrfhQIpBfUa9cGI0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDwgX0lef5X8toJSl25NeQ9cLtR2MB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvUENCZlNWNV9sZnkyZ2xLWGJrMTVEMXd1MUhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEfiMA0G
CSqGSIb3DQEBCwUAA4IBAQA2b+jPMvymeCpc5Z90YCQ8U6bpSR4n8cA+u7+WdeNQ
NeQ/B6OmEfc6V+eV8/7wvMNy47o3DukC/Zb4cZr8DQQaIzI/K2AuSotqybMso2Iu
NsOCcX7OGWGKiFedHDUnrjZP439H0W0QdwLowOuY1Xs8zy/UvSFcbA0ZeEH+oVIa
RsbV4KYH2mT7N+gIQO6nSPNul5rsCYUrDkfkLgeQa7mS1egP/r0/JeE3U/mTAGnG
fHLpymiZa47SsyDZSI2J40/aRKY1IwRXO1hvKMZds+4THUm8y+mgkEOnnKId+hdv
KztMK6FaMxGdUcOLGh0hXFx58aEKGOslDUCL9KNnwSme
-----END CERTIFICATE-----