Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/2fac9f-618c-42f6-9483-777f86166221/1/PBk_Ma-OG7pFUlpVpcBf7OV8js4.roa
File:                     PBk_Ma-OG7pFUlpVpcBf7OV8js4.roa (raw, json)
Hash identifier:          WRY9TmcHxQnl8v6+C+QdT7t0mAIE2wqrn2QLGd+GOj8=
Subject key identifier:   3C:19:3F:31:AF:8E:1B:BA:45:52:5A:55:A5:C0:5F:EC:E5:7C:8E:CE
Certificate issuer:       /CN=fac089a9cd6a0375bae499cc06a4caa3071b5d4c
Certificate serial:       018CC8DE399B61E5E2170FE78BA86DFFC903
Authority key identifier: FA:C0:89:A9:CD:6A:03:75:BA:E4:99:CC:06:A4:CA:A3:07:1B:5D:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-sCJqc1qA3W65JnMBqTKowcbXUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/2fac9f-618c-42f6-9483-777f86166221/1/PBk_Ma-OG7pFUlpVpcBf7OV8js4.roa
Signing time:             Tue 02 Jan 2024 06:30:56 +0000
ROA not before:           Tue 02 Jan 2024 06:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15924
IP address blocks:        193.35.200.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/2fac9f-618c-42f6-9483-777f86166221/1/1-sCJqc1qA3W65JnMBqTKowcbXUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/2fac9f-618c-42f6-9483-777f86166221/1/1-sCJqc1qA3W65JnMBqTKowcbXUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-sCJqc1qA3W65JnMBqTKowcbXUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:39:9b:61:e5:e2:17:0f:e7:8b:a8:6d:ff:c9:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fac089a9cd6a0375bae499cc06a4caa3071b5d4c
        Validity
            Not Before: Jan  2 06:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c193f31af8e1bba45525a55a5c05fece57c8ece
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:bb:b7:91:b4:60:36:9c:b9:b1:76:c2:bc:33:
                    7e:08:44:e1:09:d5:b1:01:bf:ba:8d:53:66:62:c8:
                    2f:cb:25:b2:d5:be:45:84:7b:f7:c0:d6:8e:81:3b:
                    25:b0:aa:a5:b6:4a:aa:b1:89:c5:80:23:15:2a:5a:
                    74:f4:3a:48:18:78:75:0c:ff:6b:62:c4:bf:44:5e:
                    2c:c8:fd:d9:eb:16:d6:38:18:bf:e1:3e:5d:7a:19:
                    b7:c7:64:bc:a2:24:3a:a6:eb:3f:70:f4:b3:90:91:
                    e8:46:24:2e:97:de:01:3e:8a:56:10:c6:66:4f:06:
                    05:1f:05:c5:fe:49:ba:6b:d0:1e:e7:30:37:4f:b3:
                    83:f4:09:82:7e:98:04:21:4f:2c:69:76:fa:9a:73:
                    06:02:bc:ec:ba:5c:3c:bf:a3:f3:2e:b2:fd:30:76:
                    9f:72:27:0a:69:a0:47:ce:be:d3:c4:7b:b2:9b:85:
                    1e:3c:5c:43:d2:16:60:43:51:78:fa:ce:64:3c:73:
                    e5:18:57:a8:f1:17:05:01:c9:aa:47:df:ff:15:61:
                    5d:26:bd:69:86:d1:b3:3c:25:97:5d:1a:fb:a5:88:
                    b7:ab:66:95:85:9b:82:85:e9:1d:64:50:0d:02:0a:
                    44:df:bf:38:e4:9b:de:43:d1:44:83:a8:29:07:66:
                    ba:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:19:3F:31:AF:8E:1B:BA:45:52:5A:55:A5:C0:5F:EC:E5:7C:8E:CE
            X509v3 Authority Key Identifier:
                keyid:FA:C0:89:A9:CD:6A:03:75:BA:E4:99:CC:06:A4:CA:A3:07:1B:5D:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-sCJqc1qA3W65JnMBqTKowcbXUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/2fac9f-618c-42f6-9483-777f86166221/1/PBk_Ma-OG7pFUlpVpcBf7OV8js4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/2fac9f-618c-42f6-9483-777f86166221/1/1-sCJqc1qA3W65JnMBqTKowcbXUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:1d:23:4f:bf:19:05:24:94:5f:cd:5e:28:d7:6a:9a:bd:48:
         67:bd:d1:80:d8:ce:ae:a4:1f:62:91:5b:2f:31:6b:76:54:a3:
         62:3e:46:c2:87:e5:8f:48:f5:20:86:fb:04:7b:5b:67:6c:cb:
         50:d5:9c:53:52:70:d1:5a:b8:dc:85:ef:52:97:55:ba:4f:a2:
         cc:0c:f5:31:28:64:eb:82:b3:cc:9f:b9:de:7f:a3:03:f4:12:
         8f:05:b8:fa:02:eb:c3:e6:4f:9b:45:cd:e9:57:0e:ab:f3:a1:
         f4:2f:eb:f9:d9:f0:e6:ff:30:9d:ef:72:bf:ad:90:f8:96:3a:
         46:59:c1:d8:77:b4:ff:f7:29:5a:45:8a:84:8d:e3:b5:dc:d7:
         a4:b3:01:f6:52:04:ff:37:a6:5f:a2:f9:3d:64:35:29:c6:db:
         d4:f7:1e:2c:51:e5:26:03:09:d3:dd:c2:da:d4:59:f8:70:fc:
         b7:b6:e0:3b:74:fd:93:0e:95:81:87:06:36:5a:f4:de:d8:cf:
         12:b3:e3:88:83:39:ef:af:91:7e:31:2d:c2:6b:df:af:6c:6b:
         9b:70:eb:9c:a3:aa:85:47:5d:35:fb:0a:0c:c7:bf:ed:fa:79:
         0c:f8:c3:6e:eb:bb:63:d3:1e:b1:84:63:c5:1e:9e:26:6d:a6:
         2a:8d:a8:6b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzI3jmbYeXiFw/ni6ht/8kDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhYzA4OWE5Y2Q2YTAzNzViYWU0OTljYzA2YTRjYWEzMDcx
YjVkNGMwHhcNMjQwMTAyMDYzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzE5M2YzMWFmOGUxYmJhNDU1MjVhNTVhNWMwNWZlY2U1N2M4ZWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLu3kbRgNpy5sXbCvDN+CEThCdWx
Ab+6jVNmYsgvyyWy1b5FhHv3wNaOgTslsKqltkqqsYnFgCMVKlp09DpIGHh1DP9r
YsS/RF4syP3Z6xbWOBi/4T5dehm3x2S8oiQ6pus/cPSzkJHoRiQul94BPopWEMZm
TwYFHwXF/km6a9Ae5zA3T7OD9AmCfpgEIU8saXb6mnMGArzsulw8v6PzLrL9MHaf
cicKaaBHzr7TxHuym4UePFxD0hZgQ1F4+s5kPHPlGFeo8RcFAcmqR9//FWFdJr1p
htGzPCWXXRr7pYi3q2aVhZuChekdZFANAgpE37845JveQ9FEg6gpB2a6rQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDwZPzGvjhu6RVJaVaXAX+zlfI7OMB8GA1UdIwQY
MBaAFPrAianNagN1uuSZzAakyqMHG11MMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1zQ0pxYzFxQTNXNjVKbk1CcVRLb3djYlhVdy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGIvMmZhYzlmLTYxOGMtNDJmNi05NDgz
LTc3N2Y4NjE2NjIyMS8xL1BCa19NYS1PRzdwRlVscFZwY0JmN09WOGpzNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGIvMmZhYzlmLTYxOGMtNDJmNi05NDgzLTc3N2Y4NjE2NjIy
MS8xLzEtc0NKcWMxcUEzVzY1Sm5NQnFUS293Y2JYVXcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALBI8gw
DQYJKoZIhvcNAQELBQADggEBAEIdI0+/GQUklF/NXijXapq9SGe90YDYzq6kH2KR
Wy8xa3ZUo2I+RsKH5Y9I9SCG+wR7W2dsy1DVnFNScNFauNyF71KXVbpPoswM9TEo
ZOuCs8yfud5/owP0Eo8FuPoC68PmT5tFzelXDqvzofQv6/nZ8Ob/MJ3vcr+tkPiW
OkZZwdh3tP/3KVpFioSN47Xc16SzAfZSBP83pl+i+T1kNSnG29T3HixR5SYDCdPd
wtrUWfhw/Le24Dt0/ZMOlYGHBjZa9N7YzxKz44iDOe+vkX4xLcJr369sa5tw65yj
qoVHXTX7CgzHv+36eQz4w27ru2PTHrGEY8UeniZtpiqNqGs=
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:13:15 2024 by rpki-client on console-ams.rpki-client.org