Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/bcd5e8-5d1f-46b1-96bc-39a66cbe1e4d/1/PPGaCqZQ_QQkLSvRRFbRHsQw30A.roa
File:                     PPGaCqZQ_QQkLSvRRFbRHsQw30A.roa (raw, json)
Hash identifier:          ceGf1oE6s24qvqlD8ZtyRWnXzCn1240WNvc6YnJS8YY=
Subject key identifier:   3C:F1:9A:0A:A6:50:FD:04:24:2D:2B:D1:44:56:D1:1E:C4:30:DF:40
Certificate issuer:       /CN=d1fd3436d7a19a7343fa800d87a01af183da318b
Certificate serial:       018CC79417F8BC062D7EEEF8E1B3687F6E84
Authority key identifier: D1:FD:34:36:D7:A1:9A:73:43:FA:80:0D:87:A0:1A:F1:83:DA:31:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0f00NtehmnND-oANh6Aa8YPaMYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/bcd5e8-5d1f-46b1-96bc-39a66cbe1e4d/1/PPGaCqZQ_QQkLSvRRFbRHsQw30A.roa
Signing time:             Tue 02 Jan 2024 00:30:20 +0000
ROA not before:           Tue 02 Jan 2024 00:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        185.13.208.0/22 maxlen: 24
                          2a03:a540::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/bcd5e8-5d1f-46b1-96bc-39a66cbe1e4d/1/0f00NtehmnND-oANh6Aa8YPaMYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/bcd5e8-5d1f-46b1-96bc-39a66cbe1e4d/1/0f00NtehmnND-oANh6Aa8YPaMYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0f00NtehmnND-oANh6Aa8YPaMYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:17:f8:bc:06:2d:7e:ee:f8:e1:b3:68:7f:6e:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1fd3436d7a19a7343fa800d87a01af183da318b
        Validity
            Not Before: Jan  2 00:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cf19a0aa650fd04242d2bd14456d11ec430df40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ee:91:48:6d:c2:4a:ea:79:a5:9a:2e:38:d4:
                    4a:dd:fa:61:91:64:cc:cb:4e:4d:ee:15:65:1d:79:
                    43:a8:1a:ba:d7:95:00:be:ee:f3:e4:19:d1:37:8a:
                    bb:78:68:b8:ba:4b:fc:f9:55:06:a0:18:64:34:87:
                    8f:c6:df:87:ac:08:f5:1a:97:0e:b0:b0:42:cb:24:
                    37:d9:98:65:ae:9d:8b:d4:49:73:62:eb:ea:0a:94:
                    a3:0b:9d:37:60:dd:d1:9b:9c:55:3b:57:0e:53:83:
                    ab:cf:d8:9f:b7:99:66:a2:28:91:a2:07:ee:8c:e9:
                    2e:d5:83:57:96:8c:bb:9d:d8:34:41:0e:c9:f2:74:
                    f1:4d:3f:ff:1c:1a:53:f0:dc:8a:c4:70:77:3c:2a:
                    d2:a7:de:aa:0a:12:79:a4:19:45:8c:65:fa:4c:68:
                    62:51:c6:c2:57:94:29:11:f0:89:74:64:8e:e5:cd:
                    66:02:80:78:76:05:a4:4e:c9:52:aa:2c:e7:f2:c7:
                    c5:e8:17:e2:2c:da:8c:56:67:55:3f:29:b3:5f:37:
                    5e:be:53:29:50:9b:79:e3:c0:d1:ea:92:46:c9:ef:
                    bb:7b:e1:8c:d2:5c:5d:ce:ee:bb:35:8e:9b:f4:3a:
                    7a:47:75:28:e3:49:2f:9d:db:6c:05:cd:7b:6c:69:
                    07:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:F1:9A:0A:A6:50:FD:04:24:2D:2B:D1:44:56:D1:1E:C4:30:DF:40
            X509v3 Authority Key Identifier:
                keyid:D1:FD:34:36:D7:A1:9A:73:43:FA:80:0D:87:A0:1A:F1:83:DA:31:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f00NtehmnND-oANh6Aa8YPaMYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/bcd5e8-5d1f-46b1-96bc-39a66cbe1e4d/1/PPGaCqZQ_QQkLSvRRFbRHsQw30A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/bcd5e8-5d1f-46b1-96bc-39a66cbe1e4d/1/0f00NtehmnND-oANh6Aa8YPaMYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.208.0/22
                IPv6:
                  2a03:a540::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:1e:8d:24:fc:95:84:c2:27:e9:3e:4b:20:a1:57:a4:1a:18:
         1a:ba:5a:24:ab:d0:a0:25:75:03:0c:1c:64:fe:38:19:06:26:
         85:42:96:ea:28:21:77:64:38:5b:92:da:b2:df:3b:f1:3e:9b:
         0c:43:a4:0a:31:ec:bc:71:25:dc:53:62:ec:ca:20:cb:04:3a:
         0c:c2:f5:31:e0:68:14:0c:3e:c2:8e:79:e1:89:c3:29:c5:33:
         66:f3:35:a6:4c:36:3c:81:5a:6d:27:b6:31:0c:6b:1a:5a:66:
         de:a4:49:17:dd:39:7d:20:9d:c6:b3:40:fb:71:b4:7c:32:d1:
         85:bb:c4:f3:eb:5a:6b:4a:ca:b4:ee:0c:84:74:8b:8c:4b:44:
         15:26:9b:cf:7a:aa:5e:3e:d7:29:7d:8f:17:6b:88:9e:b3:4f:
         b5:ad:57:47:4a:8f:ed:90:e5:72:80:64:56:4a:4e:e2:84:27:
         9f:b2:3c:06:d4:8f:fe:e3:be:3b:3f:de:89:ad:72:4e:2a:f4:
         e4:13:58:f4:f0:2f:5a:8a:f9:64:c1:ef:3a:f7:9f:fd:3a:9e:
         b9:19:b7:b5:44:de:b2:49:0e:df:07:93:03:97:cc:99:93:23:
         97:43:d0:f5:bd:cd:ca:ba:b7:53:f0:49:34:57:6f:95:fb:3c:
         e8:df:76:31
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlBf4vAYtfu744bNof26EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZmQzNDM2ZDdhMTlhNzM0M2ZhODAwZDg3YTAxYWYxODNk
YTMxOGIwHhcNMjQwMTAyMDAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2YxOWEwYWE2NTBmZDA0MjQyZDJiZDE0NDU2ZDExZWM0MzBkZjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+6RSG3CSup5pZouONRK3fphkWTM
y05N7hVlHXlDqBq615UAvu7z5BnRN4q7eGi4ukv8+VUGoBhkNIePxt+HrAj1GpcO
sLBCyyQ32Zhlrp2L1ElzYuvqCpSjC503YN3Rm5xVO1cOU4Orz9ift5lmoiiRogfu
jOku1YNXloy7ndg0QQ7J8nTxTT//HBpT8NyKxHB3PCrSp96qChJ5pBlFjGX6TGhi
UcbCV5QpEfCJdGSO5c1mAoB4dgWkTslSqizn8sfF6BfiLNqMVmdVPymzXzdevlMp
UJt548DR6pJGye+7e+GM0lxdzu67NY6b9Dp6R3Uo40kvndtsBc17bGkHzQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDzxmgqmUP0EJC0r0URW0R7EMN9AMB8GA1UdIwQY
MBaAFNH9NDbXoZpzQ/qADYegGvGD2jGLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGYwME50ZWhtbk5ELW9BTmg2QWE4WVBhTVlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9iY2Q1ZTgtNWQxZi00NmIxLTk2YmMt
MzlhNjZjYmUxZTRkLzEvUFBHYUNxWlFfUVFrTFN2UlJGYlJIc1F3MzBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9iY2Q1ZTgtNWQxZi00NmIxLTk2YmMtMzlhNjZjYmUxZTRk
LzEvMGYwME50ZWhtbk5ELW9BTmg2QWE4WVBhTVlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQ3QMA0E
AgACMAcDBQAqA6VAMA0GCSqGSIb3DQEBCwUAA4IBAQB/Ho0k/JWEwifpPksgoVek
Ghgaulokq9CgJXUDDBxk/jgZBiaFQpbqKCF3ZDhbktqy3zvxPpsMQ6QKMey8cSXc
U2LsyiDLBDoMwvUx4GgUDD7CjnnhicMpxTNm8zWmTDY8gVptJ7YxDGsaWmbepEkX
3Tl9IJ3Gs0D7cbR8MtGFu8Tz61prSsq07gyEdIuMS0QVJpvPeqpePtcpfY8Xa4ie
s0+1rVdHSo/tkOVygGRWSk7ihCefsjwG1I/+4747P96JrXJOKvTkE1j08C9aivlk
we8695/9Op65Gbe1RN6ySQ7fB5MDl8yZkyOXQ9D1vc3KurdT8Ek0V2+V+zzo33Yx
-----END CERTIFICATE-----