Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/pdeX3UTRJYihda8ucxvyOvEBlEg.roa
File:                     pdeX3UTRJYihda8ucxvyOvEBlEg.roa (raw, json)
Hash identifier:          nt1CXZ5oduz7ro4Qx0MTGK9Gk6hfpb37Qgi5PeyvT1s=
Subject key identifier:   A5:D7:97:DD:44:D1:25:88:A1:75:AF:2E:73:1B:F2:3A:F1:01:94:48
Certificate issuer:       /CN=a9ec57bc8464fec2e9a1b098ffce34c21aaf9ca6
Certificate serial:       018CC726F98CB1F7F0F65F13869DBF33904D
Authority key identifier: A9:EC:57:BC:84:64:FE:C2:E9:A1:B0:98:FF:CE:34:C2:1A:AF:9C:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qexXvIRk_sLpobCY_840whqvnKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/pdeX3UTRJYihda8ucxvyOvEBlEg.roa
Signing time:             Mon 01 Jan 2024 22:31:09 +0000
ROA not before:           Mon 01 Jan 2024 22:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205143
IP address blocks:        185.229.108.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/qexXvIRk_sLpobCY_840whqvnKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/qexXvIRk_sLpobCY_840whqvnKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qexXvIRk_sLpobCY_840whqvnKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f9:8c:b1:f7:f0:f6:5f:13:86:9d:bf:33:90:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9ec57bc8464fec2e9a1b098ffce34c21aaf9ca6
        Validity
            Not Before: Jan  1 22:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5d797dd44d12588a175af2e731bf23af1019448
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:69:a7:5c:00:50:7d:7a:ac:fb:58:7e:2b:25:
                    39:e4:64:6e:1e:62:09:e2:9e:46:7a:26:66:d5:04:
                    61:e4:32:9a:12:7f:8d:07:02:be:2f:dc:4a:08:4c:
                    8f:c4:cd:8c:81:a6:66:76:89:1e:71:18:3f:4b:3d:
                    eb:8a:4c:3e:b9:30:40:70:4d:88:d3:19:5e:82:43:
                    50:ff:93:8a:38:37:a6:96:fb:66:9c:31:86:6c:7a:
                    00:03:e0:42:1a:53:0b:30:46:6b:b1:7d:56:b2:67:
                    eb:82:de:22:06:81:b7:e9:53:59:83:ee:eb:01:dd:
                    fe:76:1a:f7:e6:45:71:91:16:19:bc:b9:33:bb:89:
                    45:d2:9d:da:0c:42:a2:02:9b:c7:2b:db:4e:13:9d:
                    e7:77:d8:d5:86:c1:d3:bd:5a:0c:fb:ea:9f:e0:48:
                    44:9d:36:9e:0f:8f:9d:a3:d2:81:22:e4:9f:93:78:
                    a6:c2:78:b4:00:cf:b0:35:04:fe:3a:fa:35:65:d0:
                    19:cf:7a:76:89:c5:2b:1f:7b:6a:6e:c5:f1:43:72:
                    88:3e:81:a7:e3:a1:ec:07:30:00:13:6d:80:03:e8:
                    fe:03:31:5e:f0:f4:45:12:ba:8e:2a:61:cb:0d:26:
                    04:21:3d:b0:74:54:c5:02:6d:e4:13:06:da:c0:63:
                    ac:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:D7:97:DD:44:D1:25:88:A1:75:AF:2E:73:1B:F2:3A:F1:01:94:48
            X509v3 Authority Key Identifier:
                keyid:A9:EC:57:BC:84:64:FE:C2:E9:A1:B0:98:FF:CE:34:C2:1A:AF:9C:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qexXvIRk_sLpobCY_840whqvnKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/pdeX3UTRJYihda8ucxvyOvEBlEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/qexXvIRk_sLpobCY_840whqvnKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:6a:bf:b8:d3:9d:51:aa:2b:3d:99:cd:dc:05:6f:d7:92:2a:
         19:b3:2b:c6:de:a4:72:33:42:c1:e3:87:e2:46:35:ba:4f:b6:
         cc:ea:51:27:c4:21:3c:40:03:5d:96:78:88:4e:ca:56:3a:9e:
         67:c8:ae:c4:e9:32:60:b8:db:7f:f8:82:33:ea:bf:21:3c:a6:
         47:fc:d1:5d:d3:35:63:df:c7:69:49:5f:44:6e:82:b7:40:48:
         99:3a:52:10:94:b4:de:bb:f7:fb:cd:23:a9:60:d7:87:2e:93:
         4c:fb:35:51:e4:2e:e5:0a:d3:35:74:94:1e:0e:31:2e:fe:c3:
         98:9f:c5:51:4e:e9:ce:cb:79:e9:93:04:91:81:6c:a0:d1:db:
         0e:53:f7:04:67:1f:1f:a8:26:b8:9b:40:1f:f7:4c:1c:3b:ce:
         20:41:50:4b:60:61:d6:db:55:ed:c2:ec:dd:ad:33:93:34:15:
         d8:9a:a1:e2:c1:6b:90:49:5e:d1:44:35:c6:f6:ed:2f:92:dc:
         65:b1:ac:85:2b:1c:41:25:65:f7:a7:ed:10:12:bf:da:28:6a:
         bb:f3:dd:fa:ce:71:82:35:1e:34:b9:ae:a2:77:72:f3:35:ff:
         95:27:61:80:41:91:81:b9:79:4e:c4:c5:22:5f:7b:c1:ed:11:
         41:19:5c:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJvmMsffw9l8Thp2/M5BNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ZWM1N2JjODQ2NGZlYzJlOWExYjA5OGZmY2UzNGMyMWFh
ZjljYTYwHhcNMjQwMTAxMjIzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWQ3OTdkZDQ0ZDEyNTg4YTE3NWFmMmU3MzFiZjIzYWYxMDE5NDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGmnXABQfXqs+1h+KyU55GRuHmIJ
4p5GeiZm1QRh5DKaEn+NBwK+L9xKCEyPxM2MgaZmdokecRg/Sz3rikw+uTBAcE2I
0xlegkNQ/5OKODemlvtmnDGGbHoAA+BCGlMLMEZrsX1Wsmfrgt4iBoG36VNZg+7r
Ad3+dhr35kVxkRYZvLkzu4lF0p3aDEKiApvHK9tOE53nd9jVhsHTvVoM++qf4EhE
nTaeD4+do9KBIuSfk3imwni0AM+wNQT+Ovo1ZdAZz3p2icUrH3tqbsXxQ3KIPoGn
46HsBzAAE22AA+j+AzFe8PRFErqOKmHLDSYEIT2wdFTFAm3kEwbawGOsEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKXXl91E0SWIoXWvLnMb8jrxAZRIMB8GA1UdIwQY
MBaAFKnsV7yEZP7C6aGwmP/ONMIar5ymMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWV4WHZJUmtfc0xwb2JDWV84NDB3aHF2bktZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy80MWI0MGMtZjNiNi00MGI4LTg0MGMt
MTlhM2M1NjQ5YjU3LzEvcGRlWDNVVFJKWWloZGE4dWN4dnlPdkVCbEVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy80MWI0MGMtZjNiNi00MGI4LTg0MGMtMTlhM2M1NjQ5YjU3
LzEvcWV4WHZJUmtfc0xwb2JDWV84NDB3aHF2bktZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueVsMA0G
CSqGSIb3DQEBCwUAA4IBAQAWar+4051Rqis9mc3cBW/XkioZsyvG3qRyM0LB44fi
RjW6T7bM6lEnxCE8QANdlniITspWOp5nyK7E6TJguNt/+IIz6r8hPKZH/NFd0zVj
38dpSV9EboK3QEiZOlIQlLTeu/f7zSOpYNeHLpNM+zVR5C7lCtM1dJQeDjEu/sOY
n8VRTunOy3npkwSRgWyg0dsOU/cEZx8fqCa4m0Af90wcO84gQVBLYGHW21Xtwuzd
rTOTNBXYmqHiwWuQSV7RRDXG9u0vktxlsayFKxxBJWX3p+0QEr/aKGq78936znGC
NR40ua6id3LzNf+VJ2GAQZGBuXlOxMUiX3vB7RFBGVyl
-----END CERTIFICATE-----