Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/e13a01-c00b-4956-ab3a-309a4970bbfd/1/PvPU81TFBeDXk2EKlUSmzzxcMkA.roa
File:                     PvPU81TFBeDXk2EKlUSmzzxcMkA.roa (raw, json)
Hash identifier:          KzfZUFAwG2dtp/Gz8RixM3UM6+HnXct5SooKvacgKw8=
Subject key identifier:   3E:F3:D4:F3:54:C5:05:E0:D7:93:61:0A:95:44:A6:CF:3C:5C:32:40
Certificate issuer:       /CN=20f5307242fe3c95327b3220a1da5bffd12524fe
Certificate serial:       018D10AEB248EF31F3D339AF9CD726B76B7A
Authority key identifier: 20:F5:30:72:42:FE:3C:95:32:7B:32:20:A1:DA:5B:FF:D1:25:24:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IPUwckL-PJUyezIgodpb_9ElJP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/e13a01-c00b-4956-ab3a-309a4970bbfd/1/PvPU81TFBeDXk2EKlUSmzzxcMkA.roa
Signing time:             Tue 16 Jan 2024 05:11:40 +0000
ROA not before:           Tue 16 Jan 2024 05:11:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212030
IP address blocks:        194.33.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/e13a01-c00b-4956-ab3a-309a4970bbfd/1/IPUwckL-PJUyezIgodpb_9ElJP4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/e13a01-c00b-4956-ab3a-309a4970bbfd/1/IPUwckL-PJUyezIgodpb_9ElJP4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IPUwckL-PJUyezIgodpb_9ElJP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:10:ae:b2:48:ef:31:f3:d3:39:af:9c:d7:26:b7:6b:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20f5307242fe3c95327b3220a1da5bffd12524fe
        Validity
            Not Before: Jan 16 05:11:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ef3d4f354c505e0d793610a9544a6cf3c5c3240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:8f:b4:56:da:59:e3:7a:a9:62:81:8f:7b:8f:
                    09:54:12:18:17:82:10:be:be:b0:59:06:6c:36:58:
                    d3:e7:6d:08:45:58:96:53:cc:11:e5:8d:12:a7:10:
                    d7:49:a3:ad:ad:2a:5c:43:18:64:bf:c2:b8:10:13:
                    dd:21:2d:d4:fb:3b:ae:95:e4:5e:3f:63:04:73:bc:
                    21:7d:35:6e:26:ce:5d:a5:c0:6d:3c:20:92:6f:d9:
                    72:d5:8d:af:e4:df:35:bc:34:57:b2:4e:c0:22:68:
                    dd:36:b0:ba:3f:6e:f1:53:9e:d0:9f:48:be:7f:3f:
                    24:0f:b0:bf:e7:7b:4b:ae:c3:bf:c5:26:44:34:26:
                    a9:bd:63:d4:1a:b2:f2:56:17:86:04:b7:65:42:c4:
                    26:24:e1:f0:2e:d9:47:84:ae:a3:34:ff:1b:92:03:
                    4a:ca:ac:00:9f:8a:2c:82:8c:05:c8:85:b9:0d:d3:
                    11:f9:1e:41:7f:30:5d:f7:b2:a8:22:91:37:b0:ad:
                    d4:33:c3:08:66:b0:28:d8:19:8c:c2:fa:37:a7:13:
                    e9:c0:59:fa:69:68:4e:8d:ca:87:5f:5a:45:32:70:
                    65:8f:a0:b8:f4:9c:0d:b1:ed:0a:e1:19:54:10:a8:
                    35:61:7a:d8:38:80:20:99:c2:6f:38:a5:06:57:1d:
                    13:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:F3:D4:F3:54:C5:05:E0:D7:93:61:0A:95:44:A6:CF:3C:5C:32:40
            X509v3 Authority Key Identifier:
                keyid:20:F5:30:72:42:FE:3C:95:32:7B:32:20:A1:DA:5B:FF:D1:25:24:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPUwckL-PJUyezIgodpb_9ElJP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/e13a01-c00b-4956-ab3a-309a4970bbfd/1/PvPU81TFBeDXk2EKlUSmzzxcMkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/e13a01-c00b-4956-ab3a-309a4970bbfd/1/IPUwckL-PJUyezIgodpb_9ElJP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:4e:16:c0:9c:d7:4e:94:2b:52:d0:0b:e5:f7:b4:4e:e7:69:
         26:56:40:c2:43:52:b7:96:bf:7b:0b:0d:83:a0:2c:4b:cb:71:
         e3:53:b2:27:75:d6:c2:48:29:b5:f6:0d:b7:77:b7:dd:8a:b8:
         bc:dd:0c:98:89:ed:2c:cd:97:7e:e6:6f:2b:41:68:a0:48:a1:
         9f:84:29:a8:0b:dd:51:fb:c5:d0:b7:2e:63:69:93:94:20:a3:
         76:cf:9a:56:a1:72:6b:1c:50:9e:db:e2:4a:bf:3e:b3:f9:03:
         5d:7f:2f:64:56:24:15:1a:88:e1:2d:09:02:c3:b0:26:b7:c8:
         c9:52:93:e8:2a:bd:a3:73:6b:cc:ea:e3:26:c9:3f:1a:10:42:
         47:f0:53:31:cd:b4:eb:c1:7e:38:41:11:a7:ca:bc:90:c2:9f:
         c2:85:2d:40:26:a1:ac:21:7b:d1:5f:a3:20:1a:34:19:ab:d7:
         9c:fd:a3:6f:f6:e4:04:91:d6:b9:62:31:73:6b:45:17:83:fd:
         18:3f:bd:85:4d:73:5a:41:a0:43:4d:00:02:de:14:5e:3b:1d:
         19:46:41:ac:a2:3c:2f:c3:f5:72:08:5a:3e:bd:d5:cf:3d:1f:
         49:49:6c:71:e8:9d:03:48:b9:d6:b3:41:4d:ac:c4:97:14:cc:
         5f:76:28:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0QrrJI7zHz0zmvnNcmt2t6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZjUzMDcyNDJmZTNjOTUzMjdiMzIyMGExZGE1YmZmZDEy
NTI0ZmUwHhcNMjQwMTE2MDUxMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWYzZDRmMzU0YzUwNWUwZDc5MzYxMGE5NTQ0YTZjZjNjNWMzMjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4+0VtpZ43qpYoGPe48JVBIYF4IQ
vr6wWQZsNljT520IRViWU8wR5Y0SpxDXSaOtrSpcQxhkv8K4EBPdIS3U+zuuleRe
P2MEc7whfTVuJs5dpcBtPCCSb9ly1Y2v5N81vDRXsk7AImjdNrC6P27xU57Qn0i+
fz8kD7C/53tLrsO/xSZENCapvWPUGrLyVheGBLdlQsQmJOHwLtlHhK6jNP8bkgNK
yqwAn4osgowFyIW5DdMR+R5BfzBd97KoIpE3sK3UM8MIZrAo2BmMwvo3pxPpwFn6
aWhOjcqHX1pFMnBlj6C49JwNse0K4RlUEKg1YXrYOIAgmcJvOKUGVx0TxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7z1PNUxQXg15NhCpVEps88XDJAMB8GA1UdIwQY
MBaAFCD1MHJC/jyVMnsyIKHaW//RJST+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVBVd2NrTC1QSlV5ZXpJZ29kcGJfOUVsSlA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lMTNhMDEtYzAwYi00OTU2LWFiM2Et
MzA5YTQ5NzBiYmZkLzEvUHZQVTgxVEZCZURYazJFS2xVU216enhjTWtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lMTNhMDEtYzAwYi00OTU2LWFiM2EtMzA5YTQ5NzBiYmZk
LzEvSVBVd2NrTC1QSlV5ZXpJZ29kcGJfOUVsSlA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiEXMA0G
CSqGSIb3DQEBCwUAA4IBAQCBThbAnNdOlCtS0Avl97RO52kmVkDCQ1K3lr97Cw2D
oCxLy3HjU7InddbCSCm19g23d7fdiri83QyYie0szZd+5m8rQWigSKGfhCmoC91R
+8XQty5jaZOUIKN2z5pWoXJrHFCe2+JKvz6z+QNdfy9kViQVGojhLQkCw7Amt8jJ
UpPoKr2jc2vM6uMmyT8aEEJH8FMxzbTrwX44QRGnyryQwp/ChS1AJqGsIXvRX6Mg
GjQZq9ec/aNv9uQEkda5YjFza0UXg/0YP72FTXNaQaBDTQAC3hReOx0ZRkGsojwv
w/VyCFo+vdXPPR9JSWxx6J0DSLnWs0FNrMSXFMxfdihi
-----END CERTIFICATE-----