Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/783da5-6572-413d-9d6b-094d0db1ad2c/1/PNlPfRnBWhvw5B0PnPaVkbth6VU.roa
File:                     PNlPfRnBWhvw5B0PnPaVkbth6VU.roa (raw, json)
Hash identifier:          +p2AiQR2ITKnah7oc/FGfndpiicS1VTyc074QK0SfTw=
Subject key identifier:   3C:D9:4F:7D:19:C1:5A:1B:F0:E4:1D:0F:9C:F6:95:91:BB:61:E9:55
Certificate issuer:       /CN=f8d6ddee34c5bb8ec0eb919ce2656bf0cd855d54
Certificate serial:       0191FF8C942A62DF8DE9C7B4ECE61DAE660E
Authority key identifier: F8:D6:DD:EE:34:C5:BB:8E:C0:EB:91:9C:E2:65:6B:F0:CD:85:5D:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Nbd7jTFu47A65Gc4mVr8M2FXVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/783da5-6572-413d-9d6b-094d0db1ad2c/1/PNlPfRnBWhvw5B0PnPaVkbth6VU.roa
Signing time:             Tue 17 Sep 2024 10:34:48 +0000
ROA not before:           Tue 17 Sep 2024 10:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208653
IP address blocks:        5.183.136.0/22 maxlen: 22
                          2a0e:dc00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/783da5-6572-413d-9d6b-094d0db1ad2c/1/1-Nbd7jTFu47A65Gc4mVr8M2FXVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/783da5-6572-413d-9d6b-094d0db1ad2c/1/1-Nbd7jTFu47A65Gc4mVr8M2FXVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-Nbd7jTFu47A65Gc4mVr8M2FXVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ff:8c:94:2a:62:df:8d:e9:c7:b4:ec:e6:1d:ae:66:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8d6ddee34c5bb8ec0eb919ce2656bf0cd855d54
        Validity
            Not Before: Sep 17 10:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cd94f7d19c15a1bf0e41d0f9cf69591bb61e955
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:4a:4e:83:60:ad:79:6f:d8:d2:6e:cb:d6:9e:
                    d8:55:e0:71:e0:66:4b:0f:51:fa:1c:f8:b3:b4:b1:
                    65:76:8b:10:2e:e9:e5:f9:cc:42:e7:96:bf:0f:df:
                    7a:d5:99:f5:61:da:90:f1:de:a5:5b:59:39:3e:1e:
                    97:7e:a3:7b:88:fe:63:43:94:09:cf:64:73:b5:61:
                    c4:76:5a:3f:ec:ec:db:f1:96:fa:3a:f7:e9:df:e5:
                    f5:82:26:a1:42:3f:be:12:ca:ed:ae:a8:a7:75:bc:
                    ac:64:96:0d:dd:44:ee:8f:80:97:89:99:7f:71:4f:
                    6e:ca:32:6f:36:6b:19:f4:8c:6d:5f:38:f4:0b:2a:
                    eb:97:48:09:e3:44:87:20:62:28:d2:42:ab:12:ed:
                    a5:c6:88:08:e9:bd:b2:78:da:c0:63:72:ac:d7:87:
                    77:cf:68:1d:fd:d7:65:78:0d:09:92:06:89:27:7d:
                    1d:2d:be:87:14:b9:d6:29:b8:27:6e:4d:9b:0e:99:
                    20:72:ed:08:92:c9:d7:4a:63:ae:37:34:88:e5:f5:
                    af:55:d3:2a:bf:b4:49:f3:4e:eb:4b:8b:6b:e5:bb:
                    4d:d7:1e:58:6c:cf:fd:fc:f9:7c:ba:7a:45:91:8d:
                    0d:60:f1:45:9b:c6:d5:fd:37:d7:0f:02:28:66:d2:
                    2a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:D9:4F:7D:19:C1:5A:1B:F0:E4:1D:0F:9C:F6:95:91:BB:61:E9:55
            X509v3 Authority Key Identifier:
                keyid:F8:D6:DD:EE:34:C5:BB:8E:C0:EB:91:9C:E2:65:6B:F0:CD:85:5D:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Nbd7jTFu47A65Gc4mVr8M2FXVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/783da5-6572-413d-9d6b-094d0db1ad2c/1/PNlPfRnBWhvw5B0PnPaVkbth6VU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/783da5-6572-413d-9d6b-094d0db1ad2c/1/1-Nbd7jTFu47A65Gc4mVr8M2FXVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.136.0/22
                IPv6:
                  2a0e:dc00::/32

    Signature Algorithm: sha256WithRSAEncryption
         26:76:53:ca:1b:cd:0f:3a:7c:e2:64:26:82:c0:f6:7e:5e:b3:
         d2:d4:a9:b9:c5:d2:3e:46:4d:50:d0:aa:b1:aa:cd:fe:41:88:
         41:52:27:27:d0:5f:21:e2:ab:b3:4f:1b:88:95:a3:b8:c9:d9:
         1a:35:53:47:b4:46:e4:4b:63:28:8a:20:7e:51:88:a3:99:2d:
         6c:d7:f9:7c:25:9d:aa:32:cb:43:ef:11:16:13:01:dc:bc:a4:
         6c:a7:1a:db:1e:db:e2:b3:26:22:e2:6b:a2:ae:aa:81:cc:71:
         ef:08:1c:3e:b2:ee:72:e0:01:36:d0:53:ef:64:a1:f2:48:8b:
         b2:a7:ad:76:4c:70:ee:a0:a6:71:f6:1c:92:1e:f5:45:89:54:
         3a:ac:29:14:f1:aa:5d:45:b2:03:17:0e:e8:79:1c:57:3d:b0:
         ed:a0:ea:42:b6:6c:f7:a4:af:2a:38:da:5e:3e:0d:53:b7:67:
         c7:d2:46:e2:54:94:f0:13:73:dc:af:b6:79:34:b8:1b:2c:34:
         30:4d:3a:5f:94:7f:34:5c:06:50:e2:fc:3b:9b:35:38:80:a3:
         b2:aa:f2:26:e5:b2:2e:c1:01:66:2a:8c:df:2a:b4:40:dc:9a:
         54:3f:17:ab:ce:2b:8a:a3:23:a0:77:a0:83:9d:01:bc:a5:72:
         3a:16:5e:81
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZH/jJQqYt+N6ce07OYdrmYOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZDZkZGVlMzRjNWJiOGVjMGViOTE5Y2UyNjU2YmYwY2Q4
NTVkNTQwHhcNMjQwOTE3MTAzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2Q5NGY3ZDE5YzE1YTFiZjBlNDFkMGY5Y2Y2OTU5MWJiNjFlOTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEpOg2CteW/Y0m7L1p7YVeBx4GZL
D1H6HPiztLFldosQLunl+cxC55a/D9961Zn1YdqQ8d6lW1k5Ph6XfqN7iP5jQ5QJ
z2RztWHEdlo/7Ozb8Zb6Ovfp3+X1giahQj++EsrtrqindbysZJYN3UTuj4CXiZl/
cU9uyjJvNmsZ9IxtXzj0Cyrrl0gJ40SHIGIo0kKrEu2lxogI6b2yeNrAY3Ks14d3
z2gd/ddleA0JkgaJJ30dLb6HFLnWKbgnbk2bDpkgcu0IksnXSmOuNzSI5fWvVdMq
v7RJ807rS4tr5btN1x5YbM/9/Pl8unpFkY0NYPFFm8bV/TfXDwIoZtIqdwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDzZT30ZwVob8OQdD5z2lZG7YelVMB8GA1UdIwQY
MBaAFPjW3e40xbuOwOuRnOJla/DNhV1UMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1OYmQ3alRGdTQ3QTY1R2M0bVZyOE0yRlhWUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTYvNzgzZGE1LTY1NzItNDEzZC05ZDZi
LTA5NGQwZGIxYWQyYy8xL1BObFBmUm5CV2h2dzVCMFBuUGFWa2J0aDZWVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTYvNzgzZGE1LTY1NzItNDEzZC05ZDZiLTA5NGQwZGIxYWQy
Yy8xLzEtTmJkN2pURnU0N0E2NUdjNG1WcjhNMkZYVlEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAIFt4gw
DQQCAAIwBwMFACoO3AAwDQYJKoZIhvcNAQELBQADggEBACZ2U8obzQ86fOJkJoLA
9n5es9LUqbnF0j5GTVDQqrGqzf5BiEFSJyfQXyHiq7NPG4iVo7jJ2Ro1U0e0RuRL
YyiKIH5RiKOZLWzX+Xwlnaoyy0PvERYTAdy8pGynGtse2+KzJiLia6KuqoHMce8I
HD6y7nLgATbQU+9kofJIi7KnrXZMcO6gpnH2HJIe9UWJVDqsKRTxql1FsgMXDuh5
HFc9sO2g6kK2bPekryo42l4+DVO3Z8fSRuJUlPATc9yvtnk0uBssNDBNOl+UfzRc
BlDi/DubNTiAo7Kq8iblsi7BAWYqjN8qtEDcmlQ/F6vOK4qjI6B3oIOdAbylcjoW
XoE=
-----END CERTIFICATE-----