Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/74fe2c-87d1-468d-a121-d1095be7c48f/1/PCahx4W8qaXaNhSQdT-aWlx6dnk.roa
File:                     PCahx4W8qaXaNhSQdT-aWlx6dnk.roa (raw, json)
Hash identifier:          /20n1jrLeAXpuMHYsF4+WNLYTPs2JgEuRlMIej3Uigw=
Subject key identifier:   3C:26:A1:C7:85:BC:A9:A5:DA:36:14:90:75:3F:9A:5A:5C:7A:76:79
Certificate issuer:       /CN=79c8bf6850a7a7e2af34cc16236dd083094e0cee
Certificate serial:       018CCA2A94F703A0392705CC9A74ECA0551E
Authority key identifier: 79:C8:BF:68:50:A7:A7:E2:AF:34:CC:16:23:6D:D0:83:09:4E:0C:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eci_aFCnp-KvNMwWI23QgwlODO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/74fe2c-87d1-468d-a121-d1095be7c48f/1/PCahx4W8qaXaNhSQdT-aWlx6dnk.roa
Signing time:             Tue 02 Jan 2024 12:33:57 +0000
ROA not before:           Tue 02 Jan 2024 12:33:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208742
IP address blocks:        45.84.248.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/74fe2c-87d1-468d-a121-d1095be7c48f/1/eci_aFCnp-KvNMwWI23QgwlODO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/74fe2c-87d1-468d-a121-d1095be7c48f/1/eci_aFCnp-KvNMwWI23QgwlODO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eci_aFCnp-KvNMwWI23QgwlODO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:94:f7:03:a0:39:27:05:cc:9a:74:ec:a0:55:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79c8bf6850a7a7e2af34cc16236dd083094e0cee
        Validity
            Not Before: Jan  2 12:33:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c26a1c785bca9a5da361490753f9a5a5c7a7679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:95:09:29:3b:81:f0:09:15:12:11:14:ad:5e:
                    40:cc:0d:00:bc:4b:3a:f7:68:36:62:30:85:15:9e:
                    29:bc:f7:e6:de:75:50:2e:81:ab:5a:89:01:66:1c:
                    37:f7:6e:db:6c:45:12:f3:c9:5f:29:de:49:02:88:
                    4c:12:14:9f:9c:8c:00:e8:51:e4:e9:e4:52:50:65:
                    5f:b4:fa:bd:19:3a:73:bd:e8:16:40:13:33:c7:51:
                    f3:0f:bf:9c:9b:30:1b:fb:e8:46:d6:7e:bf:54:5f:
                    95:89:25:f4:34:c7:c9:b1:f1:38:5c:08:5a:b2:68:
                    dc:8b:16:99:8e:dc:25:72:ec:5d:5f:9c:42:5c:9c:
                    e6:a2:80:71:79:cd:a8:0b:93:73:2a:a8:f8:8b:c9:
                    6e:19:21:f6:af:02:e3:b9:0b:e5:aa:65:ab:7d:55:
                    b8:8a:f5:04:45:8b:3d:ed:02:2d:41:2d:26:db:bf:
                    5a:68:a2:f8:36:f5:b1:2f:32:35:b1:af:3c:d7:36:
                    5e:ee:69:86:bc:1e:6b:2e:25:cf:eb:dc:30:f4:f1:
                    44:05:b0:3e:87:34:cd:86:d8:1a:00:c1:d5:3c:8a:
                    96:66:fd:71:0a:6f:2d:97:2d:49:81:e6:20:4c:9b:
                    65:02:d5:d5:ca:7f:cb:f0:4c:4f:23:b7:13:f8:63:
                    2e:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:26:A1:C7:85:BC:A9:A5:DA:36:14:90:75:3F:9A:5A:5C:7A:76:79
            X509v3 Authority Key Identifier:
                keyid:79:C8:BF:68:50:A7:A7:E2:AF:34:CC:16:23:6D:D0:83:09:4E:0C:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eci_aFCnp-KvNMwWI23QgwlODO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/74fe2c-87d1-468d-a121-d1095be7c48f/1/PCahx4W8qaXaNhSQdT-aWlx6dnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/74fe2c-87d1-468d-a121-d1095be7c48f/1/eci_aFCnp-KvNMwWI23QgwlODO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:41:0b:66:6b:4e:bb:4a:8d:53:83:ad:1a:f8:b0:bc:dc:06:
         7e:92:a1:62:4b:a8:99:07:88:fd:9b:2c:0c:f3:0a:da:36:04:
         0f:d9:06:53:c9:82:e2:ea:33:11:b3:7c:be:ca:93:da:b4:68:
         25:5b:15:9f:f5:d0:dd:1c:12:fd:a3:29:cd:82:41:a7:0f:30:
         5c:1b:85:84:31:2e:7c:8b:35:b2:1d:0d:2c:0e:6b:af:17:28:
         f5:bd:fe:09:ba:70:34:e4:40:4c:e1:ba:16:45:e9:40:66:bc:
         18:45:8b:5f:db:91:ee:90:08:56:13:ba:57:88:2c:cb:11:8f:
         bc:bd:77:a5:0f:f1:54:f3:8c:13:d3:e7:69:c0:41:2b:96:39:
         87:04:62:5a:27:60:55:bf:48:7d:1a:52:48:49:6c:56:b9:7a:
         35:34:ed:2c:7b:5b:c4:57:82:f1:74:4a:b7:0d:8a:96:86:af:
         59:1e:c5:8c:64:50:9d:af:99:6e:f8:a1:8b:8c:4e:61:5d:b8:
         b5:67:fa:a0:de:ab:c1:48:61:49:da:67:ce:4e:94:1f:3b:ab:
         10:eb:a2:36:81:c5:cf:53:81:39:37:cd:77:60:9c:65:6e:c5:
         28:bd:a3:35:1c:a7:29:3b:40:c0:0b:5b:f7:cd:ff:88:64:cc:
         4e:ee:39:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKpT3A6A5JwXMmnTsoFUeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YzhiZjY4NTBhN2E3ZTJhZjM0Y2MxNjIzNmRkMDgzMDk0
ZTBjZWUwHhcNMjQwMTAyMTIzMzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzI2YTFjNzg1YmNhOWE1ZGEzNjE0OTA3NTNmOWE1YTVjN2E3Njc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJUJKTuB8AkVEhEUrV5AzA0AvEs6
92g2YjCFFZ4pvPfm3nVQLoGrWokBZhw3927bbEUS88lfKd5JAohMEhSfnIwA6FHk
6eRSUGVftPq9GTpzvegWQBMzx1HzD7+cmzAb++hG1n6/VF+ViSX0NMfJsfE4XAha
smjcixaZjtwlcuxdX5xCXJzmooBxec2oC5NzKqj4i8luGSH2rwLjuQvlqmWrfVW4
ivUERYs97QItQS0m279aaKL4NvWxLzI1sa881zZe7mmGvB5rLiXP69ww9PFEBbA+
hzTNhtgaAMHVPIqWZv1xCm8tly1JgeYgTJtlAtXVyn/L8ExPI7cT+GMuuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDwmoceFvKml2jYUkHU/mlpcenZ5MB8GA1UdIwQY
MBaAFHnIv2hQp6firzTMFiNt0IMJTgzuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWNpX2FGQ25wLUt2Tk13V0kyM1Fnd2xPRE80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS83NGZlMmMtODdkMS00NjhkLWExMjEt
ZDEwOTViZTdjNDhmLzEvUENhaHg0VzhxYVhhTmhTUWRULWFXbHg2ZG5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS83NGZlMmMtODdkMS00NjhkLWExMjEtZDEwOTViZTdjNDhm
LzEvZWNpX2FGQ25wLUt2Tk13V0kyM1Fnd2xPRE80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVT4MA0G
CSqGSIb3DQEBCwUAA4IBAQAOQQtma067So1Tg60a+LC83AZ+kqFiS6iZB4j9mywM
8wraNgQP2QZTyYLi6jMRs3y+ypPatGglWxWf9dDdHBL9oynNgkGnDzBcG4WEMS58
izWyHQ0sDmuvFyj1vf4JunA05EBM4boWRelAZrwYRYtf25HukAhWE7pXiCzLEY+8
vXelD/FU84wT0+dpwEErljmHBGJaJ2BVv0h9GlJISWxWuXo1NO0se1vEV4LxdEq3
DYqWhq9ZHsWMZFCdr5lu+KGLjE5hXbi1Z/qg3qvBSGFJ2mfOTpQfO6sQ66I2gcXP
U4E5N813YJxlbsUovaM1HKcpO0DAC1v3zf+IZMxO7jlZ
-----END CERTIFICATE-----