Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/PUWLKLpI6CS2Iw1pI-xhCQLH8dE.roa
File:                     PUWLKLpI6CS2Iw1pI-xhCQLH8dE.roa (raw, json)
Hash identifier:          /foqgpDSPzPM2Wwk/Uv4jU7kI/LT0huOqCbZtReSxNE=
Subject key identifier:   3D:45:8B:28:BA:48:E8:24:B6:23:0D:69:23:EC:61:09:02:C7:F1:D1
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018CC94E69B6F9124862A68CB9825A867B7A
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/PUWLKLpI6CS2Iw1pI-xhCQLH8dE.roa
Signing time:             Tue 02 Jan 2024 08:33:28 +0000
ROA not before:           Tue 02 Jan 2024 08:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8708
IP address blocks:        89.34.100.0/24 maxlen: 24
                          45.67.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:69:b6:f9:12:48:62:a6:8c:b9:82:5a:86:7b:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  2 08:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d458b28ba48e824b6230d6923ec610902c7f1d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f0:40:d7:af:ef:38:51:02:c3:89:3b:b4:c5:
                    42:4a:1b:84:51:44:26:57:38:e1:85:13:e8:93:35:
                    69:11:fe:ed:e7:8f:20:db:64:26:3f:ca:5a:f2:8c:
                    d4:55:4f:c9:d2:36:e9:bd:1f:3c:ce:81:4f:9c:d4:
                    17:b7:42:4f:0e:7c:c5:9b:40:4a:72:8a:20:35:06:
                    fe:69:7b:d0:aa:c0:6a:6b:7b:a4:b1:62:a3:9c:5c:
                    7c:cf:88:36:bd:a9:14:08:cf:b3:ae:ff:59:46:8e:
                    3d:d4:6b:ba:bd:ea:5a:96:e2:20:5f:2c:af:65:47:
                    76:31:e6:cc:2f:88:ea:45:91:d8:28:53:fc:14:7f:
                    36:12:b3:3f:6d:10:23:65:dc:d9:3c:36:8c:b0:46:
                    ac:4f:6e:e0:a3:a6:24:29:94:cc:b8:6a:42:0d:ee:
                    6b:31:f1:a8:8e:41:70:bc:6c:a0:1b:25:3d:88:73:
                    5e:d1:8e:84:02:cd:dc:c9:b1:05:42:50:b9:81:15:
                    59:e4:05:90:7b:8a:8e:9e:61:ff:53:ed:a4:e9:2f:
                    31:5a:31:3f:8f:f0:ed:a4:2b:f0:88:a4:45:d0:23:
                    ee:a0:fd:92:80:86:74:24:e6:44:13:bf:4c:a4:db:
                    95:7a:33:39:45:39:ba:f8:ca:fa:e3:f5:46:05:be:
                    91:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:45:8B:28:BA:48:E8:24:B6:23:0D:69:23:EC:61:09:02:C7:F1:D1
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/PUWLKLpI6CS2Iw1pI-xhCQLH8dE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.37.0/24
                  89.34.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:b6:f2:43:fb:32:42:25:76:87:29:03:fc:c9:91:97:83:60:
         91:3e:e5:0f:26:88:7e:88:a9:f8:12:7f:a1:db:0a:d2:97:66:
         7b:27:a5:73:6e:9a:02:04:f5:01:b5:27:bb:03:4c:66:d7:a4:
         fc:ba:05:80:5e:d1:de:0b:97:64:b1:a3:57:99:a5:b2:ee:fa:
         96:aa:e6:10:77:07:e4:b9:e1:3f:44:46:02:cf:be:96:cf:5f:
         af:57:4a:47:43:f9:7d:32:2e:ba:92:eb:55:94:7b:ad:42:42:
         6d:98:84:5f:05:61:91:fd:6a:47:1f:95:1d:fe:e5:f8:d8:1c:
         52:c4:90:f4:42:1a:ae:56:79:d0:f5:cb:31:be:81:ca:70:3c:
         d3:18:76:47:13:42:b9:35:2e:ee:4d:e1:27:f8:f9:50:b9:21:
         d4:a1:21:2a:a8:ae:46:78:72:8f:ad:01:e0:eb:79:d7:7f:a8:
         08:83:d4:6d:c0:00:4a:c9:ad:a8:00:d6:26:dc:31:bf:c9:c7:
         55:e0:2b:a7:15:bd:df:6a:bb:b7:fa:7f:f3:3e:37:42:30:56:
         40:e4:5d:9c:ac:6b:c8:ff:e4:5b:e8:a5:4c:21:98:11:b1:e8:
         99:c0:28:5e:5a:47:e1:5a:7f:46:d3:cd:42:22:96:0f:f0:7a:
         96:2c:1d:ab
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTmm2+RJIYqaMuYJahnt6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwMTAyMDgzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDQ1OGIyOGJhNDhlODI0YjYyMzBkNjkyM2VjNjEwOTAyYzdmMWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/BA16/vOFECw4k7tMVCShuEUUQm
VzjhhRPokzVpEf7t548g22QmP8pa8ozUVU/J0jbpvR88zoFPnNQXt0JPDnzFm0BK
coogNQb+aXvQqsBqa3uksWKjnFx8z4g2vakUCM+zrv9ZRo491Gu6vepaluIgXyyv
ZUd2MebML4jqRZHYKFP8FH82ErM/bRAjZdzZPDaMsEasT27go6YkKZTMuGpCDe5r
MfGojkFwvGygGyU9iHNe0Y6EAs3cybEFQlC5gRVZ5AWQe4qOnmH/U+2k6S8xWjE/
j/DtpCvwiKRF0CPuoP2SgIZ0JOZEE79MpNuVejM5RTm6+Mr64/VGBb6RvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD1Fiyi6SOgktiMNaSPsYQkCx/HRMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvUFVXTEtMcEk2Q1MySXcxcEkteGhDUUxIOGRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALUMlAwQA
WSJkMA0GCSqGSIb3DQEBCwUAA4IBAQB+tvJD+zJCJXaHKQP8yZGXg2CRPuUPJoh+
iKn4En+h2wrSl2Z7J6VzbpoCBPUBtSe7A0xm16T8ugWAXtHeC5dksaNXmaWy7vqW
quYQdwfkueE/REYCz76Wz1+vV0pHQ/l9Mi66kutVlHutQkJtmIRfBWGR/WpHH5Ud
/uX42BxSxJD0QhquVnnQ9csxvoHKcDzTGHZHE0K5NS7uTeEn+PlQuSHUoSEqqK5G
eHKPrQHg63nXf6gIg9RtwABKya2oANYm3DG/ycdV4CunFb3faru3+n/zPjdCMFZA
5F2crGvI/+Rb6KVMIZgRseiZwCheWkfhWn9G081CIpYP8HqWLB2r
-----END CERTIFICATE-----