Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/PInyJbOXAb3dx4UN-jRQGV4fPgs.roa
File:                     PInyJbOXAb3dx4UN-jRQGV4fPgs.roa (raw, json)
Hash identifier:          v984AAHhW647Uw3llTHfACwD1kZV2RrmRxzVrshIMbo=
Subject key identifier:   3C:89:F2:25:B3:97:01:BD:DD:C7:85:0D:FA:34:50:19:5E:1F:3E:0B
Certificate issuer:       /CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
Certificate serial:       018CC649E26707AEDDC1328357EB050B9248
Authority key identifier: 19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/PInyJbOXAb3dx4UN-jRQGV4fPgs.roa
Signing time:             Mon 01 Jan 2024 18:29:39 +0000
ROA not before:           Mon 01 Jan 2024 18:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57163
IP address blocks:        195.229.145.0/24 maxlen: 24
                          195.229.146.0/24 maxlen: 24
                          195.229.148.0/24 maxlen: 24
                          195.229.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:e2:67:07:ae:dd:c1:32:83:57:eb:05:0b:92:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
        Validity
            Not Before: Jan  1 18:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c89f225b39701bdddc7850dfa3450195e1f3e0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:68:aa:2c:95:82:4a:f8:a7:20:30:16:11:b4:
                    95:e3:7b:9c:eb:b0:db:d1:2b:5f:11:14:cb:47:fb:
                    eb:11:72:d1:ff:88:31:32:9f:6a:87:55:74:69:a5:
                    ce:94:5f:b2:89:4c:8d:a0:9a:dd:8d:7a:62:30:63:
                    dc:47:f7:1f:9c:eb:e7:fb:49:97:8a:bf:cb:85:e8:
                    1b:9d:d9:cd:a7:69:c2:b4:a1:24:13:3a:fb:c0:99:
                    6b:01:92:43:ac:73:28:f1:e7:aa:79:7c:c0:c1:47:
                    31:e8:1c:94:3d:d1:23:1f:e0:c5:aa:a5:12:77:b8:
                    1f:ec:c1:4b:eb:db:00:85:e5:16:23:c9:ad:92:6b:
                    9d:d9:01:49:bd:a4:7f:e7:19:72:69:be:cb:ca:5a:
                    68:74:ed:76:c5:28:10:c4:74:d1:db:7c:e4:15:bd:
                    be:b0:f7:9e:79:64:4e:89:72:cd:3b:d5:4e:fd:59:
                    70:6d:77:dc:5e:9f:c0:7f:04:53:a7:80:6b:ad:30:
                    05:dd:89:33:3e:99:33:28:55:bf:e3:e6:f2:c3:83:
                    e5:a6:34:6e:b5:21:cd:6e:bb:0d:16:5e:fa:33:82:
                    c7:73:a3:90:ae:c1:58:e9:cc:f4:f4:b6:54:f8:44:
                    98:41:61:22:73:fa:67:b0:3b:62:df:2e:0b:a4:a4:
                    0b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:89:F2:25:B3:97:01:BD:DD:C7:85:0D:FA:34:50:19:5E:1F:3E:0B
            X509v3 Authority Key Identifier:
                keyid:19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/PInyJbOXAb3dx4UN-jRQGV4fPgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.229.145.0-195.229.148.255

    Signature Algorithm: sha256WithRSAEncryption
         65:ac:cd:ae:ce:90:20:a3:b6:0a:97:9f:2c:ec:27:75:19:c4:
         aa:d9:07:88:08:70:6d:fb:fe:b0:87:a0:7a:e4:5a:7b:c0:b1:
         94:ad:94:6f:7c:45:67:0f:3c:2d:08:cb:84:14:44:bd:c5:54:
         e9:28:bb:24:c8:43:f0:cd:64:27:c1:37:6f:44:3d:e9:7e:67:
         f0:a3:38:df:ff:b3:83:ea:cd:ce:b6:d1:e2:37:c8:e9:4b:b9:
         98:da:94:fe:0e:d1:e1:e7:a0:3b:f9:30:ea:a9:18:9b:26:9c:
         d1:41:3a:85:f8:69:28:b3:f0:7d:a9:dd:31:18:dc:c7:38:6d:
         d8:40:80:fc:0e:fa:5f:b9:20:b2:e0:de:4b:b8:9e:4b:5d:29:
         ab:6f:fe:1f:79:69:bb:26:5e:bd:1d:05:ed:ff:59:62:2c:b5:
         ba:70:04:88:19:6e:d9:6a:e4:77:39:67:34:94:26:56:e6:6b:
         30:41:7b:8e:6d:c8:cf:b8:67:8d:10:c5:94:ae:d5:89:bd:50:
         28:a3:d1:81:2a:96:99:ef:b0:39:03:b9:7c:84:6d:8e:a4:61:
         87:68:29:4e:86:bc:f3:60:d0:cc:73:68:cc:0a:d4:10:29:ed:
         53:cc:83:01:8f:40:98:ef:91:e6:17:54:c6:f5:1b:c2:86:d8:
         70:82:e6:be
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGSeJnB67dwTKDV+sFC5JIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZWU1ZjE2ZmMxNDRhY2I5ODk3NzQ0OWZhYTBhYjc3ZGUx
YmRjYzkwHhcNMjQwMTAxMTgyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzg5ZjIyNWIzOTcwMWJkZGRjNzg1MGRmYTM0NTAxOTVlMWYzZTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGiqLJWCSvinIDAWEbSV43uc67Db
0StfERTLR/vrEXLR/4gxMp9qh1V0aaXOlF+yiUyNoJrdjXpiMGPcR/cfnOvn+0mX
ir/LhegbndnNp2nCtKEkEzr7wJlrAZJDrHMo8eeqeXzAwUcx6ByUPdEjH+DFqqUS
d7gf7MFL69sAheUWI8mtkmud2QFJvaR/5xlyab7LylpodO12xSgQxHTR23zkFb2+
sPeeeWROiXLNO9VO/VlwbXfcXp/AfwRTp4BrrTAF3YkzPpkzKFW/4+byw4PlpjRu
tSHNbrsNFl76M4LHc6OQrsFY6cz09LZU+ESYQWEic/pnsDti3y4LpKQL5wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDyJ8iWzlwG93ceFDfo0UBleHz4LMB8GA1UdIwQY
MBaAFBnuXxb8FErLmJd0Sfqgq3feG9zJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMt
NjFhZmI2NmQxZThjLzEvUElueUpiT1hBYjNkeDRVTi1qUlFHVjRmUGdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMtNjFhZmI2NmQxZThj
LzEvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADD5ZED
BADD5ZQwDQYJKoZIhvcNAQELBQADggEBAGWsza7OkCCjtgqXnyzsJ3UZxKrZB4gI
cG37/rCHoHrkWnvAsZStlG98RWcPPC0Iy4QURL3FVOkouyTIQ/DNZCfBN29EPel+
Z/CjON//s4Pqzc620eI3yOlLuZjalP4O0eHnoDv5MOqpGJsmnNFBOoX4aSiz8H2p
3TEY3Mc4bdhAgPwO+l+5ILLg3ku4nktdKatv/h95absmXr0dBe3/WWIstbpwBIgZ
btlq5Hc5ZzSUJlbmazBBe45tyM+4Z40QxZSu1Ym9UCij0YEqlpnvsDkDuXyEbY6k
YYdoKU6GvPNg0MxzaMwK1BAp7VPMgwGPQJjvkeYXVMb1G8KG2HCC5r4=
-----END CERTIFICATE-----