Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/P1PmfD32_5z9rCzBX15_oPLScSs.roa
File:                     P1PmfD32_5z9rCzBX15_oPLScSs.roa (raw, json)
Hash identifier:          +ofwiTxlEoMnC55zPmz1ziWsw3Yk0VjkoendeA8JUs4=
Subject key identifier:   3F:53:E6:7C:3D:F6:FF:9C:FD:AC:2C:C1:5F:5E:7F:A0:F2:D2:71:2B
Certificate issuer:       /CN=65516ddc7331e2e269dc57d9c7632f25de7d0c6e
Certificate serial:       018CC6B84F95C179C714A3A41FD303C08E23
Authority key identifier: 65:51:6D:DC:73:31:E2:E2:69:DC:57:D9:C7:63:2F:25:DE:7D:0C:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZVFt3HMx4uJp3FfZx2MvJd59DG4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/P1PmfD32_5z9rCzBX15_oPLScSs.roa
Signing time:             Mon 01 Jan 2024 20:30:16 +0000
ROA not before:           Mon 01 Jan 2024 20:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207988
IP address blocks:        193.7.212.0/22 maxlen: 22
                          2a07:cc00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/ZVFt3HMx4uJp3FfZx2MvJd59DG4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/ZVFt3HMx4uJp3FfZx2MvJd59DG4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZVFt3HMx4uJp3FfZx2MvJd59DG4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:4f:95:c1:79:c7:14:a3:a4:1f:d3:03:c0:8e:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65516ddc7331e2e269dc57d9c7632f25de7d0c6e
        Validity
            Not Before: Jan  1 20:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f53e67c3df6ff9cfdac2cc15f5e7fa0f2d2712b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8e:b6:90:b1:16:89:6c:7d:b5:34:db:15:4a:
                    60:0c:27:a7:90:52:4b:8f:de:c3:0e:b5:a6:7e:e1:
                    a1:9a:d9:07:61:95:e6:45:42:6b:ad:56:9e:ef:2e:
                    d4:5f:a9:55:1d:94:da:8d:cb:64:6e:03:c5:ed:3e:
                    f9:97:12:89:4f:42:1e:17:dd:0e:af:5d:a1:d8:03:
                    b4:1a:0c:77:59:b8:29:e6:57:47:69:47:29:a4:b8:
                    3c:11:28:a7:04:2d:81:c6:2d:17:9e:98:4f:54:f4:
                    d1:53:93:72:4d:2c:04:c7:a6:7e:fa:ed:f5:60:85:
                    11:57:07:0a:b5:dd:c7:af:a2:0a:b3:75:89:28:e7:
                    86:e1:22:8b:74:d8:d6:22:46:bc:ba:78:4b:eb:4b:
                    88:4b:7c:03:a7:9e:44:ce:46:90:76:eb:0a:ba:06:
                    5d:cb:d4:8c:a4:20:10:e1:b0:09:fc:4d:08:71:86:
                    5c:6b:80:38:05:42:96:07:75:c1:6d:19:e3:66:07:
                    80:f0:6a:41:c3:c7:32:e8:94:09:e5:fd:3d:23:2b:
                    ab:0c:f3:31:e6:64:3d:66:82:fe:bd:42:00:9f:7a:
                    74:19:8c:1d:e2:a8:ee:c4:c6:dd:72:56:c0:37:e2:
                    7d:33:4d:fd:0c:b5:5e:70:b4:5a:e1:73:15:4b:67:
                    fe:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:53:E6:7C:3D:F6:FF:9C:FD:AC:2C:C1:5F:5E:7F:A0:F2:D2:71:2B
            X509v3 Authority Key Identifier:
                keyid:65:51:6D:DC:73:31:E2:E2:69:DC:57:D9:C7:63:2F:25:DE:7D:0C:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZVFt3HMx4uJp3FfZx2MvJd59DG4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/P1PmfD32_5z9rCzBX15_oPLScSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/ZVFt3HMx4uJp3FfZx2MvJd59DG4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.7.212.0/22
                IPv6:
                  2a07:cc00::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:db:4e:17:c8:4a:91:de:31:85:cd:1e:74:23:ca:ad:f5:69:
         c6:9a:90:78:1c:7e:58:90:20:ef:9c:96:3b:25:89:cd:7a:0b:
         62:9c:12:d5:de:3d:78:a3:06:bb:1e:c0:3a:3c:2a:c4:a9:cd:
         a3:b9:e1:99:fc:cc:fe:13:29:15:3c:fa:8f:2b:c9:fe:a2:00:
         16:9e:61:27:7a:8f:b0:6d:85:40:42:4c:4a:90:82:34:ec:b9:
         b6:d6:34:b7:ec:3b:e5:7f:3e:dd:f8:2e:52:ec:8d:24:d8:e0:
         a0:60:0f:44:d5:84:6e:ba:36:f5:f5:e5:bd:d5:93:92:e1:e8:
         95:09:14:74:67:47:ed:3d:e0:dc:58:23:03:b5:b0:8d:df:b7:
         7f:06:48:fa:98:43:67:9f:b8:8e:5c:49:56:eb:2f:6d:22:03:
         5a:bf:c0:93:0a:af:f3:e8:db:e2:ef:c7:31:ba:d3:d4:4c:d0:
         4e:41:1d:43:9b:2d:73:c5:f5:4f:47:05:73:85:72:81:57:ce:
         23:fe:c3:24:9c:83:71:dd:51:fa:25:b1:bb:c9:c3:fc:d4:64:
         33:f4:f6:67:07:e8:ff:ce:38:1c:6a:2b:7a:af:34:8a:09:b5:
         c9:ce:ac:9d:78:4a:4d:ae:cb:1c:ab:06:c6:1d:16:1a:b5:2f:
         ca:e3:cc:fa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuE+VwXnHFKOkH9MDwI4jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NTE2ZGRjNzMzMWUyZTI2OWRjNTdkOWM3NjMyZjI1ZGU3
ZDBjNmUwHhcNMjQwMTAxMjAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjUzZTY3YzNkZjZmZjljZmRhYzJjYzE1ZjVlN2ZhMGYyZDI3MTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArY62kLEWiWx9tTTbFUpgDCenkFJL
j97DDrWmfuGhmtkHYZXmRUJrrVae7y7UX6lVHZTajctkbgPF7T75lxKJT0IeF90O
r12h2AO0Ggx3Wbgp5ldHaUcppLg8ESinBC2Bxi0XnphPVPTRU5NyTSwEx6Z++u31
YIURVwcKtd3Hr6IKs3WJKOeG4SKLdNjWIka8unhL60uIS3wDp55EzkaQdusKugZd
y9SMpCAQ4bAJ/E0IcYZca4A4BUKWB3XBbRnjZgeA8GpBw8cy6JQJ5f09IyurDPMx
5mQ9ZoL+vUIAn3p0GYwd4qjuxMbdclbAN+J9M039DLVecLRa4XMVS2f+fwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD9T5nw99v+c/awswV9ef6Dy0nErMB8GA1UdIwQY
MBaAFGVRbdxzMeLiadxX2cdjLyXefQxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlZGdDNITXg0dUpwM0ZmWngyTXZKZDU5REc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi84ZGVmMTItODk3ZS00ZTIyLWFhOGIt
ODM0YjljMTBiZjQ4LzEvUDFQbWZEMzJfNXo5ckN6QlgxNV9vUExTY1NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi84ZGVmMTItODk3ZS00ZTIyLWFhOGItODM0YjljMTBiZjQ4
LzEvWlZGdDNITXg0dUpwM0ZmWngyTXZKZDU5REc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwQfUMA0E
AgACMAcDBQMqB8wAMA0GCSqGSIb3DQEBCwUAA4IBAQAX204XyEqR3jGFzR50I8qt
9WnGmpB4HH5YkCDvnJY7JYnNegtinBLV3j14owa7HsA6PCrEqc2jueGZ/Mz+EykV
PPqPK8n+ogAWnmEneo+wbYVAQkxKkII07Lm21jS37Dvlfz7d+C5S7I0k2OCgYA9E
1YRuujb19eW91ZOS4eiVCRR0Z0ftPeDcWCMDtbCN37d/Bkj6mENnn7iOXElW6y9t
IgNav8CTCq/z6Nvi78cxutPUTNBOQR1Dmy1zxfVPRwVzhXKBV84j/sMknINx3VH6
JbG7ycP81GQz9PZnB+j/zjgcait6rzSKCbXJzqydeEpNrsscqwbGHRYatS/K48z6
-----END CERTIFICATE-----