Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/PeTrHeuGWB3Z7F_-AIJNuI8JCyc.roa
File:                     PeTrHeuGWB3Z7F_-AIJNuI8JCyc.roa (raw, json)
Hash identifier:          L46I0/FhGivzY2Y326cuo9B26y3hFKZ6vLMukQQKruo=
Subject key identifier:   3D:E4:EB:1D:EB:86:58:1D:D9:EC:5F:FE:00:82:4D:B8:8F:09:0B:27
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       018CC7276E4B2DA8E4B51F2158EE8BE0AC33
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/PeTrHeuGWB3Z7F_-AIJNuI8JCyc.roa
Signing time:             Mon 01 Jan 2024 22:31:39 +0000
ROA not before:           Mon 01 Jan 2024 22:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205738
IP address blocks:        85.219.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6e:4b:2d:a8:e4:b5:1f:21:58:ee:8b:e0:ac:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 22:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3de4eb1deb86581dd9ec5ffe00824db88f090b27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0c:8e:ca:15:d7:a4:e5:35:02:44:cb:6f:2f:
                    53:cf:5d:17:bc:4d:67:b7:08:1e:48:0c:ed:b9:35:
                    b4:00:a2:74:2a:45:a5:e4:b1:93:39:c2:e2:1d:dd:
                    c7:e5:26:fe:d8:21:07:1f:41:6d:49:c3:8d:8b:0c:
                    59:62:01:d1:a8:5d:81:a4:a6:dc:7c:37:59:2e:e3:
                    47:f2:44:c1:64:a9:3c:71:d6:8b:5d:a1:da:ad:a0:
                    77:a3:12:d4:77:be:e5:8d:75:79:f9:a2:fe:d1:fc:
                    47:7c:25:69:9c:e7:0a:5c:b0:c4:d8:4e:2a:c6:ee:
                    9c:4e:b8:44:3f:a6:b1:2e:bd:db:d3:ee:d9:99:a3:
                    b7:ac:0e:3d:6d:7f:22:60:32:a6:a2:59:1b:ad:2d:
                    fb:36:08:78:e2:63:b1:ea:38:e6:a9:6c:11:51:49:
                    d4:d8:95:77:a7:95:ea:c9:e4:4c:63:70:e9:30:00:
                    7f:63:c5:57:b5:0d:17:25:42:4b:18:c0:37:cf:36:
                    62:3e:b7:95:d6:84:8d:09:aa:0b:1a:39:60:eb:1e:
                    0f:6c:ad:04:89:aa:79:ff:b5:2b:a0:04:05:08:1a:
                    fd:d3:09:21:ed:97:6a:84:2f:d3:73:43:06:e7:a3:
                    7b:bd:d3:de:eb:d0:54:f8:63:52:80:ef:1c:8e:f1:
                    fd:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:E4:EB:1D:EB:86:58:1D:D9:EC:5F:FE:00:82:4D:B8:8F:09:0B:27
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/PeTrHeuGWB3Z7F_-AIJNuI8JCyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.219.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:f1:2b:17:3e:ae:cd:0d:24:85:b3:37:f3:4a:f9:3c:97:41:
         16:ee:fa:a4:4e:24:f4:b0:3f:4d:71:30:37:28:41:6f:70:eb:
         52:44:fb:94:40:fa:a5:a1:48:6a:64:f1:7d:23:9b:3b:64:43:
         cf:04:46:86:6d:1e:93:c6:da:0f:6c:29:29:ef:a9:c2:61:61:
         37:37:fb:c6:b3:9a:52:6e:0b:1c:b4:27:b1:02:4d:40:06:fa:
         02:80:11:73:c9:49:c2:0d:9c:36:3b:64:06:16:9f:1a:76:2b:
         16:26:c8:53:5d:68:ac:a2:89:5b:42:ca:8b:50:17:23:04:c7:
         b1:94:fc:db:c5:a3:25:4b:2f:a2:47:a4:44:8c:80:c0:eb:6f:
         82:d3:80:bb:a5:8d:74:b6:c0:55:ae:9d:6d:17:fe:0a:17:eb:
         d2:11:20:9c:74:a5:b1:d2:c0:f0:95:4a:2d:90:2f:da:58:16:
         1d:3c:fd:2d:c1:20:b6:4f:8f:59:d3:f3:50:4a:92:a8:a9:70:
         60:7e:20:d3:f2:7f:4c:d1:b5:40:ea:7e:89:54:4d:4c:4a:a4:
         a5:93:9d:d1:aa:64:eb:50:9e:ce:e8:63:da:ad:22:54:d9:01:
         ad:d5:cd:ae:70:6b:a9:45:17:c0:2a:71:eb:61:89:2d:f4:5d:
         b8:24:9c:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ25LLajktR8hWO6L4KwzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGU0ZWIxZGViODY1ODFkZDllYzVmZmUwMDgyNGRiODhmMDkwYjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwyOyhXXpOU1AkTLby9Tz10XvE1n
twgeSAztuTW0AKJ0KkWl5LGTOcLiHd3H5Sb+2CEHH0FtScONiwxZYgHRqF2BpKbc
fDdZLuNH8kTBZKk8cdaLXaHaraB3oxLUd77ljXV5+aL+0fxHfCVpnOcKXLDE2E4q
xu6cTrhEP6axLr3b0+7ZmaO3rA49bX8iYDKmolkbrS37Ngh44mOx6jjmqWwRUUnU
2JV3p5XqyeRMY3DpMAB/Y8VXtQ0XJUJLGMA3zzZiPreV1oSNCaoLGjlg6x4PbK0E
iap5/7UroAQFCBr90wkh7ZdqhC/Tc0MG56N7vdPe69BU+GNSgO8cjvH9uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3k6x3rhlgd2exf/gCCTbiPCQsnMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvUGVUckhldUdXQjNaN0ZfLUFJSk51SThKQ3ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdvYMA0G
CSqGSIb3DQEBCwUAA4IBAQBw8SsXPq7NDSSFszfzSvk8l0EW7vqkTiT0sD9NcTA3
KEFvcOtSRPuUQPqloUhqZPF9I5s7ZEPPBEaGbR6TxtoPbCkp76nCYWE3N/vGs5pS
bgsctCexAk1ABvoCgBFzyUnCDZw2O2QGFp8adisWJshTXWisoolbQsqLUBcjBMex
lPzbxaMlSy+iR6REjIDA62+C04C7pY10tsBVrp1tF/4KF+vSESCcdKWx0sDwlUot
kC/aWBYdPP0twSC2T49Z0/NQSpKoqXBgfiDT8n9M0bVA6n6JVE1MSqSlk53RqmTr
UJ7O6GParSJU2QGt1c2ucGupRRfAKnHrYYkt9F24JJza
-----END CERTIFICATE-----