Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/PIK3wDnBHYAHVcvyWpjaoJCPvpQ.roa
File:                     PIK3wDnBHYAHVcvyWpjaoJCPvpQ.roa (raw, json)
Hash identifier:          yIPFPIkJZgudj7Trqv5SrFBxxIb9YaFAcxoe2N/MXyo=
Subject key identifier:   3C:82:B7:C0:39:C1:1D:80:07:55:CB:F2:5A:98:DA:A0:90:8F:BE:94
Certificate issuer:       /CN=4f9ac6fe2031adde03668240e3c5d91ec6711e1e
Certificate serial:       018CC80129ACD30F739205593DBEBA98D520
Authority key identifier: 4F:9A:C6:FE:20:31:AD:DE:03:66:82:40:E3:C5:D9:1E:C6:71:1E:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/PIK3wDnBHYAHVcvyWpjaoJCPvpQ.roa
Signing time:             Tue 02 Jan 2024 02:29:28 +0000
ROA not before:           Tue 02 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44863
IP address blocks:        185.93.185.0/24 maxlen: 24
                          185.93.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:29:ac:d3:0f:73:92:05:59:3d:be:ba:98:d5:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9ac6fe2031adde03668240e3c5d91ec6711e1e
        Validity
            Not Before: Jan  2 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c82b7c039c11d800755cbf25a98daa0908fbe94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:bf:d9:cb:82:58:0f:cc:bd:71:07:62:3c:cf:
                    45:76:b7:0c:84:91:e9:b1:d0:08:26:0e:0d:d8:6d:
                    12:38:64:01:0a:cf:4a:c2:55:09:5f:25:1c:34:b5:
                    68:0b:ca:9f:38:86:9a:02:12:6c:97:62:9d:b8:86:
                    d6:2c:94:85:90:db:8f:2b:b6:bb:df:d5:cf:53:0d:
                    78:60:ea:b5:57:a7:71:e9:64:37:ff:fb:8d:0d:65:
                    9e:9b:57:4e:0b:df:81:a7:74:6d:cd:29:88:19:0f:
                    e2:dc:2c:eb:18:7b:1a:3d:10:3c:4f:11:11:8c:97:
                    68:62:7a:f9:e1:32:b3:3f:d4:a9:70:e9:59:a0:15:
                    bb:f2:78:ea:ee:68:26:8b:a9:c0:e3:c3:c2:25:38:
                    7d:b9:19:79:25:59:f2:60:b7:58:6e:e1:0d:61:09:
                    07:33:ee:b1:fe:a9:49:fc:97:a1:b4:d4:97:3a:6f:
                    3b:8f:31:24:91:1c:22:9a:91:cb:93:79:ae:4d:b5:
                    cc:6d:48:ec:e5:ae:82:88:36:b9:cc:64:4d:93:96:
                    75:6c:40:e6:2d:23:58:46:6f:62:7d:9f:e5:7b:48:
                    39:c6:ac:15:8f:3a:9b:20:47:cc:83:8c:7f:d3:de:
                    5e:6c:af:e3:ee:5b:4c:ac:1e:94:77:4b:5e:d7:d1:
                    29:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:82:B7:C0:39:C1:1D:80:07:55:CB:F2:5A:98:DA:A0:90:8F:BE:94
            X509v3 Authority Key Identifier:
                keyid:4F:9A:C6:FE:20:31:AD:DE:03:66:82:40:E3:C5:D9:1E:C6:71:1E:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/PIK3wDnBHYAHVcvyWpjaoJCPvpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.185.0/24
                  185.93.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:3e:15:00:9e:db:d8:00:d5:66:e8:eb:14:0c:6b:ef:a5:07:
         14:bf:ab:db:9c:77:2c:77:4e:06:58:38:3f:a6:eb:fc:9b:23:
         f4:80:f5:a0:b3:1d:d0:7b:f9:fe:1b:9c:7a:b6:79:59:3e:08:
         97:0b:96:06:2e:6e:20:36:02:59:9c:fb:4c:7b:bc:8f:ef:d7:
         99:25:b2:ec:f6:3f:51:fd:94:de:e9:62:0a:33:ff:62:6a:fb:
         e4:cb:b6:66:0d:93:f9:b5:aa:df:f9:a3:61:7a:0e:64:36:e1:
         48:fb:14:f0:a3:90:bd:f4:12:fc:e0:ff:ce:db:cd:96:9c:91:
         36:c1:31:fe:1a:13:8f:8d:ee:bb:d9:c2:bd:aa:67:39:07:c1:
         4e:63:e7:cf:a8:db:1a:ed:3b:45:8d:f4:d8:07:75:d1:c1:d0:
         b2:21:26:1d:76:2a:ce:40:42:8e:74:f7:ea:b6:f3:82:cf:48:
         4e:cb:82:9f:72:c2:54:32:cb:da:85:65:ee:51:63:c8:c9:f7:
         a8:45:3d:eb:1f:ab:c4:d0:71:63:91:03:56:78:5a:60:d4:3a:
         0c:9e:6b:69:64:b5:f8:b1:42:69:16:67:69:da:c5:9e:7b:08:
         30:d7:77:8e:86:72:a0:05:09:41:c9:e8:13:dd:f9:c7:6d:d8:
         3f:c3:36:23
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIASms0w9zkgVZPb66mNUgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOWFjNmZlMjAzMWFkZGUwMzY2ODI0MGUzYzVkOTFlYzY3
MTFlMWUwHhcNMjQwMTAyMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzgyYjdjMDM5YzExZDgwMDc1NWNiZjI1YTk4ZGFhMDkwOGZiZTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyb/Zy4JYD8y9cQdiPM9FdrcMhJHp
sdAIJg4N2G0SOGQBCs9KwlUJXyUcNLVoC8qfOIaaAhJsl2KduIbWLJSFkNuPK7a7
39XPUw14YOq1V6dx6WQ3//uNDWWem1dOC9+Bp3RtzSmIGQ/i3CzrGHsaPRA8TxER
jJdoYnr54TKzP9SpcOlZoBW78njq7mgmi6nA48PCJTh9uRl5JVnyYLdYbuENYQkH
M+6x/qlJ/JehtNSXOm87jzEkkRwimpHLk3muTbXMbUjs5a6CiDa5zGRNk5Z1bEDm
LSNYRm9ifZ/le0g5xqwVjzqbIEfMg4x/095ebK/j7ltMrB6Ud0te19EpgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDyCt8A5wR2AB1XL8lqY2qCQj76UMB8GA1UdIwQY
MBaAFE+axv4gMa3eA2aCQOPF2R7GcR4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVyR19pQXhyZDREWm9KQTQ4WFpIc1p4SGg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi84NDdmZmEtOWYzOC00NjEwLTk4ZTct
NTI4YTYzYmU0Yzg3LzEvUElLM3dEbkJIWUFIVmN2eVdwamFvSkNQdnBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi84NDdmZmEtOWYzOC00NjEwLTk4ZTctNTI4YTYzYmU0Yzg3
LzEvVDVyR19pQXhyZDREWm9KQTQ4WFpIc1p4SGg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuV25AwQA
uV27MA0GCSqGSIb3DQEBCwUAA4IBAQB6PhUAntvYANVm6OsUDGvvpQcUv6vbnHcs
d04GWDg/puv8myP0gPWgsx3Qe/n+G5x6tnlZPgiXC5YGLm4gNgJZnPtMe7yP79eZ
JbLs9j9R/ZTe6WIKM/9iavvky7ZmDZP5tarf+aNheg5kNuFI+xTwo5C99BL84P/O
282WnJE2wTH+GhOPje672cK9qmc5B8FOY+fPqNsa7TtFjfTYB3XRwdCyISYddirO
QEKOdPfqtvOCz0hOy4KfcsJUMsvahWXuUWPIyfeoRT3rH6vE0HFjkQNWeFpg1DoM
nmtpZLX4sUJpFmdp2sWeewgw13eOhnKgBQlByegT3fnHbdg/wzYj
-----END CERTIFICATE-----