Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/pKzmrbx-d6LuIKtorTbfMT8OKg8.roa
File:                     pKzmrbx-d6LuIKtorTbfMT8OKg8.roa (raw, json)
Hash identifier:          Dj9FQlsEgtuogF2bOkKE8UCNyfU8u83qF9yZIJaRvZM=
Subject key identifier:   A4:AC:E6:AD:BC:7E:77:A2:EE:20:AB:68:AD:36:DF:31:3F:0E:2A:0F
Certificate issuer:       /CN=9dc28ae9937ff7e49ec4f1234e53d8b9dd694541
Certificate serial:       0192E7E3D7BEC66A5EC2AB9956859B066707
Authority key identifier: 9D:C2:8A:E9:93:7F:F7:E4:9E:C4:F1:23:4E:53:D8:B9:DD:69:45:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ncKK6ZN_9-SexPEjTlPYud1pRUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/pKzmrbx-d6LuIKtorTbfMT8OKg8.roa
Signing time:             Fri 01 Nov 2024 13:22:01 +0000
ROA not before:           Fri 01 Nov 2024 13:22:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        46.226.124.0/24 maxlen: 24
                          109.234.75.0/24 maxlen: 24
                          185.138.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ncKK6ZN_9-SexPEjTlPYud1pRUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ncKK6ZN_9-SexPEjTlPYud1pRUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ncKK6ZN_9-SexPEjTlPYud1pRUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e7:e3:d7:be:c6:6a:5e:c2:ab:99:56:85:9b:06:67:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dc28ae9937ff7e49ec4f1234e53d8b9dd694541
        Validity
            Not Before: Nov  1 13:22:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4ace6adbc7e77a2ee20ab68ad36df313f0e2a0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c0:57:28:18:b1:b6:a3:62:8b:97:8c:9b:04:
                    8f:33:67:b3:06:65:49:ea:1d:62:9a:83:14:d1:1d:
                    a4:54:11:54:2c:8b:85:db:0f:4c:53:91:8f:96:e2:
                    c7:e8:6a:7e:5f:71:c6:71:3f:4b:ba:91:d4:cd:2a:
                    e5:07:5c:a6:b7:cf:59:c5:3c:eb:eb:8f:b6:ed:ea:
                    3f:9d:91:45:ea:dc:b4:d5:d7:20:0c:8a:40:fb:8d:
                    34:4a:c0:c3:a3:36:03:f3:b9:b5:d7:0c:8e:96:3f:
                    01:26:9f:29:19:96:ef:0c:ed:6a:d8:84:b6:02:d2:
                    6e:d3:4f:8a:24:96:54:28:87:59:fe:5d:fd:e1:ec:
                    ce:b4:3f:e7:d5:6e:d8:81:00:ca:21:94:3c:ba:0d:
                    62:dd:f8:0c:25:d1:ea:2f:c7:4a:c7:be:da:bf:1c:
                    4a:ab:91:b9:4d:43:92:fc:22:5a:8e:a6:16:9c:81:
                    95:ee:5c:b0:b5:fe:e4:4b:b4:d5:20:d9:6f:07:44:
                    96:a2:ba:ff:e1:1e:48:5e:b2:78:11:37:4d:48:f5:
                    50:0c:2d:e7:b4:e2:da:5d:13:05:b8:9a:a6:c3:11:
                    77:5a:b6:44:21:ef:1c:2d:42:35:d1:d3:2d:33:99:
                    c7:c8:2b:13:a9:79:95:7e:73:02:95:62:9e:7e:89:
                    23:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:AC:E6:AD:BC:7E:77:A2:EE:20:AB:68:AD:36:DF:31:3F:0E:2A:0F
            X509v3 Authority Key Identifier:
                keyid:9D:C2:8A:E9:93:7F:F7:E4:9E:C4:F1:23:4E:53:D8:B9:DD:69:45:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ncKK6ZN_9-SexPEjTlPYud1pRUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/pKzmrbx-d6LuIKtorTbfMT8OKg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ncKK6ZN_9-SexPEjTlPYud1pRUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.226.124.0/24
                  109.234.75.0/24
                  185.138.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:3d:79:d1:54:48:49:67:a9:3f:db:c5:26:62:7b:f0:f1:e0:
         b3:67:7c:2c:41:da:04:68:b5:91:1b:e1:a3:ba:b9:d2:ed:a7:
         a8:fe:f6:9b:80:45:4b:69:08:de:79:f5:18:d4:f0:c0:71:eb:
         92:0c:6f:84:8c:90:d8:c7:90:b9:f4:e7:49:db:de:d8:44:55:
         da:2b:6d:ea:df:d3:92:f2:bf:de:c2:99:3e:ca:37:26:b1:2e:
         b9:b2:07:6f:03:90:d1:1f:af:02:bf:fe:5f:00:d0:94:f4:12:
         f2:bf:6a:94:12:7a:52:e8:ce:27:19:3e:59:d1:4b:3b:9f:76:
         e4:bb:a6:1f:c1:3b:92:0d:f4:fa:e1:a1:d3:01:9d:e9:0e:a8:
         17:ed:7f:6f:58:3a:0b:3b:cd:68:86:60:2e:d6:e2:9a:e2:6a:
         dc:4b:49:59:f0:70:d5:9a:92:04:05:ab:a1:02:a8:4f:21:08:
         5f:00:01:00:98:b2:a6:6c:61:1d:c2:a8:82:66:d6:7d:4b:3a:
         e4:0b:6e:6f:24:4e:b7:24:49:41:d1:db:a1:90:4a:93:80:56:
         44:e7:9d:16:f4:38:88:a3:44:f1:aa:51:b6:63:ec:9e:a6:0b:
         20:03:2f:78:cf:a0:66:a9:de:db:bc:4d:7f:f4:5a:2a:d7:0f:
         2a:62:2e:90
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZLn49e+xmpewquZVoWbBmcHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYzI4YWU5OTM3ZmY3ZTQ5ZWM0ZjEyMzRlNTNkOGI5ZGQ2
OTQ1NDEwHhcNMjQxMTAxMTMyMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGFjZTZhZGJjN2U3N2EyZWUyMGFiNjhhZDM2ZGYzMTNmMGUyYTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsBXKBixtqNii5eMmwSPM2ezBmVJ
6h1imoMU0R2kVBFULIuF2w9MU5GPluLH6Gp+X3HGcT9LupHUzSrlB1ymt89ZxTzr
64+27eo/nZFF6ty01dcgDIpA+400SsDDozYD87m11wyOlj8BJp8pGZbvDO1q2IS2
AtJu00+KJJZUKIdZ/l394ezOtD/n1W7YgQDKIZQ8ug1i3fgMJdHqL8dKx77avxxK
q5G5TUOS/CJajqYWnIGV7lywtf7kS7TVINlvB0SWorr/4R5IXrJ4ETdNSPVQDC3n
tOLaXRMFuJqmwxF3WrZEIe8cLUI10dMtM5nHyCsTqXmVfnMClWKefokj1QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKSs5q28fnei7iCraK023zE/DioPMB8GA1UdIwQY
MBaAFJ3CiumTf/fknsTxI05T2LndaUVBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmNLSzZaTl85LVNleFBFalRsUFl1ZDFwUlVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9jMDMzMGMtOTg3Mi00YWM2LWEyMmMt
MTkyY2JkMDhkYjUxLzEvcEt6bXJieC1kNkx1SUt0b3JUYmZNVDhPS2c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9jMDMzMGMtOTg3Mi00YWM2LWEyMmMtMTkyY2JkMDhkYjUx
LzEvbmNLSzZaTl85LVNleFBFalRsUFl1ZDFwUlVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALuJ8AwQA
bepLAwQAuYqmMA0GCSqGSIb3DQEBCwUAA4IBAQAdPXnRVEhJZ6k/28UmYnvw8eCz
Z3wsQdoEaLWRG+GjurnS7aeo/vabgEVLaQjeefUY1PDAceuSDG+EjJDYx5C59OdJ
297YRFXaK23q39OS8r/ewpk+yjcmsS65sgdvA5DRH68Cv/5fANCU9BLyv2qUEnpS
6M4nGT5Z0Us7n3bku6YfwTuSDfT64aHTAZ3pDqgX7X9vWDoLO81ohmAu1uKa4mrc
S0lZ8HDVmpIEBauhAqhPIQhfAAEAmLKmbGEdwqiCZtZ9SzrkC25vJE63JElB0duh
kEqTgFZE550W9DiIo0TxqlG2Y+yepgsgAy94z6Bmqd7bvE1/9Foq1w8qYi6Q
-----END CERTIFICATE-----