Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/fc1f57-a259-4abc-a627-70c8c70e32b0/1/PFjB0suzwepgpRQg4ijZdi1aKI8.roa
File:                     PFjB0suzwepgpRQg4ijZdi1aKI8.roa (raw, json)
Hash identifier:          YjFJJun3pz3vvGFXjSMeL596davTUmL7ryORKEoBTmQ=
Subject key identifier:   3C:58:C1:D2:CB:B3:C1:EA:60:A5:14:20:E2:28:D9:76:2D:5A:28:8F
Certificate issuer:       /CN=1e828de71ddd7804573128d26ee45c03901c8013
Certificate serial:       019423D7325E09F11D1CD67E77DB1E1C3A8E
Authority key identifier: 1E:82:8D:E7:1D:DD:78:04:57:31:28:D2:6E:E4:5C:03:90:1C:80:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HoKN5x3deARXMSjSbuRcA5AcgBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/fc1f57-a259-4abc-a627-70c8c70e32b0/1/PFjB0suzwepgpRQg4ijZdi1aKI8.roa
Signing time:             Wed 01 Jan 2025 21:48:13 +0000
ROA not before:           Wed 01 Jan 2025 21:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28815
IP address blocks:        195.46.40.0/22 maxlen: 22
                          195.46.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/fc1f57-a259-4abc-a627-70c8c70e32b0/1/HoKN5x3deARXMSjSbuRcA5AcgBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/fc1f57-a259-4abc-a627-70c8c70e32b0/1/HoKN5x3deARXMSjSbuRcA5AcgBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HoKN5x3deARXMSjSbuRcA5AcgBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:32:5e:09:f1:1d:1c:d6:7e:77:db:1e:1c:3a:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e828de71ddd7804573128d26ee45c03901c8013
        Validity
            Not Before: Jan  1 21:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c58c1d2cbb3c1ea60a51420e228d9762d5a288f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:41:40:c3:9c:60:cb:9b:9c:fc:76:b3:97:fb:
                    6c:cb:1b:c1:e2:9e:90:72:7c:1b:8f:9c:c0:bc:e1:
                    a0:7f:c7:3a:c5:c5:81:d6:80:99:c9:92:07:48:5e:
                    fd:58:f0:d4:b1:1c:10:62:94:10:11:44:78:fc:90:
                    56:29:44:80:d9:bb:eb:f3:4a:f0:f0:1b:61:15:a9:
                    1b:af:ba:68:7b:13:fe:9c:eb:3a:88:7e:5d:e4:14:
                    c8:98:f6:dc:3c:b0:1a:e9:5e:87:1f:c9:65:f8:b2:
                    40:6b:6c:66:52:1a:64:41:90:97:2d:a0:01:7d:08:
                    26:ff:7e:85:a7:df:57:cf:14:b8:34:44:78:96:a7:
                    95:bf:6c:4b:2a:b7:d0:88:f7:f4:19:08:8c:2f:47:
                    64:8f:09:89:a0:40:8a:73:91:59:00:48:e5:21:58:
                    65:c5:43:98:16:f4:d8:38:45:e7:5f:9e:92:6f:ae:
                    de:75:2d:a5:e1:f7:30:d4:76:ca:13:b7:dc:6e:67:
                    68:b7:18:a1:84:48:bc:4b:83:0e:ba:9a:73:59:8f:
                    8a:15:07:65:28:e3:c2:52:75:ab:30:9c:6a:ba:41:
                    5f:dc:cf:87:b4:b4:f5:34:5a:30:29:cc:e3:ae:91:
                    33:25:05:5f:0b:1f:09:19:10:ce:30:1a:65:60:5b:
                    6a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:58:C1:D2:CB:B3:C1:EA:60:A5:14:20:E2:28:D9:76:2D:5A:28:8F
            X509v3 Authority Key Identifier:
                keyid:1E:82:8D:E7:1D:DD:78:04:57:31:28:D2:6E:E4:5C:03:90:1C:80:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HoKN5x3deARXMSjSbuRcA5AcgBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/fc1f57-a259-4abc-a627-70c8c70e32b0/1/PFjB0suzwepgpRQg4ijZdi1aKI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/fc1f57-a259-4abc-a627-70c8c70e32b0/1/HoKN5x3deARXMSjSbuRcA5AcgBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.46.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:74:7b:65:45:1c:da:cb:eb:6c:91:ef:16:ba:a5:e0:6f:0e:
         b5:32:34:f1:a8:55:17:1d:27:b9:f0:9b:da:8d:c0:88:03:bd:
         dc:64:54:b7:b4:56:46:31:cf:5c:48:84:86:d6:49:a4:d5:af:
         4b:b3:80:2b:fe:9f:6a:01:3f:70:48:93:25:8c:e0:5c:14:bc:
         60:bd:12:aa:01:57:04:94:d7:bf:c3:79:a3:09:fb:00:00:c7:
         82:90:9a:25:c0:31:87:de:27:12:98:e8:6c:fb:b6:78:f8:95:
         86:dd:2a:c6:54:66:92:2f:a1:ea:80:21:79:32:ef:76:24:8f:
         9c:e8:00:4b:2b:c4:41:a3:5d:ca:f9:37:87:45:fd:6e:11:cf:
         92:5a:d8:22:86:93:dc:10:66:ad:a0:34:96:30:1f:e9:83:dd:
         a6:8a:52:00:e4:0c:65:32:67:7f:9b:ff:62:b9:35:62:33:86:
         81:07:3f:68:53:80:3b:e1:5f:0e:39:f1:03:49:2a:5e:f7:bd:
         9a:8e:9f:b4:2b:7f:6f:dd:db:67:e3:3a:27:5c:24:b1:79:53:
         03:25:e7:1c:c9:64:a7:a7:58:71:f3:0e:37:f1:62:38:64:0e:
         8a:50:ad:8c:30:5c:be:70:5f:61:4c:b8:20:09:f1:46:75:02:
         a0:10:67:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1zJeCfEdHNZ+d9seHDqOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlODI4ZGU3MWRkZDc4MDQ1NzMxMjhkMjZlZTQ1YzAzOTAx
YzgwMTMwHhcNMjUwMTAxMjE0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzU4YzFkMmNiYjNjMWVhNjBhNTE0MjBlMjI4ZDk3NjJkNWEyODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kFAw5xgy5uc/Hazl/tsyxvB4p6Q
cnwbj5zAvOGgf8c6xcWB1oCZyZIHSF79WPDUsRwQYpQQEUR4/JBWKUSA2bvr80rw
8BthFakbr7poexP+nOs6iH5d5BTImPbcPLAa6V6HH8ll+LJAa2xmUhpkQZCXLaAB
fQgm/36Fp99XzxS4NER4lqeVv2xLKrfQiPf0GQiML0dkjwmJoECKc5FZAEjlIVhl
xUOYFvTYOEXnX56Sb67edS2l4fcw1HbKE7fcbmdotxihhEi8S4MOuppzWY+KFQdl
KOPCUnWrMJxqukFf3M+HtLT1NFowKczjrpEzJQVfCx8JGRDOMBplYFtqzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxYwdLLs8HqYKUUIOIo2XYtWiiPMB8GA1UdIwQY
MBaAFB6Cjecd3XgEVzEo0m7kXAOQHIATMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG9LTjV4M2RlQVJYTVNqU2J1UmNBNUFjZ0JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9mYzFmNTctYTI1OS00YWJjLWE2Mjct
NzBjOGM3MGUzMmIwLzEvUEZqQjBzdXp3ZXBncFJRZzRpalpkaTFhS0k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9mYzFmNTctYTI1OS00YWJjLWE2MjctNzBjOGM3MGUzMmIw
LzEvSG9LTjV4M2RlQVJYTVNqU2J1UmNBNUFjZ0JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwy4oMA0G
CSqGSIb3DQEBCwUAA4IBAQCmdHtlRRzay+tske8WuqXgbw61MjTxqFUXHSe58Jva
jcCIA73cZFS3tFZGMc9cSISG1kmk1a9Ls4Ar/p9qAT9wSJMljOBcFLxgvRKqAVcE
lNe/w3mjCfsAAMeCkJolwDGH3icSmOhs+7Z4+JWG3SrGVGaSL6HqgCF5Mu92JI+c
6ABLK8RBo13K+TeHRf1uEc+SWtgihpPcEGatoDSWMB/pg92milIA5AxlMmd/m/9i
uTViM4aBBz9oU4A74V8OOfEDSSpe972ajp+0K39v3dtn4zonXCSxeVMDJeccyWSn
p1hx8w438WI4ZA6KUK2MMFy+cF9hTLggCfFGdQKgEGc4
-----END CERTIFICATE-----