Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/PVGPS6BnZtYxNljqp_oHw6LVHp8.roa
File:                     PVGPS6BnZtYxNljqp_oHw6LVHp8.roa (raw, json)
Hash identifier:          6DM0XzCUJ88Bmdq7S9hIbxK4LtK0WFea7QJzYI6G+xk=
Subject key identifier:   3D:51:8F:4B:A0:67:66:D6:31:36:58:EA:A7:FA:07:C3:A2:D5:1E:9F
Certificate issuer:       /CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
Certificate serial:       018F294A8C70EA2DBCA2171E022A44B9E244
Authority key identifier: DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/PVGPS6BnZtYxNljqp_oHw6LVHp8.roa
Signing time:             Mon 29 Apr 2024 09:58:22 +0000
ROA not before:           Mon 29 Apr 2024 09:58:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215027
IP address blocks:        185.255.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:29:4a:8c:70:ea:2d:bc:a2:17:1e:02:2a:44:b9:e2:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
        Validity
            Not Before: Apr 29 09:58:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d518f4ba06766d6313658eaa7fa07c3a2d51e9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d3:7a:eb:ac:bd:0f:a5:df:01:3c:ca:67:03:
                    af:d9:da:cd:a1:0b:a2:71:40:8a:94:b1:8d:b2:0c:
                    a9:ca:20:d6:d2:ad:e4:6f:44:66:c0:d9:1c:ec:cb:
                    bd:a3:ac:ad:47:42:04:4a:2f:31:66:b1:ce:f9:23:
                    6d:36:c2:94:43:68:e9:83:0a:52:ca:64:aa:3d:57:
                    e5:20:e0:09:9a:e3:49:cb:34:2b:10:e3:c0:ad:48:
                    e0:45:df:01:fb:54:b0:e9:8e:a6:53:ba:de:f3:d4:
                    e2:58:ef:84:46:5f:5c:5e:73:78:fc:01:ed:e9:3e:
                    e5:34:b7:9d:a9:20:a6:40:fb:2a:fd:09:e5:80:15:
                    e3:01:4a:26:8a:9d:0b:3d:c8:a7:28:77:a5:03:28:
                    c6:0f:e6:30:50:e2:a5:01:5d:b2:58:28:35:a4:c4:
                    93:fc:93:d6:51:62:37:d8:57:33:3c:dd:34:4b:37:
                    60:0d:e1:a3:f5:9a:48:d5:c3:57:50:08:b5:78:62:
                    13:42:5d:34:e1:ca:1b:cd:e2:f8:d3:77:4c:1b:d8:
                    d4:76:a2:30:70:9c:69:ec:cc:a5:2e:cb:40:7e:7b:
                    35:1f:c0:4f:3d:2d:75:83:7b:41:d4:f9:71:8d:e6:
                    33:98:50:a7:c6:fa:7f:e1:7b:90:19:14:49:27:b7:
                    59:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:51:8F:4B:A0:67:66:D6:31:36:58:EA:A7:FA:07:C3:A2:D5:1E:9F
            X509v3 Authority Key Identifier:
                keyid:DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/PVGPS6BnZtYxNljqp_oHw6LVHp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:52:9e:e7:64:02:61:c6:32:55:c0:c4:a3:53:58:5f:7e:dc:
         3a:ec:40:15:02:be:64:39:57:d9:9c:9f:b7:21:a0:c7:6a:38:
         b2:79:f0:01:a6:43:b3:54:da:0c:54:2b:39:3c:f0:b1:bf:89:
         f9:76:a5:a3:c6:ca:23:87:56:85:85:f7:72:b2:95:07:34:2b:
         51:d4:07:31:85:86:dd:4f:82:63:1b:a6:c7:6d:0d:c0:64:0b:
         42:bc:24:0d:58:33:45:54:d5:52:b6:37:0f:2d:60:ee:b8:d2:
         cd:64:8f:70:bf:fa:52:3e:73:84:99:4c:ad:ab:39:30:1d:2e:
         06:44:37:8a:98:fd:2a:60:86:f3:38:5a:3c:aa:bc:81:7a:a2:
         b5:62:9d:52:cf:3a:c2:c1:29:6e:ef:8c:05:c6:ad:90:53:1f:
         5a:9e:ad:22:06:27:ad:08:c7:50:64:d4:97:c4:49:c1:5f:8c:
         b0:f8:65:8a:c3:ac:8c:25:9a:46:eb:00:d6:a0:24:04:10:bc:
         ac:71:25:76:24:a9:ec:64:85:42:0b:fb:d0:0d:ff:85:8b:38:
         bc:ba:b6:f7:ca:a1:fd:d0:33:3a:57:fb:77:ee:25:b5:f5:8b:
         11:c0:2d:83:4a:0d:dd:e9:b2:de:af:07:c6:51:85:d1:c9:1d:
         f4:5e:27:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8pSoxw6i28ohceAipEueJEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjI0NzI2ZGYzZTc3ZjZmNGM4ZTA0MzY2MTNiMzUxMTBl
ZWFmMzgwHhcNMjQwNDI5MDk1ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDUxOGY0YmEwNjc2NmQ2MzEzNjU4ZWFhN2ZhMDdjM2EyZDUxZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdN666y9D6XfATzKZwOv2drNoQui
cUCKlLGNsgypyiDW0q3kb0RmwNkc7Mu9o6ytR0IESi8xZrHO+SNtNsKUQ2jpgwpS
ymSqPVflIOAJmuNJyzQrEOPArUjgRd8B+1Sw6Y6mU7re89TiWO+ERl9cXnN4/AHt
6T7lNLedqSCmQPsq/QnlgBXjAUomip0LPcinKHelAyjGD+YwUOKlAV2yWCg1pMST
/JPWUWI32FczPN00SzdgDeGj9ZpI1cNXUAi1eGITQl004cobzeL403dMG9jUdqIw
cJxp7MylLstAfns1H8BPPS11g3tB1PlxjeYzmFCnxvp/4XuQGRRJJ7dZoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD1Rj0ugZ2bWMTZY6qf6B8Oi1R6fMB8GA1UdIwQY
MBaAFN/yRybfPnf29MjgQ2YTs1EQ7q84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzct
NjJiYjZkNjNlNTlkLzEvUFZHUFM2Qm5adFl4TmxqcXBfb0h3NkxWSHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzctNjJiYjZkNjNlNTlk
LzEvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf8EMA0G
CSqGSIb3DQEBCwUAA4IBAQCoUp7nZAJhxjJVwMSjU1hfftw67EAVAr5kOVfZnJ+3
IaDHajiyefABpkOzVNoMVCs5PPCxv4n5dqWjxsojh1aFhfdyspUHNCtR1AcxhYbd
T4JjG6bHbQ3AZAtCvCQNWDNFVNVStjcPLWDuuNLNZI9wv/pSPnOEmUytqzkwHS4G
RDeKmP0qYIbzOFo8qryBeqK1Yp1SzzrCwSlu74wFxq2QUx9anq0iBietCMdQZNSX
xEnBX4yw+GWKw6yMJZpG6wDWoCQEELyscSV2JKnsZIVCC/vQDf+Fizi8urb3yqH9
0DM6V/t37iW19YsRwC2DSg3d6bLerwfGUYXRyR30XidQ
-----END CERTIFICATE-----