Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/PcPxbhSomWYLq2zYjU59uAUlMHg.roa
File:                     PcPxbhSomWYLq2zYjU59uAUlMHg.roa (raw, json)
Hash identifier:          BlMILg0OcZ7dpJFpoBk9UOEegwBHfpU4NxP/Ea+r61M=
Subject key identifier:   3D:C3:F1:6E:14:A8:99:66:0B:AB:6C:D8:8D:4E:7D:B8:05:25:30:78
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CEF0217EF12CD30634A60221E945D90C6
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/PcPxbhSomWYLq2zYjU59uAUlMHg.roa
Signing time:             Tue 09 Jan 2024 16:15:41 +0000
ROA not before:           Tue 09 Jan 2024 16:15:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216101
IP address blocks:        185.220.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ef:02:17:ef:12:cd:30:63:4a:60:22:1e:94:5d:90:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  9 16:15:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3dc3f16e14a899660bab6cd88d4e7db805253078
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:08:36:a0:06:1a:9d:1d:27:e6:2c:5c:35:23:
                    08:a7:a3:4a:88:fa:b2:80:61:0c:e4:da:e7:88:be:
                    29:92:84:8c:d5:2a:01:97:e3:c8:e4:3a:ed:c2:a5:
                    b5:95:1c:8e:41:6c:66:77:cf:34:c3:10:14:08:49:
                    fe:8e:5e:e1:6b:3e:18:3c:74:c4:a1:01:b1:37:84:
                    36:c3:6f:4f:d9:cb:a6:2a:e6:0a:c5:18:83:31:f6:
                    41:f0:08:b6:9a:9d:6d:4c:9b:1a:03:75:f4:66:5f:
                    0e:fc:13:da:f3:14:da:53:51:b8:b1:3d:d4:59:8e:
                    a8:ca:f7:4e:60:80:05:66:80:c0:a7:c0:6d:1d:e2:
                    94:90:5b:87:3c:2b:b3:0e:fc:98:64:93:0f:88:b3:
                    bb:38:05:1d:18:7c:1f:d4:f4:aa:73:2f:d4:24:97:
                    04:95:b3:28:98:b2:42:bb:be:76:ce:b9:dc:70:e9:
                    39:96:4b:cf:41:0e:37:42:8a:00:9e:20:d5:09:e7:
                    f0:36:bc:c6:19:63:a3:1b:c5:b7:b5:1a:c5:34:00:
                    ca:c5:8c:30:f0:dc:69:15:39:ce:60:62:cb:b0:eb:
                    c3:c2:89:96:c9:3e:b4:71:7b:54:7b:a9:75:89:02:
                    df:49:37:b6:a2:86:7a:08:22:e1:5b:6f:da:01:85:
                    fe:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:C3:F1:6E:14:A8:99:66:0B:AB:6C:D8:8D:4E:7D:B8:05:25:30:78
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/PcPxbhSomWYLq2zYjU59uAUlMHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:cd:d0:ab:c9:ca:e3:18:fb:eb:89:4c:3f:3b:4b:b3:1b:ff:
         05:e9:ee:a4:92:de:fc:27:07:5a:92:dc:83:98:e1:25:7f:31:
         8b:9b:52:9a:6b:5c:0b:d8:1d:54:53:9b:ad:0d:76:20:43:4a:
         b3:03:52:b4:ca:e5:93:a1:bb:2f:00:12:83:33:d6:ec:2f:ed:
         10:72:3d:4d:b6:48:7b:d0:bd:6f:69:ec:29:0e:a5:a9:a4:cf:
         8c:a0:84:75:1d:54:61:ab:79:d0:b9:11:b1:a9:1e:f4:83:bc:
         01:4d:29:74:34:a5:52:42:3a:06:81:c7:ca:37:a2:d0:b9:88:
         bf:87:3f:19:09:1a:d8:f5:1c:a0:62:66:62:62:cd:c5:2a:f3:
         04:50:f5:17:d2:6a:5e:23:a8:28:44:55:d1:eb:3f:96:7f:f5:
         43:7b:95:71:b5:a9:31:8d:45:74:64:57:ba:11:fa:00:78:a5:
         e2:db:a2:90:bf:eb:a7:98:03:73:e4:ca:57:92:6a:5a:ec:65:
         c2:1d:ed:f9:02:b5:41:b2:55:db:17:e3:2e:e9:48:94:0d:73:
         04:9b:86:5a:b9:ea:c8:35:d9:29:c7:a4:3f:8d:5e:c3:09:f5:
         84:45:09:7a:5d:66:a9:2e:25:09:08:54:57:ea:34:af:c3:8b:
         8c:37:2c:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzvAhfvEs0wY0pgIh6UXZDGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTA5MTYxNTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGMzZjE2ZTE0YTg5OTY2MGJhYjZjZDg4ZDRlN2RiODA1MjUzMDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQg2oAYanR0n5ixcNSMIp6NKiPqy
gGEM5NrniL4pkoSM1SoBl+PI5DrtwqW1lRyOQWxmd880wxAUCEn+jl7haz4YPHTE
oQGxN4Q2w29P2cumKuYKxRiDMfZB8Ai2mp1tTJsaA3X0Zl8O/BPa8xTaU1G4sT3U
WY6oyvdOYIAFZoDAp8BtHeKUkFuHPCuzDvyYZJMPiLO7OAUdGHwf1PSqcy/UJJcE
lbMomLJCu752zrnccOk5lkvPQQ43QooAniDVCefwNrzGGWOjG8W3tRrFNADKxYww
8NxpFTnOYGLLsOvDwomWyT60cXtUe6l1iQLfSTe2ooZ6CCLhW2/aAYX+ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3D8W4UqJlmC6ts2I1OfbgFJTB4MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvUGNQeGJoU29tV1lMcTJ6WWpVNTl1QVVsTUhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudz7MA0G
CSqGSIb3DQEBCwUAA4IBAQBFzdCrycrjGPvriUw/O0uzG/8F6e6kkt78JwdaktyD
mOElfzGLm1Kaa1wL2B1UU5utDXYgQ0qzA1K0yuWTobsvABKDM9bsL+0Qcj1Ntkh7
0L1vaewpDqWppM+MoIR1HVRhq3nQuRGxqR70g7wBTSl0NKVSQjoGgcfKN6LQuYi/
hz8ZCRrY9RygYmZiYs3FKvMEUPUX0mpeI6goRFXR6z+Wf/VDe5VxtakxjUV0ZFe6
EfoAeKXi26KQv+unmANz5MpXkmpa7GXCHe35ArVBslXbF+Mu6UiUDXMEm4ZauerI
Ndkpx6Q/jV7DCfWERQl6XWapLiUJCFRX6jSvw4uMNyzG
-----END CERTIFICATE-----