Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_PDT-vZoFwaQiavz8qHIddbczpk.roa
File:                     _PDT-vZoFwaQiavz8qHIddbczpk.roa (raw, json)
Hash identifier:          oas7wzmf7u74MLq39iLH+2Dq1oVVVqnh1mjr2nhnIc8=
Subject key identifier:   FC:F0:D3:FA:F6:68:17:06:90:89:AB:F3:F2:A1:C8:75:D6:DC:CE:99
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018DF46B9890BDBB58472AB69E237C122EFD
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_PDT-vZoFwaQiavz8qHIddbczpk.roa
Signing time:             Thu 29 Feb 2024 10:31:48 +0000
ROA not before:           Thu 29 Feb 2024 10:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        176.125.248.0/24 maxlen: 24
                          185.251.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f4:6b:98:90:bd:bb:58:47:2a:b6:9e:23:7c:12:2e:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Feb 29 10:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcf0d3faf66817069089abf3f2a1c875d6dcce99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:17:6c:e9:24:00:18:2c:c8:14:88:24:44:be:
                    11:e3:6b:9c:f5:51:40:0c:af:b1:2a:15:89:6e:ef:
                    14:bd:49:43:ec:af:99:ca:4d:bb:01:24:6f:a3:6d:
                    22:38:ec:79:82:9a:dc:96:7b:cd:25:d2:58:a7:99:
                    f3:a6:e0:dc:6e:47:f6:fa:68:fa:f9:b0:21:f2:41:
                    e5:95:a8:d6:db:8e:4d:d2:97:c0:c4:4f:62:55:89:
                    84:09:fe:b4:c6:2b:72:f2:5d:e3:6b:49:25:c4:b3:
                    6c:30:4d:5a:6f:62:4f:cd:cf:d8:cd:fc:8d:c1:ef:
                    de:f3:05:8c:6c:5f:47:b0:0f:5f:89:ec:57:73:00:
                    4e:14:80:d2:a9:9e:33:80:23:39:fb:2f:2b:bb:9e:
                    2e:a8:8d:1c:6d:75:93:d3:ae:c0:b7:87:2f:99:b2:
                    1a:e7:3c:75:dd:4c:16:99:fc:b9:33:73:cd:55:d7:
                    2f:81:16:0c:23:2e:a1:bc:ea:7e:e2:73:f7:06:83:
                    66:07:50:a5:92:2c:ea:39:83:85:5b:4a:91:de:a3:
                    f7:72:74:88:d9:a2:f5:cc:d4:2a:4e:19:f9:5b:8e:
                    74:51:62:1f:53:56:c3:82:41:35:a7:88:75:91:21:
                    03:8a:17:a0:a1:ae:ee:52:49:e4:9e:76:04:3c:e2:
                    96:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:F0:D3:FA:F6:68:17:06:90:89:AB:F3:F2:A1:C8:75:D6:DC:CE:99
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_PDT-vZoFwaQiavz8qHIddbczpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.125.248.0/24
                  185.251.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:67:79:d1:38:a0:87:01:d1:17:61:4e:22:5d:50:f9:27:8a:
         f9:12:5f:79:72:f1:47:d3:27:45:14:64:4a:41:a5:22:a0:d4:
         9a:35:79:e6:80:be:97:af:53:8a:7f:9c:86:26:66:cc:79:84:
         f8:e7:64:74:8f:7f:3d:c2:f0:c7:90:13:9b:79:ab:d4:33:8a:
         4a:32:48:62:0a:3f:94:f4:c1:15:1e:9d:2c:b0:e9:3d:55:bb:
         41:16:07:12:52:0b:12:06:c7:d1:30:1e:6f:d6:2b:fb:28:c4:
         4b:7e:00:f7:be:b6:d3:e0:01:72:4a:5b:21:3e:77:26:32:f1:
         5f:c2:44:11:4b:8d:3e:7c:d8:ba:40:b5:f3:3b:3e:94:6f:41:
         ed:2d:7a:6f:5a:0b:9d:e3:67:7e:6f:02:e9:22:5b:76:12:ac:
         8e:6f:6f:ca:ff:43:7c:93:5b:84:d0:cd:74:03:24:3d:de:21:
         63:7b:b2:ca:2b:75:36:9d:95:a6:15:6d:14:2c:30:c6:0b:0d:
         fe:b2:4a:18:67:d9:eb:38:7b:3d:0c:a6:58:12:e2:a9:df:24:
         45:a6:ae:ae:c4:ad:07:a4:3d:61:29:84:32:c7:5d:d6:6c:0d:
         6c:39:de:c1:cd:95:7e:d2:87:f5:7b:5f:09:81:1a:93:86:42:
         b9:bc:97:1f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY30a5iQvbtYRyq2niN8Ei79MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMjI5MTAzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2YwZDNmYWY2NjgxNzA2OTA4OWFiZjNmMmExYzg3NWQ2ZGNjZTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBds6SQAGCzIFIgkRL4R42uc9VFA
DK+xKhWJbu8UvUlD7K+Zyk27ASRvo20iOOx5gprclnvNJdJYp5nzpuDcbkf2+mj6
+bAh8kHllajW245N0pfAxE9iVYmECf60xity8l3ja0klxLNsME1ab2JPzc/YzfyN
we/e8wWMbF9HsA9fiexXcwBOFIDSqZ4zgCM5+y8ru54uqI0cbXWT067At4cvmbIa
5zx13UwWmfy5M3PNVdcvgRYMIy6hvOp+4nP3BoNmB1ClkizqOYOFW0qR3qP3cnSI
2aL1zNQqThn5W450UWIfU1bDgkE1p4h1kSEDihegoa7uUknknnYEPOKWMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPzw0/r2aBcGkImr8/KhyHXW3M6ZMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvX1BEVC12Wm9Gd2FRaWF2ejhxSElkZGJjenBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsH34AwQA
ufvnMA0GCSqGSIb3DQEBCwUAA4IBAQANZ3nROKCHAdEXYU4iXVD5J4r5El95cvFH
0ydFFGRKQaUioNSaNXnmgL6Xr1OKf5yGJmbMeYT452R0j389wvDHkBObeavUM4pK
MkhiCj+U9MEVHp0ssOk9VbtBFgcSUgsSBsfRMB5v1iv7KMRLfgD3vrbT4AFySlsh
PncmMvFfwkQRS40+fNi6QLXzOz6Ub0HtLXpvWgud42d+bwLpIlt2EqyOb2/K/0N8
k1uE0M10AyQ93iFje7LKK3U2nZWmFW0ULDDGCw3+skoYZ9nrOHs9DKZYEuKp3yRF
pq6uxK0HpD1hKYQyx13WbA1sOd7BzZV+0of1e18JgRqThkK5vJcf
-----END CERTIFICATE-----