Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/Pzux1S9KxQEP5DidD-2il5_Iung.roa
File:                     Pzux1S9KxQEP5DidD-2il5_Iung.roa (raw, json)
Hash identifier:          sBE3CmAi0mb/RZoriSV7xshUbPM/8YxzjOu1oUtzTqg=
Subject key identifier:   3F:3B:B1:D5:2F:4A:C5:01:0F:E4:38:9D:0F:ED:A2:97:9F:C8:BA:78
Certificate issuer:       /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial:       018CC64B68882FC456095DF48A4522041F24
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/Pzux1S9KxQEP5DidD-2il5_Iung.roa
Signing time:             Mon 01 Jan 2024 18:31:19 +0000
ROA not before:           Mon 01 Jan 2024 18:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10753
IP address blocks:        5.102.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:68:88:2f:c4:56:09:5d:f4:8a:45:22:04:1f:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
        Validity
            Not Before: Jan  1 18:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f3bb1d52f4ac5010fe4389d0feda2979fc8ba78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:42:7b:ec:fa:64:82:1c:17:89:c7:bc:ff:81:
                    97:ce:00:76:b7:19:2b:c2:c2:45:35:47:a8:81:6f:
                    b1:02:94:48:dc:d8:7f:76:4d:d5:a0:a6:be:77:20:
                    d0:14:32:4a:cb:c6:d5:13:1f:1c:27:34:af:be:ee:
                    44:51:5f:df:1a:ae:11:47:45:0d:c2:8f:2f:5b:17:
                    04:d0:d3:b8:19:87:ab:e2:98:93:3e:4e:4a:34:6b:
                    76:5c:40:76:7b:10:4a:61:f9:4f:92:79:8a:f0:9c:
                    aa:ae:08:f9:b5:39:44:ec:9b:4a:ff:4a:19:d9:98:
                    91:1f:2c:18:48:5c:ed:d1:a0:2e:af:d6:cb:2f:ee:
                    f5:b5:a1:7c:8d:8b:18:1d:1a:3a:a9:8e:c6:50:c3:
                    11:ac:b8:e1:15:7d:d8:c6:3d:7e:e0:d5:4b:60:43:
                    ed:ba:40:ce:1c:9a:db:f0:cf:f1:1e:87:a6:21:3a:
                    04:be:28:e5:a5:bf:fd:30:66:83:ad:e2:38:4e:ad:
                    c2:2f:04:00:c0:7c:71:a9:83:eb:e2:66:22:c2:3a:
                    31:f9:2e:51:fb:1c:f4:74:6d:22:46:50:93:44:f3:
                    e8:bb:52:08:ae:89:4e:86:7a:b4:0d:79:8b:b2:bc:
                    47:89:e2:74:0a:11:7f:91:ae:4f:cf:50:27:e6:06:
                    45:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:3B:B1:D5:2F:4A:C5:01:0F:E4:38:9D:0F:ED:A2:97:9F:C8:BA:78
            X509v3 Authority Key Identifier:
                keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/Pzux1S9KxQEP5DidD-2il5_Iung.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:39:38:5f:8e:27:ec:e3:6e:f9:ee:93:a7:32:b1:7f:1c:f0:
         ef:1b:17:81:6c:dc:08:b3:05:04:89:17:41:81:af:43:da:56:
         c1:99:56:dd:76:a3:53:b3:48:0e:30:40:8f:de:32:a2:6e:c5:
         f6:29:b6:29:f3:cc:05:c3:0f:72:6f:7f:82:1e:27:c0:8d:9e:
         53:e0:df:15:dd:3c:e5:de:27:e1:56:26:46:91:9f:d7:b0:b6:
         b1:41:f0:5e:b2:78:03:7c:6a:83:5a:6a:13:76:7a:75:e8:e3:
         e0:7a:9a:7e:97:10:ca:6d:a3:37:7d:95:e8:ff:fd:dc:89:4d:
         75:c3:11:ae:53:b4:7f:55:e7:ea:b2:0e:84:05:b1:ca:26:0e:
         c3:0a:09:7a:d8:b4:8d:d4:c9:24:5c:c6:4b:b8:29:b4:9c:1d:
         a7:2e:45:54:79:7f:a7:4f:44:17:c7:6f:84:73:87:ab:54:ff:
         82:aa:37:a8:9c:6f:f2:c0:96:1f:5c:e4:b2:62:f8:b9:53:e4:
         2d:36:f4:15:36:d4:9c:00:59:04:f9:21:8a:60:d8:33:27:40:
         d8:53:2f:6d:f8:c3:61:4e:f7:1d:53:78:9f:af:a9:13:7c:2a:
         f0:fb:6b:13:ae:41:87:63:69:21:a1:10:ce:83:d8:74:c8:b9:
         08:4c:fa:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS2iIL8RWCV30ikUiBB8kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjQwMTAxMTgzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjNiYjFkNTJmNGFjNTAxMGZlNDM4OWQwZmVkYTI5NzlmYzhiYTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukJ77PpkghwXice8/4GXzgB2txkr
wsJFNUeogW+xApRI3Nh/dk3VoKa+dyDQFDJKy8bVEx8cJzSvvu5EUV/fGq4RR0UN
wo8vWxcE0NO4GYer4piTPk5KNGt2XEB2exBKYflPknmK8Jyqrgj5tTlE7JtK/0oZ
2ZiRHywYSFzt0aAur9bLL+71taF8jYsYHRo6qY7GUMMRrLjhFX3Yxj1+4NVLYEPt
ukDOHJrb8M/xHoemIToEvijlpb/9MGaDreI4Tq3CLwQAwHxxqYPr4mYiwjox+S5R
+xz0dG0iRlCTRPPou1IIrolOhnq0DXmLsrxHieJ0ChF/ka5Pz1An5gZF4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD87sdUvSsUBD+Q4nQ/topefyLp4MB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEvUHp1eDFTOUt4UUVQNURpZEQtMmlsNV9JdW5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWYnMA0G
CSqGSIb3DQEBCwUAA4IBAQAYOThfjifs42757pOnMrF/HPDvGxeBbNwIswUEiRdB
ga9D2lbBmVbddqNTs0gOMECP3jKibsX2KbYp88wFww9yb3+CHifAjZ5T4N8V3Tzl
3ifhViZGkZ/XsLaxQfBesngDfGqDWmoTdnp16OPgepp+lxDKbaM3fZXo//3ciU11
wxGuU7R/Vefqsg6EBbHKJg7DCgl62LSN1MkkXMZLuCm0nB2nLkVUeX+nT0QXx2+E
c4erVP+CqjeonG/ywJYfXOSyYvi5U+QtNvQVNtScAFkE+SGKYNgzJ0DYUy9t+MNh
TvcdU3ifr6kTfCrw+2sTrkGHY2khoRDOg9h0yLkITPrh
-----END CERTIFICATE-----