Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/PskBO-hDKENpyj5TTl1bEDl9XFc.roa
File:                     PskBO-hDKENpyj5TTl1bEDl9XFc.roa (raw, json)
Hash identifier:          tVSD5b97fIERDtyitQPZy1bsEOcd19dJWMvlkxpkiNA=
Subject key identifier:   3E:C9:01:3B:E8:43:28:43:69:CA:3E:53:4E:5D:5B:10:39:7D:5C:57
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       019427484057420EE7B619D75392362E6352
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/PskBO-hDKENpyj5TTl1bEDl9XFc.roa
Signing time:             Thu 02 Jan 2025 13:50:33 +0000
ROA not before:           Thu 02 Jan 2025 13:50:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199234
IP address blocks:        78.159.94.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:40:57:42:0e:e7:b6:19:d7:53:92:36:2e:63:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Jan  2 13:50:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ec9013be843284369ca3e534e5d5b10397d5c57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:05:36:f2:bc:10:53:2a:2d:47:02:e3:9e:53:
                    67:62:33:ce:67:4b:a1:24:32:9e:a4:40:f1:4d:36:
                    73:29:aa:e4:62:49:59:2e:a3:21:fc:d2:98:dc:c5:
                    8b:4d:e7:4d:18:8d:d9:e2:c3:35:d7:89:f9:33:4e:
                    e6:8b:99:df:e6:02:56:51:6b:93:a9:79:5b:a0:01:
                    b1:de:3d:71:0a:74:bc:72:f2:f0:2b:eb:d4:3c:d0:
                    98:46:f1:a7:71:3e:5f:64:40:1b:ef:ca:68:6b:4c:
                    58:b2:c8:1f:e5:88:58:75:cf:13:c8:c9:a8:ba:76:
                    25:44:57:69:d1:61:f0:e0:03:b7:7f:99:6b:d8:45:
                    49:42:f2:e8:8d:31:8d:53:78:14:2d:15:00:72:dc:
                    1f:30:18:ed:f1:29:b8:ce:8c:a4:35:2c:1f:d8:bc:
                    92:13:e9:36:dc:05:ac:1c:07:2f:19:90:69:bc:01:
                    ff:f4:e7:db:79:56:b0:67:16:b9:25:e0:30:c5:e2:
                    bc:80:2c:32:6a:91:46:4a:6a:5f:4b:f3:f6:e1:9c:
                    6e:3a:7f:df:f9:30:b6:1e:c0:7e:d0:6a:74:f0:26:
                    fb:f0:51:2a:ad:24:5d:98:37:db:33:c3:81:8e:4e:
                    12:f3:0c:4b:47:3d:86:1e:b2:83:cf:69:8b:27:28:
                    e5:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:C9:01:3B:E8:43:28:43:69:CA:3E:53:4E:5D:5B:10:39:7D:5C:57
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/PskBO-hDKENpyj5TTl1bEDl9XFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.159.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:23:0a:e2:e2:6c:8d:3e:77:18:30:11:ec:27:41:4c:7c:16:
         3e:eb:a8:59:3d:46:09:ac:92:8e:ea:f8:2b:82:24:84:6b:e4:
         8a:12:24:9b:bd:de:a4:d3:15:f4:da:10:20:df:40:b0:f7:72:
         08:ce:de:a3:1f:1f:d4:c6:2f:ef:03:ea:b7:2f:a5:b2:22:29:
         03:a9:e7:1a:ed:11:e8:90:7c:24:2a:80:7b:63:f8:46:ce:37:
         ac:d6:24:3b:7b:84:27:9b:06:4f:b8:46:ce:df:69:13:22:1f:
         a3:ff:e6:a1:70:2e:a9:1f:d0:44:c3:f9:96:2b:30:9c:26:05:
         50:7f:cf:33:d9:22:8f:c8:a7:f4:34:75:6b:17:cc:75:68:ae:
         30:e9:c7:c4:7a:c4:c4:96:b5:0d:99:c8:5b:e1:31:39:9e:99:
         74:ee:36:32:f6:cb:8a:b2:81:67:d6:47:7d:0f:77:fc:56:b7:
         78:ef:e4:64:97:54:22:8c:aa:47:4f:36:70:67:33:dc:8c:b8:
         76:1e:b3:a7:64:67:19:a5:0e:c7:86:6b:06:77:49:0a:18:ab:
         7f:4a:69:18:00:91:ba:f1:b0:79:f3:c3:74:5e:b4:68:ae:cf:
         87:02:2a:e3:51:7d:13:9c:ca:02:6d:9a:bd:38:18:1d:5c:e9:
         4b:f3:1b:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSEBXQg7nthnXU5I2LmNSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjUwMTAyMTM1MDMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWM5MDEzYmU4NDMyODQzNjljYTNlNTM0ZTVkNWIxMDM5N2Q1YzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQU28rwQUyotRwLjnlNnYjPOZ0uh
JDKepEDxTTZzKarkYklZLqMh/NKY3MWLTedNGI3Z4sM114n5M07mi5nf5gJWUWuT
qXlboAGx3j1xCnS8cvLwK+vUPNCYRvGncT5fZEAb78poa0xYssgf5YhYdc8TyMmo
unYlRFdp0WHw4AO3f5lr2EVJQvLojTGNU3gULRUActwfMBjt8Sm4zoykNSwf2LyS
E+k23AWsHAcvGZBpvAH/9OfbeVawZxa5JeAwxeK8gCwyapFGSmpfS/P24ZxuOn/f
+TC2HsB+0Gp08Cb78FEqrSRdmDfbM8OBjk4S8wxLRz2GHrKDz2mLJyjlIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7JATvoQyhDaco+U05dWxA5fVxXMB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEvUHNrQk8taERLRU5weWo1VFRsMWJFRGw5WEZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTp9eMA0G
CSqGSIb3DQEBCwUAA4IBAQAbIwri4myNPncYMBHsJ0FMfBY+66hZPUYJrJKO6vgr
giSEa+SKEiSbvd6k0xX02hAg30Cw93IIzt6jHx/Uxi/vA+q3L6WyIikDqeca7RHo
kHwkKoB7Y/hGzjes1iQ7e4QnmwZPuEbO32kTIh+j/+ahcC6pH9BEw/mWKzCcJgVQ
f88z2SKPyKf0NHVrF8x1aK4w6cfEesTElrUNmchb4TE5npl07jYy9suKsoFn1kd9
D3f8Vrd47+Rkl1QijKpHTzZwZzPcjLh2HrOnZGcZpQ7HhmsGd0kKGKt/SmkYAJG6
8bB588N0XrRors+HAirjUX0TnMoCbZq9OBgdXOlL8xuO
-----END CERTIFICATE-----