Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/PkKP6xpm-NY1VuTQexcicrcN8pY.roa
File:                     PkKP6xpm-NY1VuTQexcicrcN8pY.roa (raw, json)
Hash identifier:          Ukal8KmlZlz3QHXQtDB3UD8S4X3DSQhCcdYx18e7WeY=
Subject key identifier:   3E:42:8F:EB:1A:66:F8:D6:35:56:E4:D0:7B:17:22:72:B7:0D:F2:96
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       0193060F3A7961434625B94F05745C16DE7B
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/PkKP6xpm-NY1VuTQexcicrcN8pY.roa
Signing time:             Thu 07 Nov 2024 09:58:01 +0000
ROA not before:           Thu 07 Nov 2024 09:58:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151612
IP address blocks:        85.117.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:06:0f:3a:79:61:43:46:25:b9:4f:05:74:5c:16:de:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Nov  7 09:58:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e428feb1a66f8d63556e4d07b172272b70df296
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:98:9c:29:80:88:9b:70:12:a4:72:dd:e5:54:
                    2a:12:5d:6d:dd:10:74:12:8d:51:96:3a:57:d9:b4:
                    71:4b:4e:2e:f5:13:50:95:98:60:a4:e6:9a:c3:fe:
                    74:df:3b:06:03:de:9a:26:e4:bc:40:4e:43:01:0e:
                    d6:5d:4e:15:45:b0:d9:b9:0d:48:be:de:6f:9f:0c:
                    d2:9a:45:30:7a:7b:1a:e4:05:7d:d0:04:a6:ef:88:
                    77:6a:3c:50:99:19:13:8c:03:75:a8:b0:84:1a:45:
                    f9:08:f7:8b:e1:3c:33:91:11:f9:bb:79:24:86:d8:
                    3e:f3:c8:3d:aa:fe:39:e1:4d:ab:a9:65:2b:2c:5e:
                    72:26:fc:e0:13:5a:c3:ee:53:b1:c7:f5:ad:8c:ed:
                    0b:67:92:7e:7d:85:73:0f:e2:89:89:90:09:c4:cc:
                    7b:08:a8:5e:3d:2a:ae:98:ee:42:e5:ca:bf:87:e5:
                    94:d0:ed:99:12:4e:49:85:47:90:df:3a:97:19:34:
                    45:a4:c3:81:a3:bb:ca:4d:3c:30:57:7b:ef:44:68:
                    b5:7b:7b:35:22:95:4b:8e:19:92:82:1b:3b:22:f6:
                    11:26:0d:27:fa:ba:d8:6d:20:13:be:ea:4e:36:a6:
                    fd:81:b4:9a:94:f1:8f:a7:8d:58:4b:9a:19:6a:a7:
                    22:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:42:8F:EB:1A:66:F8:D6:35:56:E4:D0:7B:17:22:72:B7:0D:F2:96
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/PkKP6xpm-NY1VuTQexcicrcN8pY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.117.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:d3:9d:c5:6c:bb:15:33:ca:5b:6e:80:a9:5d:56:d0:54:3d:
         07:63:49:40:e5:e1:71:6d:b0:66:d2:ab:cb:a5:f7:16:2d:e7:
         ea:29:3a:72:3b:97:e5:b7:29:23:d4:c2:c9:2e:eb:65:54:90:
         c8:02:71:39:08:91:73:86:c1:ee:be:8a:51:ac:36:5c:f8:7d:
         d5:7c:f3:be:f5:55:7e:53:fc:83:6a:1c:22:13:e3:a6:5a:92:
         1c:3d:46:52:36:14:e1:92:14:d6:52:8e:b9:63:2a:41:71:76:
         3c:35:2c:09:2a:53:c2:44:aa:7d:d3:bf:c6:03:25:ad:b2:d3:
         0f:2e:e2:ef:d9:10:c6:c4:a5:29:01:64:a2:4f:1b:25:c7:58:
         c5:be:ee:b1:79:2b:d1:be:46:6a:0b:13:9b:84:eb:b2:b5:9c:
         bb:e7:62:56:0f:51:75:59:7b:f7:95:10:a9:9c:49:a1:3b:af:
         f2:b0:1b:7e:50:93:1c:29:5e:26:ac:24:c3:ef:83:b3:b9:32:
         d3:6e:cc:ce:a2:fc:df:8d:cc:4e:e5:1b:c1:e0:f5:17:78:da:
         47:c1:2f:b1:5f:93:1b:c8:5f:92:f6:7a:21:1c:ee:58:c8:c4:
         e8:ab:39:a8:49:fd:9d:70:44:21:c0:03:c2:40:51:a5:e3:48:
         79:c9:26:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMGDzp5YUNGJblPBXRcFt57MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjQxMTA3MDk1ODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTQyOGZlYjFhNjZmOGQ2MzU1NmU0ZDA3YjE3MjI3MmI3MGRmMjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5icKYCIm3ASpHLd5VQqEl1t3RB0
Eo1RljpX2bRxS04u9RNQlZhgpOaaw/503zsGA96aJuS8QE5DAQ7WXU4VRbDZuQ1I
vt5vnwzSmkUwensa5AV90ASm74h3ajxQmRkTjAN1qLCEGkX5CPeL4TwzkRH5u3kk
htg+88g9qv454U2rqWUrLF5yJvzgE1rD7lOxx/WtjO0LZ5J+fYVzD+KJiZAJxMx7
CKhePSqumO5C5cq/h+WU0O2ZEk5JhUeQ3zqXGTRFpMOBo7vKTTwwV3vvRGi1e3s1
IpVLjhmSghs7IvYRJg0n+rrYbSATvupONqb9gbSalPGPp41YS5oZaqcitQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD5Cj+saZvjWNVbk0HsXInK3DfKWMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvUGtLUDZ4cG0tTlkxVnVUUWV4Y2ljcmNOOHBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXXzMA0G
CSqGSIb3DQEBCwUAA4IBAQBe053FbLsVM8pbboCpXVbQVD0HY0lA5eFxbbBm0qvL
pfcWLefqKTpyO5fltykj1MLJLutlVJDIAnE5CJFzhsHuvopRrDZc+H3VfPO+9VV+
U/yDahwiE+OmWpIcPUZSNhThkhTWUo65YypBcXY8NSwJKlPCRKp907/GAyWtstMP
LuLv2RDGxKUpAWSiTxslx1jFvu6xeSvRvkZqCxObhOuytZy752JWD1F1WXv3lRCp
nEmhO6/ysBt+UJMcKV4mrCTD74OzuTLTbszOovzfjcxO5RvB4PUXeNpHwS+xX5Mb
yF+S9nohHO5YyMToqzmoSf2dcEQhwAPCQFGl40h5ySYW
-----END CERTIFICATE-----