Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/PZxqfF6L0Jml19R-2Y1jR5VfZpI.roa
File:                     PZxqfF6L0Jml19R-2Y1jR5VfZpI.roa (raw, json)
Hash identifier:          tSE61SvLJ/LnqoP5Hn6blqaLMq1cgcUaqi9eKfZ0vRM=
Subject key identifier:   3D:9C:6A:7C:5E:8B:D0:99:A5:D7:D4:7E:D9:8D:63:47:95:5F:66:92
Certificate issuer:       /CN=f0cc7a447482e57b0604babb82a52409cde3b36d
Certificate serial:       018CC64B75FC754B1D84D6F7347D6261DCA5
Authority key identifier: F0:CC:7A:44:74:82:E5:7B:06:04:BA:BB:82:A5:24:09:CD:E3:B3:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Mx6RHSC5XsGBLq7gqUkCc3js20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/PZxqfF6L0Jml19R-2Y1jR5VfZpI.roa
Signing time:             Mon 01 Jan 2024 18:31:23 +0000
ROA not before:           Mon 01 Jan 2024 18:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40676
IP address blocks:        86.106.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/8Mx6RHSC5XsGBLq7gqUkCc3js20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/8Mx6RHSC5XsGBLq7gqUkCc3js20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8Mx6RHSC5XsGBLq7gqUkCc3js20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:75:fc:75:4b:1d:84:d6:f7:34:7d:62:61:dc:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0cc7a447482e57b0604babb82a52409cde3b36d
        Validity
            Not Before: Jan  1 18:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d9c6a7c5e8bd099a5d7d47ed98d6347955f6692
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:4d:0e:49:23:13:8c:a2:ed:be:41:78:14:d9:
                    1e:19:28:2a:bc:15:c1:2a:2d:d4:82:48:4c:9f:bb:
                    4a:77:9a:0e:57:d2:be:71:52:2e:9b:73:fc:33:c7:
                    8a:4b:c2:8d:c9:0a:50:dd:28:82:e7:ee:30:56:8a:
                    6e:64:c0:9c:f3:17:14:bc:60:02:b2:14:e1:ba:9e:
                    43:e1:98:a5:22:8e:9f:34:ba:68:7f:8c:0a:ff:87:
                    b9:0a:75:be:8b:05:e5:38:5b:be:3d:74:a3:48:32:
                    2f:38:cc:01:ba:c1:b8:c7:87:63:af:2e:31:7e:cb:
                    43:f8:84:fc:05:27:76:f3:92:0c:f3:d0:ed:5d:49:
                    d0:17:31:28:e3:6d:2c:f6:64:24:0e:82:88:9d:3a:
                    c1:43:c1:74:87:52:4a:b2:be:45:67:0f:f0:af:2f:
                    73:fb:14:7a:5e:a1:fe:ce:33:56:3e:72:99:1e:f9:
                    ee:f8:66:ab:c1:af:93:94:d8:1e:5d:a5:2f:6f:ab:
                    cc:b7:7d:c7:0a:26:70:2f:7e:e6:ee:a3:bf:28:0d:
                    21:16:6f:35:ed:7c:2c:47:5c:2f:b4:41:78:db:f9:
                    b7:5d:ee:d4:6e:6b:44:7e:5b:13:92:24:c8:52:62:
                    9f:d2:8e:bb:37:74:44:7c:13:52:ba:11:ac:ce:ee:
                    47:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:9C:6A:7C:5E:8B:D0:99:A5:D7:D4:7E:D9:8D:63:47:95:5F:66:92
            X509v3 Authority Key Identifier:
                keyid:F0:CC:7A:44:74:82:E5:7B:06:04:BA:BB:82:A5:24:09:CD:E3:B3:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Mx6RHSC5XsGBLq7gqUkCc3js20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/PZxqfF6L0Jml19R-2Y1jR5VfZpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/8Mx6RHSC5XsGBLq7gqUkCc3js20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:ce:7b:89:6a:99:07:ad:e6:2a:ee:73:44:80:f6:2a:d4:74:
         f8:14:a5:07:6f:48:2d:fc:e9:a0:f7:02:73:24:96:b1:0c:be:
         b1:2a:29:fb:5d:a7:13:f7:05:ba:ac:f1:d3:3d:34:2a:1f:16:
         41:8f:88:c9:9c:23:69:5c:be:5b:eb:4a:bf:97:c1:1b:f7:6b:
         f8:5a:ad:e7:a1:57:0c:29:ee:59:be:db:1b:49:f6:d3:6c:a5:
         92:00:4a:e6:2a:b0:83:eb:39:1b:73:7d:46:d5:d3:70:1a:c2:
         1c:e4:cd:85:5c:a5:ea:25:da:e8:6e:74:c7:35:91:6c:03:cf:
         22:4c:e9:ae:45:71:48:87:ec:6f:0f:8a:bc:72:c0:ec:28:da:
         61:0b:78:93:15:31:f6:e4:b3:43:e8:c7:ea:9f:af:1f:e8:b1:
         b6:a2:ea:fc:ce:04:d9:d5:25:c8:76:e1:80:9b:06:4c:7a:47:
         7d:a3:4e:33:ac:f5:13:86:48:4c:60:32:82:46:20:48:6f:f4:
         87:7e:0f:38:65:ff:16:1c:46:89:db:72:d6:3e:fd:2c:a4:36:
         75:82:c3:e5:fe:85:da:ee:22:ce:46:08:4d:4b:53:03:29:9b:
         f0:fb:5f:6f:60:c1:46:28:7b:7b:0e:4e:6f:08:7e:77:db:e0:
         2a:ba:71:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS3X8dUsdhNb3NH1iYdylMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwY2M3YTQ0NzQ4MmU1N2IwNjA0YmFiYjgyYTUyNDA5Y2Rl
M2IzNmQwHhcNMjQwMTAxMTgzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDljNmE3YzVlOGJkMDk5YTVkN2Q0N2VkOThkNjM0Nzk1NWY2NjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgU0OSSMTjKLtvkF4FNkeGSgqvBXB
Ki3UgkhMn7tKd5oOV9K+cVIum3P8M8eKS8KNyQpQ3SiC5+4wVopuZMCc8xcUvGAC
shThup5D4ZilIo6fNLpof4wK/4e5CnW+iwXlOFu+PXSjSDIvOMwBusG4x4djry4x
fstD+IT8BSd285IM89DtXUnQFzEo420s9mQkDoKInTrBQ8F0h1JKsr5FZw/wry9z
+xR6XqH+zjNWPnKZHvnu+Garwa+TlNgeXaUvb6vMt33HCiZwL37m7qO/KA0hFm81
7XwsR1wvtEF42/m3Xe7UbmtEflsTkiTIUmKf0o67N3REfBNSuhGszu5HiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD2canxei9CZpdfUftmNY0eVX2aSMB8GA1UdIwQY
MBaAFPDMekR0guV7BgS6u4KlJAnN47NtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE14NlJIU0M1WHNHQkxxN2dxVWtDYzNqczIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8wZTU4ZGMtN2M5MC00OWQ3LTg4NTUt
ZmEzMmQyZDUyOTY4LzEvUFp4cWZGNkwwSm1sMTlSLTJZMWpSNVZmWnBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8wZTU4ZGMtN2M5MC00OWQ3LTg4NTUtZmEzMmQyZDUyOTY4
LzEvOE14NlJIU0M1WHNHQkxxN2dxVWtDYzNqczIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmoYMA0G
CSqGSIb3DQEBCwUAA4IBAQBLznuJapkHreYq7nNEgPYq1HT4FKUHb0gt/Omg9wJz
JJaxDL6xKin7XacT9wW6rPHTPTQqHxZBj4jJnCNpXL5b60q/l8Eb92v4Wq3noVcM
Ke5ZvtsbSfbTbKWSAErmKrCD6zkbc31G1dNwGsIc5M2FXKXqJdrobnTHNZFsA88i
TOmuRXFIh+xvD4q8csDsKNphC3iTFTH25LND6Mfqn68f6LG2our8zgTZ1SXIduGA
mwZMekd9o04zrPUThkhMYDKCRiBIb/SHfg84Zf8WHEaJ23LWPv0spDZ1gsPl/oXa
7iLORghNS1MDKZvw+19vYMFGKHt7Dk5vCH532+AqunGa
-----END CERTIFICATE-----