Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/PSPY4-YznB2DqeefZ-4J0LYUXr8.roa
File:                     PSPY4-YznB2DqeefZ-4J0LYUXr8.roa (raw, json)
Hash identifier:          n47AA/r8o+zdi+Yx+v2548iqAm81SOR/zwEWZtO1e48=
Subject key identifier:   3D:23:D8:E3:E6:33:9C:1D:83:A9:E7:9F:67:EE:09:D0:B6:14:5E:BF
Certificate issuer:       /CN=4ecf53007c79cc5e2f2d7356ba9121a78c0c7714
Certificate serial:       0191086ECDAE0CB4EA38682E34E96E36BD77
Authority key identifier: 4E:CF:53:00:7C:79:CC:5E:2F:2D:73:56:BA:91:21:A7:8C:0C:77:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/PSPY4-YznB2DqeefZ-4J0LYUXr8.roa
Signing time:             Wed 31 Jul 2024 10:56:04 +0000
ROA not before:           Wed 31 Jul 2024 10:56:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33900
IP address blocks:        194.6.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:08:6e:cd:ae:0c:b4:ea:38:68:2e:34:e9:6e:36:bd:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ecf53007c79cc5e2f2d7356ba9121a78c0c7714
        Validity
            Not Before: Jul 31 10:56:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d23d8e3e6339c1d83a9e79f67ee09d0b6145ebf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:33:35:9b:db:8d:5b:4e:9b:2d:8b:c0:9a:32:
                    91:80:26:34:ba:b0:f1:db:0f:af:9f:a7:10:90:06:
                    ef:ad:09:6e:1c:9f:b7:7f:83:81:10:88:b2:10:0c:
                    85:47:21:8a:96:fe:15:85:2d:bc:17:54:30:6c:0c:
                    eb:4b:51:de:cd:7e:7d:60:b7:0b:2b:20:a2:50:4d:
                    79:b8:32:12:eb:40:7d:38:a5:de:78:81:55:23:bf:
                    f8:60:d5:f7:ee:a8:af:e5:4a:bb:fd:c8:3e:3c:ef:
                    61:46:43:62:24:9c:0d:b0:6b:46:49:97:6e:93:25:
                    f7:68:18:36:c9:c2:fb:75:11:2b:ae:a8:bc:38:94:
                    68:91:47:6c:f3:46:eb:c1:a9:7c:09:1e:64:a6:17:
                    44:b6:92:c8:19:d0:bb:20:fa:de:61:ce:e6:f7:04:
                    93:14:e2:2f:63:50:b9:47:4b:68:22:08:01:47:6a:
                    8b:e2:4a:e2:ef:ed:11:c5:a7:76:1c:1f:4b:43:e0:
                    96:4e:75:de:ae:47:c5:48:c1:14:8d:2a:25:bc:a9:
                    e7:a2:2b:ff:08:9b:eb:29:39:4e:76:cb:5a:a0:cb:
                    b4:58:85:b3:49:64:bf:f3:b0:4c:79:ca:40:52:66:
                    67:c7:8d:d1:27:21:d7:09:ac:0b:41:a1:b8:35:43:
                    26:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:23:D8:E3:E6:33:9C:1D:83:A9:E7:9F:67:EE:09:D0:B6:14:5E:BF
            X509v3 Authority Key Identifier:
                keyid:4E:CF:53:00:7C:79:CC:5E:2F:2D:73:56:BA:91:21:A7:8C:0C:77:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/PSPY4-YznB2DqeefZ-4J0LYUXr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.6.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:ab:70:b9:b7:b8:06:e3:58:2d:d3:d0:9e:ee:aa:e5:eb:b3:
         51:d9:57:0d:4a:5d:a3:6a:fb:47:c8:bc:70:ae:02:aa:1b:72:
         b2:46:fe:73:dd:d4:41:73:9d:4b:e9:ad:e3:27:bd:15:80:a6:
         95:10:47:fe:d0:02:ad:77:a7:9b:26:fe:c8:b9:18:ac:5e:32:
         7d:6f:47:7e:2e:c3:d3:58:3f:c7:c2:29:79:b0:53:32:7b:80:
         40:08:4d:b4:69:91:68:4a:9f:6d:ee:f9:15:4c:e2:a9:b0:21:
         ee:10:2c:4e:16:0b:95:51:be:9e:27:d1:d4:bf:91:1d:75:08:
         61:f9:bc:e1:a0:ea:9d:47:2d:e0:7d:d4:04:3c:9f:75:87:0d:
         e9:d2:37:47:49:67:fc:62:5e:f4:b0:62:e1:8c:7e:d8:cf:93:
         a0:b2:41:2e:67:5a:b1:8d:11:50:2c:a5:d0:19:c3:ef:42:24:
         bd:23:6e:6f:1e:a1:91:1b:48:7f:7f:bb:98:95:8b:66:a5:95:
         c6:03:93:89:d2:1e:34:fe:c9:d1:7a:92:99:15:e8:4b:c1:7e:
         5b:55:01:55:c7:c8:ce:da:28:4a:f2:22:02:a4:1e:d0:68:f4:
         98:1d:a5:13:e5:e0:7b:60:32:01:78:52:cd:38:58:eb:bc:4b:
         38:f2:79:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEIbs2uDLTqOGguNOluNr13MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlY2Y1MzAwN2M3OWNjNWUyZjJkNzM1NmJhOTEyMWE3OGMw
Yzc3MTQwHhcNMjQwNzMxMTA1NjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDIzZDhlM2U2MzM5YzFkODNhOWU3OWY2N2VlMDlkMGI2MTQ1ZWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTM1m9uNW06bLYvAmjKRgCY0urDx
2w+vn6cQkAbvrQluHJ+3f4OBEIiyEAyFRyGKlv4VhS28F1QwbAzrS1HezX59YLcL
KyCiUE15uDIS60B9OKXeeIFVI7/4YNX37qiv5Uq7/cg+PO9hRkNiJJwNsGtGSZdu
kyX3aBg2ycL7dRErrqi8OJRokUds80brwal8CR5kphdEtpLIGdC7IPreYc7m9wST
FOIvY1C5R0toIggBR2qL4kri7+0Rxad2HB9LQ+CWTnXerkfFSMEUjSolvKnnoiv/
CJvrKTlOdstaoMu0WIWzSWS/87BMecpAUmZnx43RJyHXCawLQaG4NUMmGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD0j2OPmM5wdg6nnn2fuCdC2FF6/MB8GA1UdIwQY
MBaAFE7PUwB8ecxeLy1zVrqRIaeMDHcUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHM5VEFIeDV6RjR2TFhOV3VwRWhwNHdNZHhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi82NDhjNzUtMmJlOC00YmZkLWExYjEt
Y2I4YjNhMDk0MjA5LzEvUFNQWTQtWXpuQjJEcWVlZlotNEowTFlVWHI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi82NDhjNzUtMmJlOC00YmZkLWExYjEtY2I4YjNhMDk0MjA5
LzEvVHM5VEFIeDV6RjR2TFhOV3VwRWhwNHdNZHhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgb1MA0G
CSqGSIb3DQEBCwUAA4IBAQAMq3C5t7gG41gt09Ce7qrl67NR2VcNSl2javtHyLxw
rgKqG3KyRv5z3dRBc51L6a3jJ70VgKaVEEf+0AKtd6ebJv7IuRisXjJ9b0d+LsPT
WD/Hwil5sFMye4BACE20aZFoSp9t7vkVTOKpsCHuECxOFguVUb6eJ9HUv5EddQhh
+bzhoOqdRy3gfdQEPJ91hw3p0jdHSWf8Yl70sGLhjH7Yz5OgskEuZ1qxjRFQLKXQ
GcPvQiS9I25vHqGRG0h/f7uYlYtmpZXGA5OJ0h40/snRepKZFehLwX5bVQFVx8jO
2ihK8iICpB7QaPSYHaUT5eB7YDIBeFLNOFjrvEs48nkx
-----END CERTIFICATE-----