Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/770732-cc5a-42e1-8038-544b9c2e7726/1/PjWZyYUeTuuvBOx95RZmw8UgluA.roa
File:                     PjWZyYUeTuuvBOx95RZmw8UgluA.roa (raw, json)
Hash identifier:          fZwUMzji+mnLpUG6fe1rllTDP827kVE57aq0z2QUOQY=
Subject key identifier:   3E:35:99:C9:85:1E:4E:EB:AF:04:EC:7D:E5:16:66:C3:C5:20:96:E0
Certificate issuer:       /CN=c42f846f7dab127866ba27bfa964ba7d2de2044c
Certificate serial:       018CC7932D53DB35F1E2FF876C8D7EFA69CF
Authority key identifier: C4:2F:84:6F:7D:AB:12:78:66:BA:27:BF:A9:64:BA:7D:2D:E2:04:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xC-Eb32rEnhmuie_qWS6fS3iBEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/770732-cc5a-42e1-8038-544b9c2e7726/1/PjWZyYUeTuuvBOx95RZmw8UgluA.roa
Signing time:             Tue 02 Jan 2024 00:29:20 +0000
ROA not before:           Tue 02 Jan 2024 00:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33853
IP address blocks:        193.26.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/770732-cc5a-42e1-8038-544b9c2e7726/1/xC-Eb32rEnhmuie_qWS6fS3iBEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/770732-cc5a-42e1-8038-544b9c2e7726/1/xC-Eb32rEnhmuie_qWS6fS3iBEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xC-Eb32rEnhmuie_qWS6fS3iBEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:2d:53:db:35:f1:e2:ff:87:6c:8d:7e:fa:69:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c42f846f7dab127866ba27bfa964ba7d2de2044c
        Validity
            Not Before: Jan  2 00:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e3599c9851e4eebaf04ec7de51666c3c52096e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:be:3a:76:b7:3a:29:20:45:56:e7:7d:9b:cf:
                    6a:2e:3e:7e:a0:87:06:35:86:b9:0c:86:6e:5d:d4:
                    dd:0b:c6:23:5d:b3:9b:59:b5:63:53:4f:17:61:13:
                    ae:5b:18:e8:80:77:b8:16:e3:28:7a:51:03:42:30:
                    97:72:71:af:43:22:d9:40:4a:0a:4f:21:72:fd:a9:
                    19:54:8e:c2:4f:dd:5f:22:da:1d:e2:a9:b3:44:5d:
                    a1:c6:53:cf:a2:32:d7:ae:54:c2:b3:27:cc:cb:8b:
                    65:a0:2a:7a:87:1e:87:f7:56:fb:3c:2e:e4:a8:89:
                    ac:72:e6:98:4a:ff:5b:da:fb:aa:bc:48:8d:d0:82:
                    5f:e1:12:90:8b:35:3b:b6:01:65:72:18:93:f6:e6:
                    40:c9:fb:d8:04:a6:ae:09:20:91:4b:31:6b:9d:82:
                    cd:26:5b:99:c1:01:24:c0:c4:a1:ae:34:ab:bb:dc:
                    4a:57:1b:f3:a8:35:2d:9f:ba:ed:50:96:db:c0:3f:
                    ac:af:f7:6e:75:3d:9b:cc:79:c3:e3:eb:54:2b:1e:
                    81:0f:76:75:44:3c:c5:16:7e:80:c2:8b:d8:ae:ad:
                    b9:ea:ad:27:ff:89:45:07:f3:08:1b:2f:47:3a:c0:
                    38:ae:52:6b:e2:4c:38:b5:0c:64:a1:55:68:5a:be:
                    8b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:35:99:C9:85:1E:4E:EB:AF:04:EC:7D:E5:16:66:C3:C5:20:96:E0
            X509v3 Authority Key Identifier:
                keyid:C4:2F:84:6F:7D:AB:12:78:66:BA:27:BF:A9:64:BA:7D:2D:E2:04:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xC-Eb32rEnhmuie_qWS6fS3iBEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/770732-cc5a-42e1-8038-544b9c2e7726/1/PjWZyYUeTuuvBOx95RZmw8UgluA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/770732-cc5a-42e1-8038-544b9c2e7726/1/xC-Eb32rEnhmuie_qWS6fS3iBEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:28:05:3e:2a:31:b8:55:2f:64:3a:3b:bc:47:fb:a4:4a:ff:
         90:d5:cf:61:6e:ee:e4:18:e6:87:ca:34:2d:96:0c:ad:51:5b:
         1a:99:e2:41:07:64:da:a5:ee:dc:17:29:03:9f:35:ca:a4:89:
         6f:5a:94:1d:fc:49:73:62:bb:1b:bf:e1:40:77:76:c4:c7:c5:
         48:28:79:ec:c5:63:92:1f:f0:25:12:7c:e9:ba:91:54:ae:f1:
         e4:3e:da:69:2d:9b:19:aa:98:96:9d:a4:7d:50:8b:02:fa:d8:
         d1:82:2e:ca:32:fb:ba:c2:e3:5c:53:6a:df:38:cb:1c:8b:92:
         a5:8d:ab:c3:2e:aa:99:b4:a5:1b:0d:81:2c:e9:2f:ff:b1:22:
         b4:e8:dd:ed:c2:6c:6e:61:54:e0:59:5a:85:62:d5:15:06:7b:
         47:6d:d5:d4:4a:78:91:4d:c6:cf:a2:b5:0f:b5:9c:55:43:56:
         3f:49:df:eb:6a:07:85:0e:d1:9e:ad:55:c9:29:4c:cb:85:97:
         bd:eb:5d:55:11:ad:68:65:20:da:4f:9e:9c:b0:6b:e9:ce:2e:
         20:8c:a5:21:fb:6a:2e:f1:ea:d4:c5:69:02:97:4d:97:fb:ba:
         83:a8:de:01:40:eb:c3:0c:2a:2a:6f:ff:64:d1:78:37:8f:9f:
         6a:05:ff:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHky1T2zXx4v+HbI1++mnPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MmY4NDZmN2RhYjEyNzg2NmJhMjdiZmE5NjRiYTdkMmRl
MjA0NGMwHhcNMjQwMTAyMDAyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTM1OTljOTg1MWU0ZWViYWYwNGVjN2RlNTE2NjZjM2M1MjA5NmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgr46drc6KSBFVud9m89qLj5+oIcG
NYa5DIZuXdTdC8YjXbObWbVjU08XYROuWxjogHe4FuMoelEDQjCXcnGvQyLZQEoK
TyFy/akZVI7CT91fItod4qmzRF2hxlPPojLXrlTCsyfMy4tloCp6hx6H91b7PC7k
qImscuaYSv9b2vuqvEiN0IJf4RKQizU7tgFlchiT9uZAyfvYBKauCSCRSzFrnYLN
JluZwQEkwMShrjSru9xKVxvzqDUtn7rtUJbbwD+sr/dudT2bzHnD4+tUKx6BD3Z1
RDzFFn6AwovYrq256q0n/4lFB/MIGy9HOsA4rlJr4kw4tQxkoVVoWr6LzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD41mcmFHk7rrwTsfeUWZsPFIJbgMB8GA1UdIwQY
MBaAFMQvhG99qxJ4Zronv6lkun0t4gRMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEMtRWIzMnJFbmhtdWllX3FXUzZmUzNpQkV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi83NzA3MzItY2M1YS00MmUxLTgwMzgt
NTQ0YjljMmU3NzI2LzEvUGpXWnlZVWVUdXV2Qk94OTVSWm13OFVnbHVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi83NzA3MzItY2M1YS00MmUxLTgwMzgtNTQ0YjljMmU3NzI2
LzEveEMtRWIzMnJFbmhtdWllX3FXUzZmUzNpQkV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRrYMA0G
CSqGSIb3DQEBCwUAA4IBAQAbKAU+KjG4VS9kOju8R/ukSv+Q1c9hbu7kGOaHyjQt
lgytUVsameJBB2Tape7cFykDnzXKpIlvWpQd/ElzYrsbv+FAd3bEx8VIKHnsxWOS
H/AlEnzpupFUrvHkPtppLZsZqpiWnaR9UIsC+tjRgi7KMvu6wuNcU2rfOMsci5Kl
javDLqqZtKUbDYEs6S//sSK06N3twmxuYVTgWVqFYtUVBntHbdXUSniRTcbPorUP
tZxVQ1Y/Sd/rageFDtGerVXJKUzLhZe9611VEa1oZSDaT56csGvpzi4gjKUh+2ou
8erUxWkCl02X+7qDqN4BQOvDDCoqb/9k0Xg3j59qBf8B
-----END CERTIFICATE-----