Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/PQGPR5yVWSffsy8IlnDOzcdMR6s.roa
File:                     PQGPR5yVWSffsy8IlnDOzcdMR6s.roa (raw, json)
Hash identifier:          LUZz+R+huTLVC+Z+PM0HMjZC+7Dn258GzsmnuoxAsfs=
Subject key identifier:   3D:01:8F:47:9C:95:59:27:DF:B3:2F:08:96:70:CE:CD:C7:4C:47:AB
Certificate issuer:       /CN=dbcc2bbaf3e0d4342a014f8b70f873cee9a8cac5
Certificate serial:       018CC870A6DADA847424A20EA5E617B3868A
Authority key identifier: DB:CC:2B:BA:F3:E0:D4:34:2A:01:4F:8B:70:F8:73:CE:E9:A8:CA:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/28wruvPg1DQqAU-LcPhzzumoysU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/PQGPR5yVWSffsy8IlnDOzcdMR6s.roa
Signing time:             Tue 02 Jan 2024 04:31:15 +0000
ROA not before:           Tue 02 Jan 2024 04:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205198
IP address blocks:        193.16.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/28wruvPg1DQqAU-LcPhzzumoysU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/28wruvPg1DQqAU-LcPhzzumoysU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/28wruvPg1DQqAU-LcPhzzumoysU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:a6:da:da:84:74:24:a2:0e:a5:e6:17:b3:86:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbcc2bbaf3e0d4342a014f8b70f873cee9a8cac5
        Validity
            Not Before: Jan  2 04:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d018f479c955927dfb32f089670cecdc74c47ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d9:f9:f7:3c:3b:b1:e7:a3:4a:bf:23:de:2a:
                    19:03:7b:ca:ff:47:70:de:58:60:5c:54:a8:90:35:
                    29:8c:9a:94:d5:a0:c0:c1:31:cf:7a:b3:6b:f1:ee:
                    2a:90:bd:84:3d:5c:7a:f5:b4:00:a8:85:e3:69:54:
                    cb:57:ee:d2:e4:6a:fe:4f:6f:37:ba:b0:da:5f:d9:
                    1f:f6:2e:10:6b:4d:3e:3d:60:f5:12:1b:31:97:13:
                    a3:8a:21:1f:ff:17:12:16:59:24:b5:4d:49:c8:45:
                    6d:c6:5a:c6:dd:81:a0:34:a8:06:12:1d:0e:cd:89:
                    31:5d:ee:85:4b:2b:fa:00:8c:57:82:98:b6:a3:de:
                    0a:4a:d9:e4:ce:5e:9a:a2:32:3b:7e:5a:86:db:2f:
                    7e:c7:75:86:75:fd:5c:07:c7:9d:ff:ac:e5:fb:8e:
                    d8:bb:85:85:fd:74:db:8d:e2:99:23:39:53:aa:ff:
                    ea:c6:8e:71:76:75:7e:4d:51:03:a6:50:b4:e8:d9:
                    a7:e2:8f:98:59:76:6b:05:e0:28:0b:e2:55:67:e3:
                    db:0b:b7:4d:76:47:52:8e:fe:a0:d3:53:f7:e7:fd:
                    8c:ac:56:7a:eb:51:7b:ec:f8:15:f6:30:b0:cd:76:
                    7e:9a:20:4c:ae:3e:42:3e:78:60:1c:bb:ff:1b:98:
                    7d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:01:8F:47:9C:95:59:27:DF:B3:2F:08:96:70:CE:CD:C7:4C:47:AB
            X509v3 Authority Key Identifier:
                keyid:DB:CC:2B:BA:F3:E0:D4:34:2A:01:4F:8B:70:F8:73:CE:E9:A8:CA:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/28wruvPg1DQqAU-LcPhzzumoysU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/PQGPR5yVWSffsy8IlnDOzcdMR6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/28wruvPg1DQqAU-LcPhzzumoysU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:86:7f:f3:18:f1:d8:54:c8:c0:19:a1:89:00:e3:17:e0:4a:
         3a:33:bf:89:9c:17:9b:ae:eb:88:c5:d7:da:ad:11:6e:80:dc:
         27:a1:81:4d:a2:83:39:43:bb:99:a1:b3:fd:c2:93:32:47:24:
         c0:40:62:ec:cf:31:52:f2:69:01:4c:0e:d0:4c:65:1b:dd:11:
         a4:fa:1d:b0:f2:6a:e8:6b:3b:0c:eb:53:1c:70:27:3b:bf:5a:
         93:48:9a:c8:da:6e:00:a6:22:80:26:ca:61:60:07:38:8a:c2:
         cb:d2:dc:11:ff:12:bb:1c:3a:1d:4f:25:7b:d0:8b:dc:d2:56:
         b0:99:38:41:0b:38:79:5f:9a:6c:a0:15:d8:78:b4:23:08:8a:
         f2:65:a8:00:24:82:87:3c:9f:68:19:f2:50:28:f9:97:75:6c:
         bc:d7:79:07:f7:0a:bc:23:20:a1:36:10:8c:4a:69:6a:b5:df:
         07:5f:05:e3:30:80:c2:e9:b5:5b:ef:e3:df:c6:0d:0c:2d:35:
         34:a5:ac:55:02:ad:04:3f:b6:bb:11:58:2b:b8:f4:6e:b9:64:
         5e:13:61:26:a3:13:0a:d2:3c:37:9c:94:b0:a7:91:17:97:93:
         c9:2c:b5:95:6c:9c:4f:28:b2:9e:09:d0:d7:0c:fc:e1:c5:a3:
         77:34:d2:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcKba2oR0JKIOpeYXs4aKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiY2MyYmJhZjNlMGQ0MzQyYTAxNGY4YjcwZjg3M2NlZTlh
OGNhYzUwHhcNMjQwMTAyMDQzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDAxOGY0NzljOTU1OTI3ZGZiMzJmMDg5NjcwY2VjZGM3NGM0N2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9n59zw7seejSr8j3ioZA3vK/0dw
3lhgXFSokDUpjJqU1aDAwTHPerNr8e4qkL2EPVx69bQAqIXjaVTLV+7S5Gr+T283
urDaX9kf9i4Qa00+PWD1EhsxlxOjiiEf/xcSFlkktU1JyEVtxlrG3YGgNKgGEh0O
zYkxXe6FSyv6AIxXgpi2o94KStnkzl6aojI7flqG2y9+x3WGdf1cB8ed/6zl+47Y
u4WF/XTbjeKZIzlTqv/qxo5xdnV+TVEDplC06Nmn4o+YWXZrBeAoC+JVZ+PbC7dN
dkdSjv6g01P35/2MrFZ661F77PgV9jCwzXZ+miBMrj5CPnhgHLv/G5h92QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD0Bj0eclVkn37MvCJZwzs3HTEerMB8GA1UdIwQY
MBaAFNvMK7rz4NQ0KgFPi3D4c87pqMrFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjh3cnV2UGcxRFFxQVUtTGNQaHp6dW1veXNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC80MTRlZjQtNGMxZi00MjU2LTg4Yzkt
ZjRkNWU4NGFjMWRkLzEvUFFHUFI1eVZXU2Zmc3k4SWxuRE96Y2RNUjZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC80MTRlZjQtNGMxZi00MjU2LTg4YzktZjRkNWU4NGFjMWRk
LzEvMjh3cnV2UGcxRFFxQVUtTGNQaHp6dW1veXNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRDqMA0G
CSqGSIb3DQEBCwUAA4IBAQAEhn/zGPHYVMjAGaGJAOMX4Eo6M7+JnBebruuIxdfa
rRFugNwnoYFNooM5Q7uZobP9wpMyRyTAQGLszzFS8mkBTA7QTGUb3RGk+h2w8mro
azsM61MccCc7v1qTSJrI2m4ApiKAJsphYAc4isLL0twR/xK7HDodTyV70Ivc0law
mThBCzh5X5psoBXYeLQjCIryZagAJIKHPJ9oGfJQKPmXdWy813kH9wq8IyChNhCM
Smlqtd8HXwXjMIDC6bVb7+Pfxg0MLTU0paxVAq0EP7a7EVgruPRuuWReE2EmoxMK
0jw3nJSwp5EXl5PJLLWVbJxPKLKeCdDXDPzhxaN3NNL/
-----END CERTIFICATE-----