Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/a821df-6b49-4489-8a77-d1246cc2c34e/1/PGpk2qjaEHATBO5WJqpwQvvo-t4.roa
File:                     PGpk2qjaEHATBO5WJqpwQvvo-t4.roa (raw, json)
Hash identifier:          sxUY6k6RZnsEb5wstWgn4/zoH8gCs5vVrsT2wup6jP0=
Subject key identifier:   3C:6A:64:DA:A8:DA:10:70:13:04:EE:56:26:AA:70:42:FB:E8:FA:DE
Certificate issuer:       /CN=0e0134fafba72e06339cadc55d5f13bae482b12d
Certificate serial:       019421B1EBDF71F7BA26BB59174707CF8A65
Authority key identifier: 0E:01:34:FA:FB:A7:2E:06:33:9C:AD:C5:5D:5F:13:BA:E4:82:B1:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DgE0-vunLgYznK3FXV8TuuSCsS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/a821df-6b49-4489-8a77-d1246cc2c34e/1/PGpk2qjaEHATBO5WJqpwQvvo-t4.roa
Signing time:             Wed 01 Jan 2025 11:48:15 +0000
ROA not before:           Wed 01 Jan 2025 11:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28878
IP address blocks:        193.30.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/a821df-6b49-4489-8a77-d1246cc2c34e/1/DgE0-vunLgYznK3FXV8TuuSCsS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/a821df-6b49-4489-8a77-d1246cc2c34e/1/DgE0-vunLgYznK3FXV8TuuSCsS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DgE0-vunLgYznK3FXV8TuuSCsS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 02:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:eb:df:71:f7:ba:26:bb:59:17:47:07:cf:8a:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e0134fafba72e06339cadc55d5f13bae482b12d
        Validity
            Not Before: Jan  1 11:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c6a64daa8da10701304ee5626aa7042fbe8fade
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:6a:db:c7:78:2c:fa:53:d2:41:3e:1c:ec:dc:
                    07:0d:72:28:6f:f6:0e:bb:c1:5a:92:38:ec:1d:57:
                    99:3e:16:0a:11:a6:71:ea:9d:d2:64:07:70:f6:e0:
                    02:52:c4:73:08:d9:07:7e:9d:1e:39:94:85:63:47:
                    27:0a:20:1c:88:be:18:18:79:81:4e:3d:d9:33:87:
                    ca:15:20:30:4d:25:f4:f9:27:5b:2d:a6:dd:1c:84:
                    e7:92:d1:53:91:6d:28:c2:3c:4b:c1:a5:dc:3a:29:
                    ac:e5:ee:91:64:da:54:28:eb:b0:a5:fb:1c:43:d2:
                    6b:ee:a1:72:cb:08:c2:c2:58:e3:cb:97:d8:d6:62:
                    35:17:f6:fd:b0:7a:1a:6d:5c:5e:f8:85:52:ae:6c:
                    36:c0:82:42:5c:c3:02:f0:9d:8a:9f:88:9e:79:c2:
                    c6:27:71:44:64:81:30:6a:da:96:df:d4:80:1d:23:
                    d8:05:b8:85:9b:31:17:bd:0b:86:31:0b:2b:05:04:
                    2c:9a:63:67:b9:ad:24:63:bc:80:62:60:b7:03:d1:
                    fa:3d:d9:3a:72:42:3a:cb:c8:21:a3:8b:cb:09:c3:
                    d6:e3:e5:28:79:39:33:e2:e7:c2:62:f1:e1:fa:7e:
                    14:09:73:41:4b:47:ac:0d:7f:4c:a5:d0:92:26:c6:
                    e4:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:6A:64:DA:A8:DA:10:70:13:04:EE:56:26:AA:70:42:FB:E8:FA:DE
            X509v3 Authority Key Identifier:
                keyid:0E:01:34:FA:FB:A7:2E:06:33:9C:AD:C5:5D:5F:13:BA:E4:82:B1:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DgE0-vunLgYznK3FXV8TuuSCsS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/a821df-6b49-4489-8a77-d1246cc2c34e/1/PGpk2qjaEHATBO5WJqpwQvvo-t4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/a821df-6b49-4489-8a77-d1246cc2c34e/1/DgE0-vunLgYznK3FXV8TuuSCsS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:46:21:d7:1a:04:56:62:0a:b1:f9:d9:38:35:69:1f:6f:0c:
         5e:27:72:58:a8:d4:08:0c:3d:dd:38:c6:51:30:81:49:49:57:
         40:07:21:bb:9a:d0:c5:b3:bd:38:b6:4b:54:d3:28:3a:9e:09:
         8b:66:e9:b3:55:ff:1e:fe:d3:01:dc:85:1a:95:ad:6c:6f:e4:
         3d:2e:2e:82:49:b2:30:51:bb:eb:15:e8:5b:44:e3:ad:5b:66:
         f0:9c:e9:20:97:af:15:23:20:7d:af:18:38:82:1a:06:1b:5a:
         8c:e7:c9:ca:c7:37:8b:aa:3e:86:49:f9:2a:c2:51:bb:10:c9:
         00:7b:33:c3:61:b3:63:6e:bb:c7:b3:c1:ad:91:2c:2e:c8:93:
         8b:4b:88:b3:e7:59:35:d1:d0:b9:4f:4b:0f:da:9d:0e:50:5a:
         39:c4:ae:4c:9a:ce:68:ff:b7:c2:f0:aa:26:c0:b5:ec:1c:12:
         29:2b:24:b9:15:41:c4:9a:e5:19:26:f1:f4:79:6c:c3:96:0a:
         c0:a2:d0:bc:ae:b3:94:1c:c5:f9:ea:10:01:31:89:bc:bd:13:
         0b:5b:50:c1:ad:3d:27:28:4f:50:8d:8c:8e:7f:a6:65:f8:f2:
         2b:5a:38:53:9b:ee:3e:fc:da:91:b9:f5:35:6a:1a:2e:72:cb:
         0c:ad:11:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsevfcfe6JrtZF0cHz4plMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMDEzNGZhZmJhNzJlMDYzMzljYWRjNTVkNWYxM2JhZTQ4
MmIxMmQwHhcNMjUwMTAxMTE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzZhNjRkYWE4ZGExMDcwMTMwNGVlNTYyNmFhNzA0MmZiZThmYWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2rbx3gs+lPSQT4c7NwHDXIob/YO
u8FakjjsHVeZPhYKEaZx6p3SZAdw9uACUsRzCNkHfp0eOZSFY0cnCiAciL4YGHmB
Tj3ZM4fKFSAwTSX0+SdbLabdHITnktFTkW0owjxLwaXcOims5e6RZNpUKOuwpfsc
Q9Jr7qFyywjCwljjy5fY1mI1F/b9sHoabVxe+IVSrmw2wIJCXMMC8J2Kn4ieecLG
J3FEZIEwatqW39SAHSPYBbiFmzEXvQuGMQsrBQQsmmNnua0kY7yAYmC3A9H6Pdk6
ckI6y8gho4vLCcPW4+UoeTkz4ufCYvHh+n4UCXNBS0esDX9MpdCSJsbkUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxqZNqo2hBwEwTuViaqcEL76PreMB8GA1UdIwQY
MBaAFA4BNPr7py4GM5ytxV1fE7rkgrEtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGdFMC12dW5MZ1l6bkszRlhWOFR1dVNDc1MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9hODIxZGYtNmI0OS00NDg5LThhNzct
ZDEyNDZjYzJjMzRlLzEvUEdwazJxamFFSEFUQk81V0pxcHdRdnZvLXQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9hODIxZGYtNmI0OS00NDg5LThhNzctZDEyNDZjYzJjMzRl
LzEvRGdFMC12dW5MZ1l6bkszRlhWOFR1dVNDc1MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR6qMA0G
CSqGSIb3DQEBCwUAA4IBAQC3RiHXGgRWYgqx+dk4NWkfbwxeJ3JYqNQIDD3dOMZR
MIFJSVdAByG7mtDFs704tktU0yg6ngmLZumzVf8e/tMB3IUala1sb+Q9Li6CSbIw
UbvrFehbROOtW2bwnOkgl68VIyB9rxg4ghoGG1qM58nKxzeLqj6GSfkqwlG7EMkA
ezPDYbNjbrvHs8GtkSwuyJOLS4iz51k10dC5T0sP2p0OUFo5xK5Mms5o/7fC8Kom
wLXsHBIpKyS5FUHEmuUZJvH0eWzDlgrAotC8rrOUHMX56hABMYm8vRMLW1DBrT0n
KE9QjYyOf6Zl+PIrWjhTm+4+/NqRufU1ahoucssMrREk
-----END CERTIFICATE-----