Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/PKMkiFfecSKjAaMeE28TrYDKyWg.roa
File:                     PKMkiFfecSKjAaMeE28TrYDKyWg.roa (raw, json)
Hash identifier:          cJKVED2cP6449h3qgTkNXoRInHrqCFdFAQZlJTOpbTk=
Subject key identifier:   3C:A3:24:88:57:DE:71:22:A3:01:A3:1E:13:6F:13:AD:80:CA:C9:68
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018CC2DB69B8C8F0C5DF21F18FF168B82AC1
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/PKMkiFfecSKjAaMeE28TrYDKyWg.roa
Signing time:             Mon 01 Jan 2024 02:30:08 +0000
ROA not before:           Mon 01 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207804
IP address blocks:        194.28.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:69:b8:c8:f0:c5:df:21:f1:8f:f1:68:b8:2a:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  1 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ca3248857de7122a301a31e136f13ad80cac968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c8:2c:16:d4:b5:6d:8b:9f:1b:92:c6:62:71:
                    74:91:aa:16:97:a2:43:c8:35:4a:f9:58:d3:59:b1:
                    39:44:98:94:67:a5:48:86:ec:73:34:56:59:cd:9d:
                    b7:62:06:33:69:75:33:6d:07:6c:2f:a9:54:34:bf:
                    1c:9f:fb:c4:2b:b1:49:9c:a6:b7:59:a9:fe:d5:68:
                    2a:14:8a:ab:93:d7:49:d9:2a:d5:b7:18:19:8f:04:
                    1f:99:e9:92:f4:4d:ed:1d:be:fc:64:d6:bf:f5:8a:
                    c8:8d:ce:b2:e5:b6:a8:61:e0:00:b1:1f:4f:d5:1a:
                    d5:d1:15:a7:b4:b7:27:9f:38:18:f3:30:c6:ad:e8:
                    8f:b8:01:91:d2:73:98:9d:e3:c0:43:78:d6:f4:17:
                    de:f7:09:9d:26:d6:3c:86:97:a5:90:0c:29:53:59:
                    c1:88:1e:c7:b7:01:df:94:bf:a7:ac:24:b4:db:90:
                    b4:78:50:e5:32:ac:66:3f:45:ae:b5:95:27:f7:1f:
                    ad:2f:35:7f:f1:d6:27:62:67:22:b8:bf:85:11:f9:
                    bd:97:06:6a:7f:8d:5b:02:3d:0b:25:e1:61:74:17:
                    ac:f4:23:1a:a4:dd:53:07:4b:64:f7:0a:3e:cf:0d:
                    c3:09:d5:4b:67:38:66:e9:d1:14:c5:2b:e8:05:cc:
                    1d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:A3:24:88:57:DE:71:22:A3:01:A3:1E:13:6F:13:AD:80:CA:C9:68
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/PKMkiFfecSKjAaMeE28TrYDKyWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.28.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:b4:ef:47:c8:d6:83:fd:49:e3:ee:1e:eb:55:c2:26:27:08:
         2b:c2:55:b4:6d:db:db:20:c1:c3:28:41:51:13:3d:8c:6d:69:
         4a:db:60:35:5f:fd:68:12:7a:a5:f1:5d:51:72:b8:93:3b:d0:
         cb:0f:3a:64:f8:77:86:4a:7e:b4:8b:bc:74:17:0e:2b:2f:f0:
         54:67:c4:cb:0f:4e:a7:82:2c:ce:65:c6:e0:9d:49:ad:86:e4:
         9a:97:9d:8e:7e:0a:e5:9d:4c:3c:46:c7:99:6c:65:48:6a:99:
         b8:73:eb:9d:3e:cc:da:b1:2c:be:72:89:ae:9b:ef:85:5f:e5:
         ef:86:6c:38:00:74:e6:fb:fe:79:74:a1:9a:e1:a8:a8:8f:22:
         a2:37:a8:78:0d:7f:38:08:58:ef:50:19:97:3a:06:51:83:ea:
         5b:7f:69:9c:54:64:29:08:2b:97:28:15:cd:bd:d7:2f:26:64:
         c3:7c:1c:70:88:59:42:92:bb:4f:e5:b2:51:69:af:69:c8:c9:
         6c:3c:1b:14:a3:29:a8:a3:fc:a0:0e:f3:22:b1:4b:42:31:5b:
         54:dd:b2:88:7e:80:99:90:93:10:f5:c0:ba:e4:1b:df:a3:69:
         60:f3:c0:4a:96:39:e6:94:d0:5d:32:df:93:82:41:ce:e7:e5:
         04:f9:31:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22m4yPDF3yHxj/FouCrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwMTAxMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2EzMjQ4ODU3ZGU3MTIyYTMwMWEzMWUxMzZmMTNhZDgwY2FjOTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscgsFtS1bYufG5LGYnF0kaoWl6JD
yDVK+VjTWbE5RJiUZ6VIhuxzNFZZzZ23YgYzaXUzbQdsL6lUNL8cn/vEK7FJnKa3
Wan+1WgqFIqrk9dJ2SrVtxgZjwQfmemS9E3tHb78ZNa/9YrIjc6y5baoYeAAsR9P
1RrV0RWntLcnnzgY8zDGreiPuAGR0nOYnePAQ3jW9Bfe9wmdJtY8hpelkAwpU1nB
iB7HtwHflL+nrCS025C0eFDlMqxmP0WutZUn9x+tLzV/8dYnYmciuL+FEfm9lwZq
f41bAj0LJeFhdBes9CMapN1TB0tk9wo+zw3DCdVLZzhm6dEUxSvoBcwd9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDyjJIhX3nEiowGjHhNvE62AysloMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvUEtNa2lGZmVjU0tqQWFNZUUyOFRyWURLeVdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhzjMA0G
CSqGSIb3DQEBCwUAA4IBAQBPtO9HyNaD/Unj7h7rVcImJwgrwlW0bdvbIMHDKEFR
Ez2MbWlK22A1X/1oEnql8V1RcriTO9DLDzpk+HeGSn60i7x0Fw4rL/BUZ8TLD06n
gizOZcbgnUmthuSal52OfgrlnUw8RseZbGVIapm4c+udPszasSy+comum++FX+Xv
hmw4AHTm+/55dKGa4aiojyKiN6h4DX84CFjvUBmXOgZRg+pbf2mcVGQpCCuXKBXN
vdcvJmTDfBxwiFlCkrtP5bJRaa9pyMlsPBsUoymoo/ygDvMisUtCMVtU3bKIfoCZ
kJMQ9cC65Bvfo2lg88BKljnmlNBdMt+TgkHO5+UE+TGz
-----END CERTIFICATE-----