Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/3cc89e-76df-46b3-9f14-a38dda13a608/1/PcjWjpUtmFinWo7ELAEQslqWBsM.roa
File:                     PcjWjpUtmFinWo7ELAEQslqWBsM.roa (raw, json)
Hash identifier:          TGEAC8mqc/mgrJuJXZv/aTooWTDWqBHp0u7ZR/0it7w=
Subject key identifier:   3D:C8:D6:8E:95:2D:98:58:A7:5A:8E:C4:2C:01:10:B2:5A:96:06:C3
Certificate issuer:       /CN=25d9016727cea947bdb48b3a7de7e2071be4580a
Certificate serial:       018CC4936536E5E68F1ABAE442EABE0B6B6F
Authority key identifier: 25:D9:01:67:27:CE:A9:47:BD:B4:8B:3A:7D:E7:E2:07:1B:E4:58:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JdkBZyfOqUe9tIs6fefiBxvkWAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/3cc89e-76df-46b3-9f14-a38dda13a608/1/PcjWjpUtmFinWo7ELAEQslqWBsM.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203628
IP address blocks:        185.129.32.0/22 maxlen: 22
                          195.85.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/3cc89e-76df-46b3-9f14-a38dda13a608/1/JdkBZyfOqUe9tIs6fefiBxvkWAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/3cc89e-76df-46b3-9f14-a38dda13a608/1/JdkBZyfOqUe9tIs6fefiBxvkWAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JdkBZyfOqUe9tIs6fefiBxvkWAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:65:36:e5:e6:8f:1a:ba:e4:42:ea:be:0b:6b:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25d9016727cea947bdb48b3a7de7e2071be4580a
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3dc8d68e952d9858a75a8ec42c0110b25a9606c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:b8:71:62:de:28:2d:84:eb:05:c9:f1:83:b0:
                    a3:8e:50:b3:14:94:14:c0:2a:a2:e5:7a:48:04:ea:
                    6c:bf:7c:ea:7b:6b:7b:11:cb:57:cc:ed:22:4d:0b:
                    ac:47:92:21:22:64:17:75:8b:9a:d0:91:97:32:77:
                    03:bc:cd:68:02:45:41:f2:30:11:d9:77:6f:9a:86:
                    d3:9d:d8:3b:a2:cc:b1:ba:9c:b6:ff:56:39:d1:6d:
                    73:af:f2:73:98:21:89:be:d8:45:7a:54:86:7a:21:
                    97:81:2d:60:81:43:1f:21:16:85:33:86:16:2e:4d:
                    9e:ed:7a:7e:75:b9:58:8e:25:93:a0:2f:ed:a2:c6:
                    80:8f:db:4c:5f:85:3c:1b:d7:24:a0:2c:03:ef:b6:
                    48:2a:17:45:e2:a8:a7:81:33:f0:e1:d2:e1:34:e9:
                    f0:c3:26:a1:16:0c:9b:11:fa:92:06:ba:0c:af:01:
                    bc:6d:98:3c:44:a9:15:11:35:ba:88:33:c1:2b:13:
                    97:6c:49:05:9c:3a:67:c9:af:a4:65:21:89:66:85:
                    1d:e7:58:4b:61:e5:54:31:32:35:a2:71:e6:a9:38:
                    aa:56:cb:28:dc:8c:ae:29:72:28:a2:39:1b:ee:e7:
                    f5:6b:29:20:8f:d3:aa:7d:5e:27:3b:9a:ce:e1:a1:
                    8e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:C8:D6:8E:95:2D:98:58:A7:5A:8E:C4:2C:01:10:B2:5A:96:06:C3
            X509v3 Authority Key Identifier:
                keyid:25:D9:01:67:27:CE:A9:47:BD:B4:8B:3A:7D:E7:E2:07:1B:E4:58:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JdkBZyfOqUe9tIs6fefiBxvkWAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/3cc89e-76df-46b3-9f14-a38dda13a608/1/PcjWjpUtmFinWo7ELAEQslqWBsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/3cc89e-76df-46b3-9f14-a38dda13a608/1/JdkBZyfOqUe9tIs6fefiBxvkWAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.32.0/22
                  195.85.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:6d:3e:5e:4f:7d:4f:0d:e2:f1:c5:9f:4e:71:df:b1:ef:73:
         96:ed:39:0a:e4:a0:32:30:1d:ee:56:80:e4:25:38:62:f0:f7:
         c9:42:a6:2e:e5:c4:d8:8c:2d:7b:51:95:3a:8e:5a:36:08:ed:
         e2:9a:0c:b0:a8:b2:00:7d:58:76:e0:eb:c9:a5:da:eb:35:90:
         44:a0:db:76:34:b8:6b:48:c8:6e:65:15:c6:74:22:62:00:1a:
         07:c9:02:ce:b3:17:49:06:0f:f9:dc:4b:23:3e:6b:73:2e:92:
         80:26:a3:30:65:85:90:46:20:2f:7a:85:1f:26:09:e5:a9:19:
         60:82:37:82:b6:fa:3e:b7:88:b7:bf:39:34:88:01:08:57:8f:
         3f:e9:37:77:1c:11:0c:b6:c6:58:09:d1:62:54:4a:3a:26:78:
         fb:b2:7b:ce:15:b7:00:64:87:1e:11:3f:66:4e:33:2a:0d:90:
         42:5e:24:55:4a:72:9a:19:1a:54:6d:79:2a:5a:d9:74:06:6c:
         29:ef:cb:e4:9a:c3:e9:c0:8d:2d:e7:f1:15:b5:d2:44:f6:d6:
         cf:0e:87:a3:29:48:52:72:ea:fc:0a:2d:a4:e2:19:43:2c:08:
         70:c7:15:3e:81:35:95:fb:48:8c:a2:80:61:c0:88:7b:b2:f1:
         cd:ca:78:f4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk2U25eaPGrrkQuq+C2tvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZDkwMTY3MjdjZWE5NDdiZGI0OGIzYTdkZTdlMjA3MWJl
NDU4MGEwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGM4ZDY4ZTk1MmQ5ODU4YTc1YThlYzQyYzAxMTBiMjVhOTYwNmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LhxYt4oLYTrBcnxg7CjjlCzFJQU
wCqi5XpIBOpsv3zqe2t7EctXzO0iTQusR5IhImQXdYua0JGXMncDvM1oAkVB8jAR
2XdvmobTndg7osyxupy2/1Y50W1zr/JzmCGJvthFelSGeiGXgS1ggUMfIRaFM4YW
Lk2e7Xp+dblYjiWToC/tosaAj9tMX4U8G9ckoCwD77ZIKhdF4qingTPw4dLhNOnw
wyahFgybEfqSBroMrwG8bZg8RKkVETW6iDPBKxOXbEkFnDpnya+kZSGJZoUd51hL
YeVUMTI1onHmqTiqVsso3IyuKXIoojkb7uf1aykgj9OqfV4nO5rO4aGO+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD3I1o6VLZhYp1qOxCwBELJalgbDMB8GA1UdIwQY
MBaAFCXZAWcnzqlHvbSLOn3n4gcb5FgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmRrQlp5Zk9xVWU5dElzNmZlZmlCeHZrV0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zY2M4OWUtNzZkZi00NmIzLTlmMTQt
YTM4ZGRhMTNhNjA4LzEvUGNqV2pwVXRtRmluV283RUxBRVFzbHFXQnNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zY2M4OWUtNzZkZi00NmIzLTlmMTQtYTM4ZGRhMTNhNjA4
LzEvSmRrQlp5Zk9xVWU5dElzNmZlZmlCeHZrV0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuYEgAwQA
w1XjMA0GCSqGSIb3DQEBCwUAA4IBAQBdbT5eT31PDeLxxZ9Ocd+x73OW7TkK5KAy
MB3uVoDkJThi8PfJQqYu5cTYjC17UZU6jlo2CO3imgywqLIAfVh24OvJpdrrNZBE
oNt2NLhrSMhuZRXGdCJiABoHyQLOsxdJBg/53EsjPmtzLpKAJqMwZYWQRiAveoUf
JgnlqRlggjeCtvo+t4i3vzk0iAEIV48/6Td3HBEMtsZYCdFiVEo6Jnj7snvOFbcA
ZIceET9mTjMqDZBCXiRVSnKaGRpUbXkqWtl0Bmwp78vkmsPpwI0t5/EVtdJE9tbP
DoejKUhScur8Ci2k4hlDLAhwxxU+gTWV+0iMooBhwIh7svHNynj0
-----END CERTIFICATE-----