Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/pw1_qD5J6o76enPdGNTr_4Viub8.roa
File:                     pw1_qD5J6o76enPdGNTr_4Viub8.roa (raw, json)
Hash identifier:          L6pLEncIISYEMGBKzu7DbyUXVYEOgT4kfh4modTEATA=
Subject key identifier:   A7:0D:7F:A8:3E:49:EA:8E:FA:7A:73:DD:18:D4:EB:FF:85:62:B9:BF
Certificate issuer:       /CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
Certificate serial:       01941FFA9B81AF7340EA7B3F0023F1560F3D
Authority key identifier: E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/pw1_qD5J6o76enPdGNTr_4Viub8.roa
Signing time:             Wed 01 Jan 2025 03:48:25 +0000
ROA not before:           Wed 01 Jan 2025 03:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        194.38.16.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:9b:81:af:73:40:ea:7b:3f:00:23:f1:56:0f:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
        Validity
            Not Before: Jan  1 03:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a70d7fa83e49ea8efa7a73dd18d4ebff8562b9bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:dc:92:44:8b:2f:61:c1:29:79:cf:81:c3:2d:
                    f9:0a:7d:e9:4b:22:0e:bd:0b:84:3d:14:3c:03:4e:
                    33:d5:54:5d:1e:75:ff:7c:cf:dd:57:77:45:f4:3c:
                    d9:f4:d0:ef:69:83:c2:c9:16:d7:c5:23:76:48:27:
                    1a:94:04:06:6a:76:23:5e:48:5f:23:be:e5:44:99:
                    dc:2a:7b:8d:85:7e:24:2a:07:74:34:e1:9b:08:86:
                    39:57:fb:59:77:e5:58:0d:b1:af:ce:36:ac:98:f4:
                    03:87:dc:27:6d:c6:21:e6:94:13:fe:24:19:f2:85:
                    66:2b:6d:4f:14:a2:a6:b0:f0:46:26:e6:13:c3:92:
                    9d:9a:d2:2c:12:db:8f:77:5d:71:8e:a7:de:ea:dc:
                    d3:8c:0f:f0:4e:ab:b2:44:b0:76:c7:d4:e4:24:ee:
                    a2:05:9b:48:f0:ef:3d:73:bd:99:d3:93:90:ef:dc:
                    7a:f4:ee:2b:5d:f4:12:50:c2:91:3f:d6:63:f6:af:
                    a8:fd:34:31:6d:ac:b2:df:b2:d9:ee:4b:6d:54:92:
                    c3:ca:ad:28:ca:1a:3f:ef:42:5c:2e:08:7b:8f:cd:
                    97:c9:4c:ff:bd:16:a2:59:c1:58:71:92:4a:a2:6b:
                    87:10:4a:33:5f:7a:f4:68:70:f6:bb:11:30:d1:8f:
                    24:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:0D:7F:A8:3E:49:EA:8E:FA:7A:73:DD:18:D4:EB:FF:85:62:B9:BF
            X509v3 Authority Key Identifier:
                keyid:E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/pw1_qD5J6o76enPdGNTr_4Viub8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.38.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:96:83:76:44:d2:e4:6e:98:cf:d5:06:4c:11:bd:1c:60:1f:
         2a:d7:77:8b:63:c6:d9:01:22:72:b2:d1:bb:fa:83:17:40:3a:
         39:02:54:3c:c9:43:59:7f:77:72:04:64:63:17:b3:fd:bc:e9:
         e0:b8:43:29:a9:cd:a7:20:dd:98:68:5e:74:6e:7e:8f:7b:d7:
         2d:be:3c:b1:67:22:41:fd:7e:87:f8:e8:fd:fd:9b:ce:fa:72:
         d2:25:96:e3:29:53:da:3b:a5:be:2d:3f:cf:f9:0c:c7:42:e0:
         90:1a:8d:fc:a9:16:38:21:1c:8b:ed:80:41:5e:2b:fd:dc:31:
         65:34:18:60:63:9e:a0:4a:2f:b2:95:35:f5:26:e7:e7:e1:a8:
         39:53:50:12:f4:46:50:86:58:0c:df:05:2e:52:7b:ba:31:b4:
         b9:e5:6c:25:e1:f9:46:49:7a:7e:96:82:f2:be:e9:4d:5f:22:
         ae:ac:4e:32:3d:f8:31:8f:0d:da:4b:41:ca:84:ce:94:73:3f:
         7d:d8:e9:74:e8:45:7b:f4:6c:33:8f:09:81:5b:ef:4b:b3:0f:
         a5:d9:de:77:e6:40:58:b8:20:05:80:20:c2:f1:46:af:9f:4b:
         3f:3c:61:11:4a:5f:23:05:6b:6f:72:84:f3:6e:f5:9b:95:56:
         e6:02:a9:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+puBr3NA6ns/ACPxVg89MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NmQwZGFiMzQ3YTM4ZTJiODdiNWEyMmEyZjdjOWUyMWMx
OGM5YmMwHhcNMjUwMTAxMDM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzBkN2ZhODNlNDllYThlZmE3YTczZGQxOGQ0ZWJmZjg1NjJiOWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9ySRIsvYcEpec+Bwy35Cn3pSyIO
vQuEPRQ8A04z1VRdHnX/fM/dV3dF9DzZ9NDvaYPCyRbXxSN2SCcalAQGanYjXkhf
I77lRJncKnuNhX4kKgd0NOGbCIY5V/tZd+VYDbGvzjasmPQDh9wnbcYh5pQT/iQZ
8oVmK21PFKKmsPBGJuYTw5KdmtIsEtuPd11xjqfe6tzTjA/wTquyRLB2x9TkJO6i
BZtI8O89c72Z05OQ79x69O4rXfQSUMKRP9Zj9q+o/TQxbayy37LZ7kttVJLDyq0o
yho/70JcLgh7j82XyUz/vRaiWcFYcZJKomuHEEozX3r0aHD2uxEw0Y8kRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKcNf6g+SeqO+npz3RjU6/+FYrm/MB8GA1UdIwQY
MBaAFOdtDas0ejjiuHtaIqL3yeIcGMm8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDkt
YmQzYmZjOTliZGE5LzEvcHcxX3FENUo2bzc2ZW5QZEdOVHJfNFZpdWI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDktYmQzYmZjOTliZGE5
LzEvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiYQMA0G
CSqGSIb3DQEBCwUAA4IBAQBTloN2RNLkbpjP1QZMEb0cYB8q13eLY8bZASJystG7
+oMXQDo5AlQ8yUNZf3dyBGRjF7P9vOnguEMpqc2nIN2YaF50bn6Pe9ctvjyxZyJB
/X6H+Oj9/ZvO+nLSJZbjKVPaO6W+LT/P+QzHQuCQGo38qRY4IRyL7YBBXiv93DFl
NBhgY56gSi+ylTX1Jufn4ag5U1AS9EZQhlgM3wUuUnu6MbS55Wwl4flGSXp+loLy
vulNXyKurE4yPfgxjw3aS0HKhM6Ucz992Ol06EV79GwzjwmBW+9Lsw+l2d535kBY
uCAFgCDC8Uavn0s/PGERSl8jBWtvcoTzbvWblVbmAqkg
-----END CERTIFICATE-----