Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/f83d09-3413-4651-96ce-8fb5244bc256/1/PwxQMG9ujj6pfZhzC7G_kz3NsYA.roa
File:                     PwxQMG9ujj6pfZhzC7G_kz3NsYA.roa (raw, json)
Hash identifier:          09V39ykqveB1AyZv1j7X/quqHqzhf0uH/toO7YLzAy0=
Subject key identifier:   3F:0C:50:30:6F:6E:8E:3E:A9:7D:98:73:0B:B1:BF:93:3D:CD:B1:80
Certificate issuer:       /CN=23f5c2585382084792f13ad197205efdd2752df2
Certificate serial:       0198EA7AF88837228A4FE573556DBCA1A3D7
Authority key identifier: 23:F5:C2:58:53:82:08:47:92:F1:3A:D1:97:20:5E:FD:D2:75:2D:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I_XCWFOCCEeS8TrRlyBe_dJ1LfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/f83d09-3413-4651-96ce-8fb5244bc256/1/PwxQMG9ujj6pfZhzC7G_kz3NsYA.roa
Signing time:             Wed 27 Aug 2025 07:43:04 +0000
ROA not before:           Wed 27 Aug 2025 07:43:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39686
IP address blocks:        91.220.123.0/24 maxlen: 24
                          185.245.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/f83d09-3413-4651-96ce-8fb5244bc256/1/I_XCWFOCCEeS8TrRlyBe_dJ1LfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/f83d09-3413-4651-96ce-8fb5244bc256/1/I_XCWFOCCEeS8TrRlyBe_dJ1LfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I_XCWFOCCEeS8TrRlyBe_dJ1LfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ea:7a:f8:88:37:22:8a:4f:e5:73:55:6d:bc:a1:a3:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23f5c2585382084792f13ad197205efdd2752df2
        Validity
            Not Before: Aug 27 07:43:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f0c50306f6e8e3ea97d98730bb1bf933dcdb180
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:67:ea:32:9d:34:b8:c8:30:96:7a:18:93:f2:
                    a3:e8:c4:1b:c0:e8:7a:7c:80:20:43:ba:2c:0b:9c:
                    4f:76:89:bd:78:43:c6:12:b2:b9:c6:f9:58:b8:b2:
                    b9:10:56:ab:34:a1:7a:df:1f:05:21:e7:cd:22:03:
                    0f:52:13:78:bd:e4:27:d6:97:8a:75:3d:72:49:ca:
                    42:cd:d3:01:89:77:b0:3b:17:f0:04:71:b0:05:7a:
                    87:5d:64:dd:f1:b5:2e:69:52:1d:cb:ae:85:95:f6:
                    af:cd:96:60:a9:e3:b9:10:3e:27:a9:97:06:ef:30:
                    96:28:89:00:c6:92:2d:d3:39:47:41:fd:ad:85:5d:
                    7c:71:82:51:41:8d:75:f9:3f:39:f6:cc:b7:f5:67:
                    34:e1:fa:74:83:94:70:40:ca:ac:c9:64:25:5c:d0:
                    d1:b9:46:df:3b:74:6f:50:ab:cb:10:92:e5:86:59:
                    5a:8b:79:b7:7b:a5:ac:b1:ba:5c:95:bc:42:fd:05:
                    39:17:0b:1e:65:77:9c:14:99:64:7a:38:01:71:3e:
                    c5:2d:6f:93:27:7d:13:c2:d8:66:22:d6:2b:73:2a:
                    a3:81:e0:27:43:6d:fa:e0:78:f3:7c:5e:26:4a:19:
                    cd:02:b8:bf:39:c9:10:a7:5d:73:53:ec:cb:42:45:
                    5a:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:0C:50:30:6F:6E:8E:3E:A9:7D:98:73:0B:B1:BF:93:3D:CD:B1:80
            X509v3 Authority Key Identifier:
                keyid:23:F5:C2:58:53:82:08:47:92:F1:3A:D1:97:20:5E:FD:D2:75:2D:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I_XCWFOCCEeS8TrRlyBe_dJ1LfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/f83d09-3413-4651-96ce-8fb5244bc256/1/PwxQMG9ujj6pfZhzC7G_kz3NsYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/f83d09-3413-4651-96ce-8fb5244bc256/1/I_XCWFOCCEeS8TrRlyBe_dJ1LfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.123.0/24
                  185.245.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:ae:99:74:07:b4:a6:b2:df:a6:98:5f:9d:da:c2:29:f6:55:
         2c:47:6f:b9:00:7e:61:23:4e:cd:04:70:cb:dc:f9:28:e6:99:
         9b:9f:08:60:c1:62:a5:0c:05:70:37:0d:80:7f:0d:06:14:70:
         f4:2e:ce:b7:ab:1d:86:9e:cf:33:18:de:81:5a:8b:94:51:79:
         50:3e:27:57:98:70:48:68:7e:9c:21:c2:ef:a5:fb:1b:cd:73:
         14:dd:fe:d5:28:9f:6c:ba:9d:97:99:62:b4:16:ad:d2:1e:6f:
         f9:ce:c1:09:0f:6c:91:2f:17:d4:b0:61:13:df:80:4f:95:5e:
         5b:1d:37:f0:e3:d4:6a:fe:a4:b0:31:0f:e8:e9:ca:9a:12:91:
         dc:1a:9d:4d:89:22:af:28:c8:b1:51:e2:1c:0f:ec:7a:a5:49:
         40:79:31:d4:b0:b3:e3:fe:6b:bb:28:20:d1:7a:29:86:a9:bb:
         f4:71:7b:65:5e:7b:15:7c:4a:db:58:82:7c:b7:4c:a4:f6:88:
         52:3f:19:90:7f:a5:3d:53:a1:15:dc:86:32:30:f8:53:67:81:
         6f:37:e6:f1:82:58:e3:4b:a5:f6:d8:04:46:56:f7:42:2e:aa:
         23:9e:df:30:36:91:49:9f:14:fe:0a:86:6e:b4:72:5a:12:16:
         e3:fa:c8:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjqeviINyKKT+VzVW28oaPXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZjVjMjU4NTM4MjA4NDc5MmYxM2FkMTk3MjA1ZWZkZDI3
NTJkZjIwHhcNMjUwODI3MDc0MzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjBjNTAzMDZmNmU4ZTNlYTk3ZDk4NzMwYmIxYmY5MzNkY2RiMTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9mfqMp00uMgwlnoYk/Kj6MQbwOh6
fIAgQ7osC5xPdom9eEPGErK5xvlYuLK5EFarNKF63x8FIefNIgMPUhN4veQn1peK
dT1yScpCzdMBiXewOxfwBHGwBXqHXWTd8bUuaVIdy66FlfavzZZgqeO5ED4nqZcG
7zCWKIkAxpIt0zlHQf2thV18cYJRQY11+T859sy39Wc04fp0g5RwQMqsyWQlXNDR
uUbfO3RvUKvLEJLlhllai3m3e6WssbpclbxC/QU5FwseZXecFJlkejgBcT7FLW+T
J30TwthmItYrcyqjgeAnQ2364HjzfF4mShnNAri/OckQp11zU+zLQkVaPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD8MUDBvbo4+qX2Ycwuxv5M9zbGAMB8GA1UdIwQY
MBaAFCP1wlhTgghHkvE60ZcgXv3SdS3yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSV9YQ1dGT0NDRWVTOFRyUmx5QmVfZEoxTGZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9mODNkMDktMzQxMy00NjUxLTk2Y2Ut
OGZiNTI0NGJjMjU2LzEvUHd4UU1HOXVqajZwZlpoekM3R19rejNOc1lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9mODNkMDktMzQxMy00NjUxLTk2Y2UtOGZiNTI0NGJjMjU2
LzEvSV9YQ1dGT0NDRWVTOFRyUmx5QmVfZEoxTGZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9x7AwQA
ufUVMA0GCSqGSIb3DQEBCwUAA4IBAQB4rpl0B7Smst+mmF+d2sIp9lUsR2+5AH5h
I07NBHDL3Pko5pmbnwhgwWKlDAVwNw2Afw0GFHD0Ls63qx2Gns8zGN6BWouUUXlQ
PidXmHBIaH6cIcLvpfsbzXMU3f7VKJ9sup2XmWK0Fq3SHm/5zsEJD2yRLxfUsGET
34BPlV5bHTfw49Rq/qSwMQ/o6cqaEpHcGp1NiSKvKMixUeIcD+x6pUlAeTHUsLPj
/mu7KCDReimGqbv0cXtlXnsVfErbWIJ8t0yk9ohSPxmQf6U9U6EV3IYyMPhTZ4Fv
N+bxgljjS6X22ARGVvdCLqojnt8wNpFJnxT+CoZutHJaEhbj+sgZ
-----END CERTIFICATE-----