Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/pwdlb--yOjorbcCQL2QR9oUUpWI.roa
File:                     pwdlb--yOjorbcCQL2QR9oUUpWI.roa (raw, json)
Hash identifier:          1klYczNt5J1n/8K98SAjHgNfDm84PABZ1H0MBugMFMQ=
Subject key identifier:   A7:07:65:6F:EF:B2:3A:3A:2B:6D:C0:90:2F:64:11:F6:85:14:A5:62
Certificate issuer:       /CN=3e25ab6985f79ca9de06e98e8b9da245d8559ab6
Certificate serial:       0194EF1BBEAAF34372CC1E8F0FEFA14DC812
Authority key identifier: 3E:25:AB:69:85:F7:9C:A9:DE:06:E9:8E:8B:9D:A2:45:D8:55:9A:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PiWraYX3nKneBumOi52iRdhVmrY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/pwdlb--yOjorbcCQL2QR9oUUpWI.roa
Signing time:             Mon 10 Feb 2025 09:06:00 +0000
ROA not before:           Mon 10 Feb 2025 09:06:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211560
IP address blocks:        91.151.94.0/24 maxlen: 24
                          185.137.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/PiWraYX3nKneBumOi52iRdhVmrY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/PiWraYX3nKneBumOi52iRdhVmrY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PiWraYX3nKneBumOi52iRdhVmrY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 06:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ef:1b:be:aa:f3:43:72:cc:1e:8f:0f:ef:a1:4d:c8:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e25ab6985f79ca9de06e98e8b9da245d8559ab6
        Validity
            Not Before: Feb 10 09:06:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a707656fefb23a3a2b6dc0902f6411f68514a562
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:77:85:4f:87:dd:d9:5f:9d:a8:38:64:38:47:
                    2d:60:01:0e:35:60:a3:60:6c:f2:88:30:69:cd:1e:
                    50:37:60:93:81:e3:d5:12:60:6b:99:d8:73:58:7e:
                    7a:74:02:5c:2c:16:cd:77:a3:8e:6e:21:f0:84:24:
                    95:54:36:a0:2e:1a:45:27:8c:bc:77:e5:c1:d3:7e:
                    0f:9f:28:6f:79:9b:55:fc:20:24:4b:86:91:56:77:
                    79:8c:70:cd:60:61:2e:ef:e3:4f:14:5e:18:b7:c8:
                    07:9d:66:38:db:46:6e:96:2d:fd:bd:0e:ef:18:60:
                    69:a1:c2:1e:e5:31:74:19:00:56:83:ce:72:fe:b1:
                    72:c3:fc:e0:aa:9d:9a:58:58:75:c1:b0:53:aa:8c:
                    be:64:29:24:b9:34:26:5e:26:b3:b5:61:13:a3:68:
                    8f:30:d2:10:af:9e:72:8a:97:8e:25:c3:28:ee:40:
                    c1:b4:dc:c5:09:22:be:f0:97:1b:6b:cd:a3:1c:12:
                    7f:e3:8e:e3:90:c2:46:31:40:f2:0c:eb:1f:a5:ed:
                    fd:57:6e:e5:12:46:f2:a0:ed:d8:34:30:3b:46:57:
                    ac:08:22:c9:96:04:46:21:c2:c3:bc:7e:8c:ad:a4:
                    fe:f2:31:ee:4b:e7:33:6c:c8:66:90:37:a5:66:55:
                    64:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:07:65:6F:EF:B2:3A:3A:2B:6D:C0:90:2F:64:11:F6:85:14:A5:62
            X509v3 Authority Key Identifier:
                keyid:3E:25:AB:69:85:F7:9C:A9:DE:06:E9:8E:8B:9D:A2:45:D8:55:9A:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PiWraYX3nKneBumOi52iRdhVmrY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/pwdlb--yOjorbcCQL2QR9oUUpWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/PiWraYX3nKneBumOi52iRdhVmrY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.151.94.0/24
                  185.137.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:e9:b9:0d:cd:c5:85:8e:a3:4d:c1:af:c8:c5:04:0d:36:95:
         35:50:17:64:bf:ab:ac:ed:78:13:fd:f4:2a:c7:d6:30:9e:b6:
         81:59:77:8d:a1:06:6c:03:e7:4a:f6:e9:96:df:a8:63:80:c8:
         45:8b:5b:7b:1f:39:18:dc:f1:f9:e1:60:84:23:c3:7b:68:f0:
         0a:b8:ef:f5:db:59:2c:d0:8b:8b:17:f7:83:57:60:41:1e:06:
         89:a0:0f:f3:9c:ee:13:f8:22:f2:4a:58:66:6d:6b:34:57:1f:
         e0:17:f3:4e:03:61:9a:0d:98:f0:fc:1b:a5:2d:ee:56:b8:53:
         98:b2:3a:37:c1:7b:8f:8c:88:4a:a1:17:d4:fb:1a:64:a7:64:
         4e:4d:e4:03:d9:a5:6a:07:7c:30:ea:96:dc:11:ee:b6:63:4b:
         ed:0e:ee:71:56:01:d0:ed:e4:51:b4:9a:db:8d:2d:a4:87:4a:
         d6:d4:ef:55:98:d9:60:1b:55:ad:56:75:77:5a:0d:39:aa:9d:
         77:97:f9:df:69:15:f1:d3:69:8c:1f:9f:f3:b2:32:3f:30:ec:
         a6:5a:ef:b5:6a:2a:31:af:1b:0a:33:84:7e:12:13:5a:87:7e:
         66:83:b9:f3:22:43:40:0c:26:db:4e:b7:f2:63:57:5c:6f:52:
         da:b9:8a:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZTvG76q80NyzB6PD++hTcgSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMjVhYjY5ODVmNzljYTlkZTA2ZTk4ZThiOWRhMjQ1ZDg1
NTlhYjYwHhcNMjUwMjEwMDkwNjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzA3NjU2ZmVmYjIzYTNhMmI2ZGMwOTAyZjY0MTFmNjg1MTRhNTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3eFT4fd2V+dqDhkOEctYAEONWCj
YGzyiDBpzR5QN2CTgePVEmBrmdhzWH56dAJcLBbNd6OObiHwhCSVVDagLhpFJ4y8
d+XB034PnyhveZtV/CAkS4aRVnd5jHDNYGEu7+NPFF4Yt8gHnWY420Zuli39vQ7v
GGBpocIe5TF0GQBWg85y/rFyw/zgqp2aWFh1wbBTqoy+ZCkkuTQmXiaztWETo2iP
MNIQr55yipeOJcMo7kDBtNzFCSK+8Jcba82jHBJ/447jkMJGMUDyDOsfpe39V27l
EkbyoO3YNDA7RlesCCLJlgRGIcLDvH6MraT+8jHuS+czbMhmkDelZlVk8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKcHZW/vsjo6K23AkC9kEfaFFKViMB8GA1UdIwQY
MBaAFD4lq2mF95yp3gbpjoudokXYVZq2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGlXcmFZWDNuS25lQnVtT2k1MmlSZGhWbXJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS8yMmQxNzUtYzcxZC00NjM3LWEwOTAt
YjE5YWQ1NDU1YmZkLzEvcHdkbGItLXlPam9yYmNDUUwyUVI5b1VVcFdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS8yMmQxNzUtYzcxZC00NjM3LWEwOTAtYjE5YWQ1NDU1YmZk
LzEvUGlXcmFZWDNuS25lQnVtT2k1MmlSZGhWbXJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW5deAwQA
uYliMA0GCSqGSIb3DQEBCwUAA4IBAQAA6bkNzcWFjqNNwa/IxQQNNpU1UBdkv6us
7XgT/fQqx9YwnraBWXeNoQZsA+dK9umW36hjgMhFi1t7HzkY3PH54WCEI8N7aPAK
uO/121ks0IuLF/eDV2BBHgaJoA/znO4T+CLySlhmbWs0Vx/gF/NOA2GaDZjw/Bul
Le5WuFOYsjo3wXuPjIhKoRfU+xpkp2ROTeQD2aVqB3ww6pbcEe62Y0vtDu5xVgHQ
7eRRtJrbjS2kh0rW1O9VmNlgG1WtVnV3Wg05qp13l/nfaRXx02mMH5/zsjI/MOym
Wu+1aioxrxsKM4R+EhNah35mg7nzIkNADCbbTrfyY1dcb1LauYre
-----END CERTIFICATE-----