Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/pwMO6ssE5D-O8Xyj-6Cg12qPD5Q.roa
File:                     pwMO6ssE5D-O8Xyj-6Cg12qPD5Q.roa (raw, json)
Hash identifier:          jNpNRBAX1vK+/7+Nq5SPgMC/QUrkJvx5kFMoBcHUw5U=
Subject key identifier:   A7:03:0E:EA:CB:04:E4:3F:8E:F1:7C:A3:FB:A0:A0:D7:6A:8F:0F:94
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       019427B5B8E7A6120C8B24650F632BA1348C
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/pwMO6ssE5D-O8Xyj-6Cg12qPD5Q.roa
Signing time:             Thu 02 Jan 2025 15:50:08 +0000
ROA not before:           Thu 02 Jan 2025 15:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209737
IP address blocks:        80.246.224.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:b8:e7:a6:12:0c:8b:24:65:0f:63:2b:a1:34:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Jan  2 15:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7030eeacb04e43f8ef17ca3fba0a0d76a8f0f94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:c6:a3:35:10:60:5b:1d:86:4e:ee:bc:cb:f8:
                    95:cd:d9:2d:23:ae:03:8f:16:fb:3d:6a:34:7e:d5:
                    a5:d2:c9:fd:bf:b5:b6:d6:8b:80:70:f5:fe:55:6f:
                    a3:61:f9:c7:15:b6:bc:de:3e:0e:c6:02:f3:4a:99:
                    ca:60:9f:8b:2e:d6:03:a0:2a:66:3c:94:86:c9:b4:
                    d1:11:41:f3:de:6d:50:90:7e:5b:a0:13:ae:3f:17:
                    f5:3e:54:73:59:47:9e:68:92:64:c3:86:b3:0d:a6:
                    38:3a:7c:ce:a1:cf:61:d2:d9:86:c8:60:ad:49:d6:
                    3d:08:b5:c7:31:3a:54:7a:79:66:63:6e:93:42:98:
                    f0:d7:79:ec:11:3f:87:c1:a2:a9:00:96:9f:0c:7e:
                    ac:3a:3d:f7:63:a0:4a:a5:c5:25:3f:c6:72:83:fd:
                    8a:28:5a:e9:5a:0d:e0:2a:c8:cc:d4:95:71:08:c1:
                    84:b6:b2:32:c2:ea:c0:97:65:e5:33:bc:06:e4:df:
                    8e:a1:38:57:ce:71:50:73:fd:28:5d:cc:26:a8:67:
                    84:10:62:9f:2c:6d:47:78:67:a8:3d:da:e6:ef:ba:
                    81:74:5b:f3:13:24:2b:44:36:96:0a:a6:08:d2:8c:
                    df:f1:53:7f:a8:90:7f:19:78:8d:cc:0c:a2:fc:72:
                    e8:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:03:0E:EA:CB:04:E4:3F:8E:F1:7C:A3:FB:A0:A0:D7:6A:8F:0F:94
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/pwMO6ssE5D-O8Xyj-6Cg12qPD5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         30:a1:be:e7:bd:84:0f:87:16:09:42:78:6f:58:94:9f:e5:32:
         78:d4:d6:b7:ea:30:a1:38:0b:84:11:f4:75:5b:0c:ef:f8:6c:
         c0:df:ef:7d:e9:a8:59:d1:f7:5a:fe:5a:48:7f:f2:a0:9c:44:
         5f:61:0b:7c:10:ab:0d:73:05:bc:ab:03:9a:c5:34:58:f2:b2:
         30:5f:76:67:1d:6b:f0:d1:4c:1a:2c:b2:c5:90:69:fd:2b:a8:
         93:4d:6d:75:99:ff:62:1e:48:0d:c8:2e:d1:52:cc:d2:ba:3e:
         01:50:22:ea:34:c7:9d:d0:a7:98:68:ae:03:8d:cb:0e:36:9d:
         c2:28:f1:17:be:52:64:23:f3:f3:6c:d5:7b:6e:f4:c8:3c:6d:
         ca:c2:8f:d6:e0:8b:14:b6:ce:91:6a:b5:34:70:42:66:52:cd:
         2a:17:fc:c8:9e:a2:53:bd:f6:9b:e0:f5:43:a9:be:f1:ea:ad:
         8a:c2:ab:09:f7:19:b3:33:0e:a7:2e:4a:35:46:fc:6e:55:c7:
         ab:cb:1e:fe:a2:9e:05:a8:55:5e:bf:81:8d:13:54:24:81:d3:
         05:1c:80:04:95:b9:8a:0e:59:7f:56:79:23:53:fd:29:bf:72:
         23:0f:b2:9f:25:11:c1:ea:c0:6c:84:12:c3:50:a0:ac:ef:63:
         ba:4b:89:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntbjnphIMiyRlD2MroTSMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjUwMTAyMTU1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzAzMGVlYWNiMDRlNDNmOGVmMTdjYTNmYmEwYTBkNzZhOGYwZjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7sajNRBgWx2GTu68y/iVzdktI64D
jxb7PWo0ftWl0sn9v7W21ouAcPX+VW+jYfnHFba83j4OxgLzSpnKYJ+LLtYDoCpm
PJSGybTREUHz3m1QkH5boBOuPxf1PlRzWUeeaJJkw4azDaY4OnzOoc9h0tmGyGCt
SdY9CLXHMTpUenlmY26TQpjw13nsET+HwaKpAJafDH6sOj33Y6BKpcUlP8Zyg/2K
KFrpWg3gKsjM1JVxCMGEtrIywurAl2XlM7wG5N+OoThXznFQc/0oXcwmqGeEEGKf
LG1HeGeoPdrm77qBdFvzEyQrRDaWCqYI0ozf8VN/qJB/GXiNzAyi/HLoUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKcDDurLBOQ/jvF8o/ugoNdqjw+UMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvcHdNTzZzc0U1RC1POFh5ai02Q2cxMnFQRDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUPbgMA0G
CSqGSIb3DQEBCwUAA4IBAQAwob7nvYQPhxYJQnhvWJSf5TJ41Na36jChOAuEEfR1
Wwzv+GzA3+996ahZ0fda/lpIf/KgnERfYQt8EKsNcwW8qwOaxTRY8rIwX3ZnHWvw
0UwaLLLFkGn9K6iTTW11mf9iHkgNyC7RUszSuj4BUCLqNMed0KeYaK4DjcsONp3C
KPEXvlJkI/PzbNV7bvTIPG3Kwo/W4IsUts6RarU0cEJmUs0qF/zInqJTvfab4PVD
qb7x6q2KwqsJ9xmzMw6nLko1RvxuVceryx7+op4FqFVev4GNE1QkgdMFHIAElbmK
Dll/VnkjU/0pv3IjD7KfJRHB6sBshBLDUKCs72O6S4nP
-----END CERTIFICATE-----