Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/3c08f1-96e0-4c54-a466-07d4b115cc82/1/PWAG0JobFS7yvsldTY9OX-6bLGU.roa
File:                     PWAG0JobFS7yvsldTY9OX-6bLGU.roa (raw, json)
Hash identifier:          XiYdeRszyb+qmr9Wx7RTN+cKBYqOpTlV7LlN2LK4JK4=
Subject key identifier:   3D:60:06:D0:9A:1B:15:2E:F2:BE:C9:5D:4D:8F:4E:5F:EE:9B:2C:65
Certificate issuer:       /CN=6f98d1f99e3833ef401d46348eec8b752088c55d
Certificate serial:       018CC795279A141AE95B4F4CE2D81010663C
Authority key identifier: 6F:98:D1:F9:9E:38:33:EF:40:1D:46:34:8E:EC:8B:75:20:88:C5:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b5jR-Z44M-9AHUY0juyLdSCIxV0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/3c08f1-96e0-4c54-a466-07d4b115cc82/1/PWAG0JobFS7yvsldTY9OX-6bLGU.roa
Signing time:             Tue 02 Jan 2024 00:31:30 +0000
ROA not before:           Tue 02 Jan 2024 00:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212003
IP address blocks:        176.126.158.0/24 maxlen: 24
                          176.126.158.0/23 maxlen: 23
                          176.126.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/3c08f1-96e0-4c54-a466-07d4b115cc82/1/b5jR-Z44M-9AHUY0juyLdSCIxV0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/3c08f1-96e0-4c54-a466-07d4b115cc82/1/b5jR-Z44M-9AHUY0juyLdSCIxV0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b5jR-Z44M-9AHUY0juyLdSCIxV0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:27:9a:14:1a:e9:5b:4f:4c:e2:d8:10:10:66:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f98d1f99e3833ef401d46348eec8b752088c55d
        Validity
            Not Before: Jan  2 00:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d6006d09a1b152ef2bec95d4d8f4e5fee9b2c65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d0:9d:06:fc:5f:53:19:7a:96:0c:28:10:32:
                    e4:c6:d2:d1:ab:48:4a:86:a3:c1:6e:8a:d3:0c:aa:
                    0f:0b:e9:16:77:84:3e:65:00:ec:aa:2e:42:76:d1:
                    a4:c0:16:07:81:64:cb:e7:48:67:b2:a1:5f:65:9a:
                    e5:23:97:d0:bd:23:ca:25:45:f9:c3:a8:c6:19:25:
                    4c:e5:40:e3:89:75:97:bd:31:05:8e:b0:a9:c0:82:
                    15:4a:2f:08:c6:02:e0:ba:7b:4e:11:3d:78:e1:23:
                    1c:b1:7c:df:8f:02:ae:87:5e:db:ce:7d:72:a4:77:
                    dc:e0:41:89:36:79:f7:3d:c7:6f:f5:77:88:2a:b0:
                    08:c7:a9:52:cd:13:64:b3:27:7d:11:9e:00:36:f8:
                    8a:cf:9b:14:d3:9a:90:b5:32:29:56:4f:5f:b7:ca:
                    61:1a:62:f1:d7:ba:3e:8a:d3:8b:65:aa:1e:e8:d9:
                    96:ee:90:46:fa:fc:b8:29:a4:ed:48:ef:13:34:85:
                    5a:d5:08:7c:4b:86:29:4d:39:b4:a8:50:a5:e2:fd:
                    48:40:2e:09:95:0a:42:da:32:28:72:ef:c6:65:fd:
                    29:d1:9d:79:60:01:79:e9:77:7d:67:df:d8:59:06:
                    d5:0c:d9:44:f4:33:79:43:28:4c:a6:54:1d:c6:97:
                    1f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:60:06:D0:9A:1B:15:2E:F2:BE:C9:5D:4D:8F:4E:5F:EE:9B:2C:65
            X509v3 Authority Key Identifier:
                keyid:6F:98:D1:F9:9E:38:33:EF:40:1D:46:34:8E:EC:8B:75:20:88:C5:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5jR-Z44M-9AHUY0juyLdSCIxV0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/3c08f1-96e0-4c54-a466-07d4b115cc82/1/PWAG0JobFS7yvsldTY9OX-6bLGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/3c08f1-96e0-4c54-a466-07d4b115cc82/1/b5jR-Z44M-9AHUY0juyLdSCIxV0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.126.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:77:0e:10:e6:7e:69:e7:58:1d:5b:6b:99:eb:c9:d0:36:c9:
         ec:25:bb:e5:20:14:ea:07:05:d7:3a:c1:96:a3:07:84:ac:8b:
         90:f5:93:b9:24:3e:0c:bf:78:9d:b4:5c:74:5c:93:e2:34:8c:
         8a:ff:28:ee:b9:9a:92:68:48:79:f3:9d:03:bd:cc:8b:8e:aa:
         4f:e4:22:05:92:eb:ae:2e:e9:09:ea:82:e7:ac:dd:7a:fc:0f:
         2b:1e:11:84:ff:b3:d7:7a:8d:c7:a6:27:71:6d:14:84:1b:2a:
         7c:30:0c:2b:45:d2:ac:79:ea:3a:a6:b1:af:fe:a7:fb:53:e9:
         99:f7:72:81:52:44:7a:14:08:67:fb:85:25:47:e1:a8:75:e2:
         00:62:45:06:0c:f9:4a:69:33:c7:fe:02:68:64:dd:26:a6:94:
         b8:c1:ff:96:f4:70:78:61:1e:70:d1:21:a9:42:53:2b:dc:39:
         6a:ae:cc:ce:3c:eb:2b:7a:0f:49:83:6c:ca:9f:4d:a5:de:ad:
         13:44:49:d8:6c:55:34:70:f9:35:28:34:1e:ea:ca:3c:47:f3:
         54:5b:e7:ec:0d:b7:54:78:f0:37:35:68:d6:b0:b4:89:a6:00:
         60:d1:bf:20:56:06:25:d2:00:80:41:7e:e4:71:f2:8e:7e:46:
         97:5b:ff:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSeaFBrpW09M4tgQEGY8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmOThkMWY5OWUzODMzZWY0MDFkNDYzNDhlZWM4Yjc1MjA4
OGM1NWQwHhcNMjQwMTAyMDAzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDYwMDZkMDlhMWIxNTJlZjJiZWM5NWQ0ZDhmNGU1ZmVlOWIyYzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9CdBvxfUxl6lgwoEDLkxtLRq0hK
hqPBborTDKoPC+kWd4Q+ZQDsqi5CdtGkwBYHgWTL50hnsqFfZZrlI5fQvSPKJUX5
w6jGGSVM5UDjiXWXvTEFjrCpwIIVSi8IxgLguntOET144SMcsXzfjwKuh17bzn1y
pHfc4EGJNnn3Pcdv9XeIKrAIx6lSzRNksyd9EZ4ANviKz5sU05qQtTIpVk9ft8ph
GmLx17o+itOLZaoe6NmW7pBG+vy4KaTtSO8TNIVa1Qh8S4YpTTm0qFCl4v1IQC4J
lQpC2jIocu/GZf0p0Z15YAF56Xd9Z9/YWQbVDNlE9DN5QyhMplQdxpcfmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD1gBtCaGxUu8r7JXU2PTl/umyxlMB8GA1UdIwQY
MBaAFG+Y0fmeODPvQB1GNI7si3UgiMVdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjVqUi1aNDRNLTlBSFVZMGp1eUxkU0NJeFYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8zYzA4ZjEtOTZlMC00YzU0LWE0NjYt
MDdkNGIxMTVjYzgyLzEvUFdBRzBKb2JGUzd5dnNsZFRZOU9YLTZiTEdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8zYzA4ZjEtOTZlMC00YzU0LWE0NjYtMDdkNGIxMTVjYzgy
LzEvYjVqUi1aNDRNLTlBSFVZMGp1eUxkU0NJeFYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsH6eMA0G
CSqGSIb3DQEBCwUAA4IBAQBXdw4Q5n5p51gdW2uZ68nQNsnsJbvlIBTqBwXXOsGW
oweErIuQ9ZO5JD4Mv3idtFx0XJPiNIyK/yjuuZqSaEh5850DvcyLjqpP5CIFkuuu
LukJ6oLnrN16/A8rHhGE/7PXeo3HpidxbRSEGyp8MAwrRdKseeo6prGv/qf7U+mZ
93KBUkR6FAhn+4UlR+GodeIAYkUGDPlKaTPH/gJoZN0mppS4wf+W9HB4YR5w0SGp
QlMr3DlqrszOPOsreg9Jg2zKn02l3q0TREnYbFU0cPk1KDQe6so8R/NUW+fsDbdU
ePA3NWjWsLSJpgBg0b8gVgYl0gCAQX7kcfKOfkaXW/8z
-----END CERTIFICATE-----