Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/Pw99qaPGE-O_9hvPt3lYLi0DI4w.roa
File:                     Pw99qaPGE-O_9hvPt3lYLi0DI4w.roa (raw, json)
Hash identifier:          pi1Q6xYVVZGgwHmdNH26n5UfccjGbEggpTMp6ztU5rE=
Subject key identifier:   3F:0F:7D:A9:A3:C6:13:E3:BF:F6:1B:CF:B7:79:58:2E:2D:03:23:8C
Certificate issuer:       /CN=e22d7eae21d8baee9de6940d8ce6b29d92a9031e
Certificate serial:       018E38EAA46C63D39559251446EE76686D87
Authority key identifier: E2:2D:7E:AE:21:D8:BA:EE:9D:E6:94:0D:8C:E6:B2:9D:92:A9:03:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4i1-riHYuu6d5pQNjOaynZKpAx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/Pw99qaPGE-O_9hvPt3lYLi0DI4w.roa
Signing time:             Wed 13 Mar 2024 17:44:45 +0000
ROA not before:           Wed 13 Mar 2024 17:44:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203327
IP address blocks:        185.138.144.0/22 maxlen: 24
                          2a07:ec0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/4i1-riHYuu6d5pQNjOaynZKpAx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/4i1-riHYuu6d5pQNjOaynZKpAx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4i1-riHYuu6d5pQNjOaynZKpAx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 15:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:38:ea:a4:6c:63:d3:95:59:25:14:46:ee:76:68:6d:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e22d7eae21d8baee9de6940d8ce6b29d92a9031e
        Validity
            Not Before: Mar 13 17:44:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f0f7da9a3c613e3bff61bcfb779582e2d03238c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9a:cd:d3:3c:74:72:7d:08:1b:67:69:6f:c7:
                    6c:06:b4:96:1c:4f:3a:8c:53:f2:37:71:92:3d:3c:
                    dc:6d:ed:93:71:87:4b:48:98:16:ee:43:c0:f2:eb:
                    e3:aa:1d:10:a6:59:00:19:55:07:13:bc:59:ca:f1:
                    49:7b:7d:f6:07:5b:72:36:e2:3f:a7:12:7c:3e:94:
                    e9:01:a8:53:c8:21:68:40:02:23:eb:fe:1b:d2:80:
                    e0:b7:ba:aa:29:7f:29:d8:31:64:b7:87:7e:e7:4f:
                    b8:9d:56:08:54:03:03:de:ca:94:ab:b5:85:ef:61:
                    22:b3:0b:e9:8f:2f:ac:3e:59:2c:05:be:5b:16:7e:
                    20:71:74:52:41:f7:ab:b3:3b:50:d1:1c:40:0f:8f:
                    6e:1a:65:51:28:34:07:16:59:80:3c:82:b8:50:b7:
                    f7:62:51:16:96:12:15:85:b3:95:69:73:66:95:6b:
                    fb:20:85:8b:f6:d1:51:c3:fa:13:42:cf:c4:f9:38:
                    26:a5:0b:36:d9:77:ba:a7:7e:18:ef:4b:a3:1a:91:
                    67:53:db:49:e9:2d:23:1f:ed:90:6f:1f:2a:85:0a:
                    97:4c:47:47:3e:af:31:21:46:17:6a:04:38:0d:66:
                    ee:ab:ea:43:82:d7:bd:83:80:1a:10:e8:5e:34:57:
                    07:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:0F:7D:A9:A3:C6:13:E3:BF:F6:1B:CF:B7:79:58:2E:2D:03:23:8C
            X509v3 Authority Key Identifier:
                keyid:E2:2D:7E:AE:21:D8:BA:EE:9D:E6:94:0D:8C:E6:B2:9D:92:A9:03:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4i1-riHYuu6d5pQNjOaynZKpAx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/Pw99qaPGE-O_9hvPt3lYLi0DI4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/4i1-riHYuu6d5pQNjOaynZKpAx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.144.0/22
                IPv6:
                  2a07:ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:2f:0b:42:14:43:30:6b:f1:b4:91:c5:39:ec:fd:19:93:ca:
         18:53:20:20:3e:da:5a:22:7c:7b:1f:f1:3d:81:4c:22:60:63:
         68:bf:45:16:8c:0f:e5:b6:b6:bf:40:c7:42:81:f1:d9:e2:68:
         a6:3f:1d:dd:c1:19:79:f5:9d:a1:89:06:c7:ad:41:8e:62:65:
         92:09:7f:e4:85:f4:41:31:aa:cf:17:2a:4e:39:84:da:e3:bd:
         81:d3:27:99:1d:3e:e0:52:90:dd:11:cb:0c:55:ad:ad:e6:61:
         c4:9d:de:da:fe:bf:00:0e:c5:e0:33:b1:c3:0f:dd:bc:72:8b:
         12:6c:62:e7:7f:b3:7b:99:4b:b3:71:9f:cd:a5:ba:ed:64:20:
         bc:a2:5e:06:61:65:37:cd:39:c1:65:11:45:0b:fa:3f:c1:99:
         ff:31:85:a0:5e:31:8b:41:44:11:7f:ef:0f:75:47:bc:cb:37:
         2d:87:c4:40:78:07:1e:55:6e:28:a0:40:15:d9:f5:93:60:a5:
         c6:fb:29:39:c7:cb:99:ca:14:c3:46:0f:37:03:14:94:6a:df:
         9b:81:ed:c2:59:27:e4:a0:1a:86:c4:66:d3:39:38:ec:8d:2e:
         0a:58:47:66:df:b6:d6:45:bb:78:d0:fe:61:0d:43:3f:ea:97:
         f1:62:af:dc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY446qRsY9OVWSUURu52aG2HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMmQ3ZWFlMjFkOGJhZWU5ZGU2OTQwZDhjZTZiMjlkOTJh
OTAzMWUwHhcNMjQwMzEzMTc0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjBmN2RhOWEzYzYxM2UzYmZmNjFiY2ZiNzc5NTgyZTJkMDMyMzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5rN0zx0cn0IG2dpb8dsBrSWHE86
jFPyN3GSPTzcbe2TcYdLSJgW7kPA8uvjqh0QplkAGVUHE7xZyvFJe332B1tyNuI/
pxJ8PpTpAahTyCFoQAIj6/4b0oDgt7qqKX8p2DFkt4d+50+4nVYIVAMD3sqUq7WF
72Eiswvpjy+sPlksBb5bFn4gcXRSQfersztQ0RxAD49uGmVRKDQHFlmAPIK4ULf3
YlEWlhIVhbOVaXNmlWv7IIWL9tFRw/oTQs/E+TgmpQs22Xe6p34Y70ujGpFnU9tJ
6S0jH+2Qbx8qhQqXTEdHPq8xIUYXagQ4DWbuq+pDgte9g4AaEOheNFcHfQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD8PfamjxhPjv/Ybz7d5WC4tAyOMMB8GA1UdIwQY
MBaAFOItfq4h2LruneaUDYzmsp2SqQMeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGkxLXJpSFl1dTZkNXBRTmpPYXluWktwQXg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9hYjgwNzAtNGY1OC00NjM0LTlhNDQt
Mzg3NTM2ZDAzYTcxLzEvUHc5OXFhUEdFLU9fOWh2UHQzbFlMaTBESTR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9hYjgwNzAtNGY1OC00NjM0LTlhNDQtMzg3NTM2ZDAzYTcx
LzEvNGkxLXJpSFl1dTZkNXBRTmpPYXluWktwQXg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYqQMA0E
AgACMAcDBQMqBw7AMA0GCSqGSIb3DQEBCwUAA4IBAQCDLwtCFEMwa/G0kcU57P0Z
k8oYUyAgPtpaInx7H/E9gUwiYGNov0UWjA/ltra/QMdCgfHZ4mimPx3dwRl59Z2h
iQbHrUGOYmWSCX/khfRBMarPFypOOYTa472B0yeZHT7gUpDdEcsMVa2t5mHEnd7a
/r8ADsXgM7HDD928cosSbGLnf7N7mUuzcZ/NpbrtZCC8ol4GYWU3zTnBZRFFC/o/
wZn/MYWgXjGLQUQRf+8PdUe8yzcth8RAeAceVW4ooEAV2fWTYKXG+yk5x8uZyhTD
Rg83AxSUat+bge3CWSfkoBqGxGbTOTjsjS4KWEdm37bWRbt40P5hDUM/6pfxYq/c
-----END CERTIFICATE-----