Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/4c4f66-9039-4fb1-bd49-1a4b6edb03a7/1/Pw15r0tJiPvDyuMOBQn_URPGo5I.roa
File:                     Pw15r0tJiPvDyuMOBQn_URPGo5I.roa (raw, json)
Hash identifier:          k7iEyCH3l0LCjD2Op61Rjmw/pHSf07/MBQiciVefF9Q=
Subject key identifier:   3F:0D:79:AF:4B:49:88:FB:C3:CA:E3:0E:05:09:FF:51:13:C6:A3:92
Certificate issuer:       /CN=5647798f253c724eb07f2e8ad8c2ed949436499c
Certificate serial:       0196823C3A0318747FDF3BF5B45F25A78B69
Authority key identifier: 56:47:79:8F:25:3C:72:4E:B0:7F:2E:8A:D8:C2:ED:94:94:36:49:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vkd5jyU8ck6wfy6K2MLtlJQ2SZw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/4c4f66-9039-4fb1-bd49-1a4b6edb03a7/1/Pw15r0tJiPvDyuMOBQn_URPGo5I.roa
Signing time:             Tue 29 Apr 2025 15:48:27 +0000
ROA not before:           Tue 29 Apr 2025 15:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204272
IP address blocks:        109.70.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/4c4f66-9039-4fb1-bd49-1a4b6edb03a7/1/Vkd5jyU8ck6wfy6K2MLtlJQ2SZw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/4c4f66-9039-4fb1-bd49-1a4b6edb03a7/1/Vkd5jyU8ck6wfy6K2MLtlJQ2SZw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vkd5jyU8ck6wfy6K2MLtlJQ2SZw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 09:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:82:3c:3a:03:18:74:7f:df:3b:f5:b4:5f:25:a7:8b:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5647798f253c724eb07f2e8ad8c2ed949436499c
        Validity
            Not Before: Apr 29 15:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f0d79af4b4988fbc3cae30e0509ff5113c6a392
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:6f:2f:1f:b7:d3:e3:7d:9a:f6:46:98:5f:5b:
                    71:06:73:1e:d8:3f:cc:f2:20:fb:4f:f7:3d:b3:80:
                    02:a2:b6:ce:a7:0f:74:db:20:d3:55:49:0f:e2:a0:
                    cd:1c:20:25:9b:d2:93:39:27:a1:28:29:5f:8c:77:
                    39:c4:7f:b0:71:90:99:4d:a9:fb:1f:43:23:0c:ae:
                    b3:54:20:18:12:a8:3a:b4:c9:04:70:8f:98:39:02:
                    d3:b1:1f:1b:dc:9d:c2:ff:fd:ea:2e:85:31:96:74:
                    b0:ff:a8:d3:4e:a3:b9:3a:dd:00:93:07:b8:fe:da:
                    90:c5:b7:e1:3c:75:16:db:51:5f:a3:54:ac:1f:7a:
                    5b:9e:44:5b:96:c2:27:d2:0e:2f:03:2e:a4:56:59:
                    a3:d9:30:11:df:54:58:f3:80:d3:c7:16:53:a9:f7:
                    ee:93:a0:76:39:f0:71:b4:97:62:ac:27:6f:1b:a7:
                    80:8d:f4:92:f2:61:c0:c9:8e:2d:96:ba:26:0e:a4:
                    88:f6:e1:64:ea:ef:15:14:75:77:4d:a2:7d:f2:2e:
                    f2:86:ee:e3:ef:bd:1b:cf:52:bd:90:a1:c1:aa:ce:
                    38:28:0d:2b:f8:61:7f:1a:07:ee:ae:b3:67:09:dc:
                    f7:ba:f8:b5:71:43:2b:b5:51:91:16:0f:73:3a:7e:
                    fa:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:0D:79:AF:4B:49:88:FB:C3:CA:E3:0E:05:09:FF:51:13:C6:A3:92
            X509v3 Authority Key Identifier:
                keyid:56:47:79:8F:25:3C:72:4E:B0:7F:2E:8A:D8:C2:ED:94:94:36:49:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vkd5jyU8ck6wfy6K2MLtlJQ2SZw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/4c4f66-9039-4fb1-bd49-1a4b6edb03a7/1/Pw15r0tJiPvDyuMOBQn_URPGo5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/4c4f66-9039-4fb1-bd49-1a4b6edb03a7/1/Vkd5jyU8ck6wfy6K2MLtlJQ2SZw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:bc:99:86:96:df:a8:03:92:26:b3:de:e0:c2:e6:bc:8a:d7:
         38:07:9f:aa:e3:9d:f2:12:60:8a:24:67:6f:26:3e:53:24:b6:
         14:1c:52:7b:4f:e3:e5:17:57:68:d1:45:3a:34:48:1a:ba:8e:
         9b:c9:57:00:2a:4c:35:26:cd:00:45:a9:1b:89:28:ea:c2:bd:
         69:57:7a:83:14:bf:3b:b6:e1:5b:27:22:b8:8c:c7:c4:3c:a0:
         30:85:ce:35:f3:f5:24:66:59:20:9d:83:e1:71:06:46:34:d3:
         80:96:fb:b3:16:93:6e:00:41:01:84:2f:91:c6:40:b2:10:ce:
         da:71:1f:ff:70:e2:42:e1:b6:d4:88:32:2b:75:c2:14:75:b7:
         ec:5e:6f:58:0d:8f:c3:65:fb:06:34:ff:14:7c:df:10:b1:fb:
         2b:d9:68:91:bf:24:2f:0a:79:61:02:19:46:a3:0d:5c:b3:e3:
         97:a5:75:9e:e3:e4:af:d2:0a:c4:cc:cc:13:be:38:20:a5:61:
         ea:4e:96:96:19:03:54:7b:c9:cd:a2:a6:1c:10:e1:20:ab:87:
         da:e5:64:8a:dc:4b:4d:d0:ac:bb:33:29:f0:4d:f8:b0:11:c6:
         87:98:a7:1f:8e:0a:2f:8a:f6:72:aa:19:36:e9:1e:55:6a:f1:
         bc:68:25:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaCPDoDGHR/3zv1tF8lp4tpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NDc3OThmMjUzYzcyNGViMDdmMmU4YWQ4YzJlZDk0OTQz
NjQ5OWMwHhcNMjUwNDI5MTU0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjBkNzlhZjRiNDk4OGZiYzNjYWUzMGUwNTA5ZmY1MTEzYzZhMzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmW8vH7fT432a9kaYX1txBnMe2D/M
8iD7T/c9s4ACorbOpw902yDTVUkP4qDNHCAlm9KTOSehKClfjHc5xH+wcZCZTan7
H0MjDK6zVCAYEqg6tMkEcI+YOQLTsR8b3J3C//3qLoUxlnSw/6jTTqO5Ot0Akwe4
/tqQxbfhPHUW21Ffo1SsH3pbnkRblsIn0g4vAy6kVlmj2TAR31RY84DTxxZTqffu
k6B2OfBxtJdirCdvG6eAjfSS8mHAyY4tlromDqSI9uFk6u8VFHV3TaJ98i7yhu7j
770bz1K9kKHBqs44KA0r+GF/GgfurrNnCdz3uvi1cUMrtVGRFg9zOn76rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8Nea9LSYj7w8rjDgUJ/1ETxqOSMB8GA1UdIwQY
MBaAFFZHeY8lPHJOsH8uitjC7ZSUNkmcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmtkNWp5VThjazZ3Znk2SzJNTHRsSlEyU1p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC80YzRmNjYtOTAzOS00ZmIxLWJkNDkt
MWE0YjZlZGIwM2E3LzEvUHcxNXIwdEppUHZEeXVNT0JRbl9VUlBHbzVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC80YzRmNjYtOTAzOS00ZmIxLWJkNDktMWE0YjZlZGIwM2E3
LzEvVmtkNWp5VThjazZ3Znk2SzJNTHRsSlEyU1p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUZLMA0G
CSqGSIb3DQEBCwUAA4IBAQBjvJmGlt+oA5Ims97gwua8itc4B5+q453yEmCKJGdv
Jj5TJLYUHFJ7T+PlF1do0UU6NEgauo6byVcAKkw1Js0ARakbiSjqwr1pV3qDFL87
tuFbJyK4jMfEPKAwhc418/UkZlkgnYPhcQZGNNOAlvuzFpNuAEEBhC+RxkCyEM7a
cR//cOJC4bbUiDIrdcIUdbfsXm9YDY/DZfsGNP8UfN8Qsfsr2WiRvyQvCnlhAhlG
ow1cs+OXpXWe4+Sv0grEzMwTvjggpWHqTpaWGQNUe8nNoqYcEOEgq4fa5WSK3EtN
0Ky7MynwTfiwEcaHmKcfjgovivZyqhk26R5VavG8aCVg
-----END CERTIFICATE-----