Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/7b42b4-1d12-42cf-a8f0-16b6beda87d0/1/PwlcQaBPeu72jRxpS1TyAFafqIs.roa
File:                     PwlcQaBPeu72jRxpS1TyAFafqIs.roa (raw, json)
Hash identifier:          zweRMxR6GdWC0C5ngJnRInvOkWHsboI5uvSiYLo2X20=
Subject key identifier:   3F:09:5C:41:A0:4F:7A:EE:F6:8D:1C:69:4B:54:F2:00:56:9F:A8:8B
Certificate issuer:       /CN=ae68c9518c2ad54c0acb821468c86e45ba161c18
Certificate serial:       01941FFA6576569541647F4732C328A70060
Authority key identifier: AE:68:C9:51:8C:2A:D5:4C:0A:CB:82:14:68:C8:6E:45:BA:16:1C:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rmjJUYwq1UwKy4IUaMhuRboWHBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/7b42b4-1d12-42cf-a8f0-16b6beda87d0/1/PwlcQaBPeu72jRxpS1TyAFafqIs.roa
Signing time:             Wed 01 Jan 2025 03:48:11 +0000
ROA not before:           Wed 01 Jan 2025 03:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202531
IP address blocks:        185.151.219.0/24 maxlen: 24
                          185.206.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/7b42b4-1d12-42cf-a8f0-16b6beda87d0/1/rmjJUYwq1UwKy4IUaMhuRboWHBg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/7b42b4-1d12-42cf-a8f0-16b6beda87d0/1/rmjJUYwq1UwKy4IUaMhuRboWHBg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rmjJUYwq1UwKy4IUaMhuRboWHBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 14:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:65:76:56:95:41:64:7f:47:32:c3:28:a7:00:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae68c9518c2ad54c0acb821468c86e45ba161c18
        Validity
            Not Before: Jan  1 03:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f095c41a04f7aeef68d1c694b54f200569fa88b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:c9:99:a4:02:8e:f5:d9:9a:be:b9:32:84:6d:
                    01:39:a7:4c:92:d4:8e:1b:b9:5f:4e:ac:6c:4c:92:
                    af:52:ed:20:82:3e:41:a9:17:50:ab:d5:bf:0c:e1:
                    98:99:67:22:82:f5:1b:bb:46:0e:ef:13:d8:44:8e:
                    56:58:d7:dd:2d:69:3f:50:24:f5:41:75:2c:6d:a3:
                    93:9a:ed:4d:a8:9e:08:41:33:11:9b:25:3a:c3:17:
                    b5:62:e6:96:e9:f4:3d:a2:6b:6f:aa:25:7b:78:72:
                    c8:ec:cc:06:9c:d1:fa:09:b5:94:ce:93:96:23:91:
                    ad:a5:ee:7e:8e:05:d2:fe:ee:20:99:30:e4:82:34:
                    9b:21:73:13:67:12:51:52:45:ef:9d:e5:f0:b8:f0:
                    46:45:32:1b:9a:4a:93:ef:85:06:65:0d:60:51:b9:
                    20:f0:47:8b:57:f0:2a:9f:91:ae:57:61:c1:8e:af:
                    79:78:0d:29:2d:38:33:1c:56:3f:42:26:f0:b5:e9:
                    b5:84:20:00:3f:d7:5c:ae:7c:7f:74:68:8e:f3:ae:
                    58:a8:58:b7:4c:f1:10:c0:1f:a8:2f:26:30:38:c6:
                    03:88:20:ff:69:62:c1:33:d2:ea:22:e7:c0:86:32:
                    b9:53:ef:9a:9c:77:fe:ef:89:1e:ae:55:f9:f9:15:
                    cc:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:09:5C:41:A0:4F:7A:EE:F6:8D:1C:69:4B:54:F2:00:56:9F:A8:8B
            X509v3 Authority Key Identifier:
                keyid:AE:68:C9:51:8C:2A:D5:4C:0A:CB:82:14:68:C8:6E:45:BA:16:1C:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rmjJUYwq1UwKy4IUaMhuRboWHBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/7b42b4-1d12-42cf-a8f0-16b6beda87d0/1/PwlcQaBPeu72jRxpS1TyAFafqIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/7b42b4-1d12-42cf-a8f0-16b6beda87d0/1/rmjJUYwq1UwKy4IUaMhuRboWHBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.219.0/24
                  185.206.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:14:d9:4c:eb:ed:39:49:99:e3:b9:79:e7:d5:13:8c:ec:5c:
         d6:a8:40:38:09:cd:ea:65:28:1e:5b:af:63:44:db:55:3c:22:
         0f:83:c8:52:14:b0:72:c7:e1:58:97:54:e4:dd:d6:82:90:fb:
         47:64:7f:5a:ad:c6:69:72:24:78:11:7c:97:04:a4:ce:c8:82:
         3a:14:88:4b:1e:19:e9:be:74:d4:f2:a1:6b:cf:86:c4:5b:9c:
         38:f3:16:42:00:0f:af:61:e5:35:8b:d7:06:05:ee:ee:5c:3f:
         94:22:e8:bb:30:8a:19:d7:7d:c4:d0:b3:14:ba:77:ed:bd:df:
         df:f2:2c:75:7e:9e:57:cd:bd:60:6c:52:f6:a8:ba:06:1b:4e:
         72:6c:de:69:0e:d0:7c:2a:f0:d2:63:50:b0:5e:eb:f5:31:ea:
         3a:8f:96:49:34:42:49:ff:d1:a7:39:ba:01:3f:5c:fe:00:5f:
         6b:9b:81:50:22:20:35:78:8b:c9:56:f1:51:fe:24:18:9a:5c:
         24:ad:8e:5d:0a:d3:b4:a9:66:48:ee:f4:88:36:9d:fe:da:6e:
         18:7f:2c:aa:89:72:82:5c:0c:d0:2a:7f:9e:df:c1:0d:2a:19:
         f5:86:fa:e9:ba:1c:0a:f6:1b:fc:0c:60:b9:d8:08:c8:1a:5f:
         4a:41:f7:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+mV2VpVBZH9HMsMopwBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNjhjOTUxOGMyYWQ1NGMwYWNiODIxNDY4Yzg2ZTQ1YmEx
NjFjMTgwHhcNMjUwMTAxMDM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjA5NWM0MWEwNGY3YWVlZjY4ZDFjNjk0YjU0ZjIwMDU2OWZhODhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4cmZpAKO9dmavrkyhG0BOadMktSO
G7lfTqxsTJKvUu0ggj5BqRdQq9W/DOGYmWcigvUbu0YO7xPYRI5WWNfdLWk/UCT1
QXUsbaOTmu1NqJ4IQTMRmyU6wxe1YuaW6fQ9omtvqiV7eHLI7MwGnNH6CbWUzpOW
I5Gtpe5+jgXS/u4gmTDkgjSbIXMTZxJRUkXvneXwuPBGRTIbmkqT74UGZQ1gUbkg
8EeLV/Aqn5GuV2HBjq95eA0pLTgzHFY/Qibwtem1hCAAP9dcrnx/dGiO865YqFi3
TPEQwB+oLyYwOMYDiCD/aWLBM9LqIufAhjK5U++anHf+74kerlX5+RXMdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD8JXEGgT3ru9o0caUtU8gBWn6iLMB8GA1UdIwQY
MBaAFK5oyVGMKtVMCsuCFGjIbkW6FhwYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm1qSlVZd3ExVXdLeTRJVWFNaHVSYm9XSEJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS83YjQyYjQtMWQxMi00MmNmLWE4ZjAt
MTZiNmJlZGE4N2QwLzEvUHdsY1FhQlBldTcyalJ4cFMxVHlBRmFmcUlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS83YjQyYjQtMWQxMi00MmNmLWE4ZjAtMTZiNmJlZGE4N2Qw
LzEvcm1qSlVZd3ExVXdLeTRJVWFNaHVSYm9XSEJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuZfbAwQA
uc7+MA0GCSqGSIb3DQEBCwUAA4IBAQAAFNlM6+05SZnjuXnn1ROM7FzWqEA4Cc3q
ZSgeW69jRNtVPCIPg8hSFLByx+FYl1Tk3daCkPtHZH9arcZpciR4EXyXBKTOyII6
FIhLHhnpvnTU8qFrz4bEW5w48xZCAA+vYeU1i9cGBe7uXD+UIui7MIoZ133E0LMU
unftvd/f8ix1fp5Xzb1gbFL2qLoGG05ybN5pDtB8KvDSY1CwXuv1Meo6j5ZJNEJJ
/9GnOboBP1z+AF9rm4FQIiA1eIvJVvFR/iQYmlwkrY5dCtO0qWZI7vSINp3+2m4Y
fyyqiXKCXAzQKn+e38ENKhn1hvrpuhwK9hv8DGC52AjIGl9KQfdr
-----END CERTIFICATE-----