Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/079594-e401-4ed5-98a6-90d35b245ced/1/Ljs9MQhWok74BFhLvX5tnc2erSo.roa
File:                     Ljs9MQhWok74BFhLvX5tnc2erSo.roa (raw, json)
Hash identifier:          +v8jaS8N6bSTt1OSxaSBvN/IEBx5vNtqPM0L9If78cg=
Subject key identifier:   2E:3B:3D:31:08:56:A2:4E:F8:04:58:4B:BD:7E:6D:9D:CD:9E:AD:2A
Certificate issuer:       /CN=232b1778d63623743ed89c87de80c2a64093a062
Certificate serial:       019424B3F167993148A4C9B71B5E035CA796
Authority key identifier: 23:2B:17:78:D6:36:23:74:3E:D8:9C:87:DE:80:C2:A6:40:93:A0:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IysXeNY2I3Q-2JyH3oDCpkCToGI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/079594-e401-4ed5-98a6-90d35b245ced/1/Ljs9MQhWok74BFhLvX5tnc2erSo.roa
Signing time:             Thu 02 Jan 2025 01:49:19 +0000
ROA not before:           Thu 02 Jan 2025 01:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16019
IP address blocks:        185.243.168.0/22 maxlen: 22
                          2a0d:1780::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/079594-e401-4ed5-98a6-90d35b245ced/1/IysXeNY2I3Q-2JyH3oDCpkCToGI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/079594-e401-4ed5-98a6-90d35b245ced/1/IysXeNY2I3Q-2JyH3oDCpkCToGI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IysXeNY2I3Q-2JyH3oDCpkCToGI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 16:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:f1:67:99:31:48:a4:c9:b7:1b:5e:03:5c:a7:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=232b1778d63623743ed89c87de80c2a64093a062
        Validity
            Not Before: Jan  2 01:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e3b3d310856a24ef804584bbd7e6d9dcd9ead2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d7:ce:19:eb:1b:ee:28:0d:ce:72:1d:86:ce:
                    93:21:15:7b:89:d4:b4:72:d1:00:e7:2f:74:4e:53:
                    a6:d8:ed:7c:80:10:98:fd:b3:e9:dc:60:9a:47:11:
                    4c:3b:90:c9:ac:78:ba:9b:6b:93:26:3a:11:34:f3:
                    66:7e:01:bc:3e:a8:29:fb:6c:f6:52:3a:a2:d8:f2:
                    1e:f8:5f:fc:7a:e2:a1:f4:d8:ea:f9:5d:39:24:16:
                    ff:2f:51:a0:f7:ab:7e:77:e5:19:19:26:2e:83:3c:
                    c2:ea:d4:2b:44:f1:4c:46:22:d5:04:35:3c:d5:ee:
                    38:e4:f4:c4:ef:85:10:2a:de:29:02:11:3a:53:b6:
                    a1:99:db:ff:27:e2:6c:52:13:4e:9e:89:0d:94:88:
                    cf:94:6e:39:da:13:e2:1a:60:4d:e4:d8:d3:a2:79:
                    89:9a:8f:61:77:9c:b4:47:e7:d9:45:55:72:e7:6a:
                    8f:16:42:2e:71:30:06:4c:a2:97:87:ca:78:72:51:
                    bc:a5:68:72:73:2a:cf:eb:da:57:f7:83:ed:cd:d4:
                    60:fe:22:e7:e9:f6:af:de:fd:f7:5b:b1:e8:65:d0:
                    c8:21:cc:3a:f2:d9:4c:78:e9:d9:c4:54:80:19:34:
                    9c:c8:ef:b4:64:67:c4:3d:ed:b2:ad:4b:14:30:b2:
                    ba:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:3B:3D:31:08:56:A2:4E:F8:04:58:4B:BD:7E:6D:9D:CD:9E:AD:2A
            X509v3 Authority Key Identifier:
                keyid:23:2B:17:78:D6:36:23:74:3E:D8:9C:87:DE:80:C2:A6:40:93:A0:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IysXeNY2I3Q-2JyH3oDCpkCToGI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/079594-e401-4ed5-98a6-90d35b245ced/1/Ljs9MQhWok74BFhLvX5tnc2erSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/079594-e401-4ed5-98a6-90d35b245ced/1/IysXeNY2I3Q-2JyH3oDCpkCToGI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.168.0/22
                IPv6:
                  2a0d:1780::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:b9:c2:7c:1c:67:80:52:bc:1c:a9:2c:74:83:0c:a3:48:47:
         98:3f:60:d0:bf:13:e9:cc:a1:03:1d:91:14:22:a0:0f:ec:98:
         28:3e:5d:e7:6a:c7:ad:5a:29:40:5e:54:94:47:47:9d:a7:44:
         fb:a9:7e:d9:d1:31:8a:28:1e:ef:07:23:09:4a:75:9c:d5:9a:
         28:c6:a2:e5:b2:14:7c:07:be:1d:7e:e5:45:f7:ea:77:8f:04:
         db:30:30:d7:f9:21:a0:ec:4f:91:ac:c6:fe:db:7b:b7:56:33:
         f3:60:b7:34:3b:b5:99:0b:b5:68:45:94:42:50:4a:67:94:a8:
         89:3a:5f:11:68:63:cd:56:56:db:0f:a8:75:f8:d5:da:6f:0b:
         c6:a7:aa:80:38:e6:3c:ce:3b:46:70:cb:e1:83:5e:19:e2:fd:
         05:c3:97:5d:88:89:3c:98:cc:48:12:e2:02:c0:f6:6d:53:df:
         67:58:a4:88:13:8e:fa:b7:33:c3:6b:09:d2:d1:a1:41:57:70:
         20:d9:a5:43:6e:7e:2f:f5:74:d7:21:0f:15:58:27:1f:47:38:
         35:e2:44:bc:ed:fa:01:e8:ca:4d:53:81:b0:3e:e0:61:2b:6f:
         be:70:96:d7:c9:cf:97:8e:fc:38:e8:d1:80:33:ee:44:ee:3a:
         45:9f:70:6c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQks/FnmTFIpMm3G14DXKeWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMmIxNzc4ZDYzNjIzNzQzZWQ4OWM4N2RlODBjMmE2NDA5
M2EwNjIwHhcNMjUwMTAyMDE0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTNiM2QzMTA4NTZhMjRlZjgwNDU4NGJiZDdlNmQ5ZGNkOWVhZDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9fOGesb7igNznIdhs6TIRV7idS0
ctEA5y90TlOm2O18gBCY/bPp3GCaRxFMO5DJrHi6m2uTJjoRNPNmfgG8Pqgp+2z2
Ujqi2PIe+F/8euKh9Njq+V05JBb/L1Gg96t+d+UZGSYugzzC6tQrRPFMRiLVBDU8
1e445PTE74UQKt4pAhE6U7ahmdv/J+JsUhNOnokNlIjPlG452hPiGmBN5NjTonmJ
mo9hd5y0R+fZRVVy52qPFkIucTAGTKKXh8p4clG8pWhycyrP69pX94PtzdRg/iLn
6fav3v33W7HoZdDIIcw68tlMeOnZxFSAGTScyO+0ZGfEPe2yrUsUMLK6CwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFC47PTEIVqJO+ARYS71+bZ3Nnq0qMB8GA1UdIwQY
MBaAFCMrF3jWNiN0Ptich96AwqZAk6BiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXlzWGVOWTJJM1EtMkp5SDNvRENwa0NUb0dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8wNzk1OTQtZTQwMS00ZWQ1LTk4YTYt
OTBkMzViMjQ1Y2VkLzEvTGpzOU1RaFdvazc0QkZoTHZYNXRuYzJlclNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8wNzk1OTQtZTQwMS00ZWQ1LTk4YTYtOTBkMzViMjQ1Y2Vk
LzEvSXlzWGVOWTJJM1EtMkp5SDNvRENwa0NUb0dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufOoMA0E
AgACMAcDBQMqDReAMA0GCSqGSIb3DQEBCwUAA4IBAQB0ucJ8HGeAUrwcqSx0gwyj
SEeYP2DQvxPpzKEDHZEUIqAP7JgoPl3nasetWilAXlSUR0edp0T7qX7Z0TGKKB7v
ByMJSnWc1ZooxqLlshR8B74dfuVF9+p3jwTbMDDX+SGg7E+RrMb+23u3VjPzYLc0
O7WZC7VoRZRCUEpnlKiJOl8RaGPNVlbbD6h1+NXabwvGp6qAOOY8zjtGcMvhg14Z
4v0Fw5ddiIk8mMxIEuICwPZtU99nWKSIE476tzPDawnS0aFBV3Ag2aVDbn4v9XTX
IQ8VWCcfRzg14kS87foB6MpNU4GwPuBhK2++cJbXyc+Xjvw46NGAM+5E7jpFn3Bs
-----END CERTIFICATE-----