Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/AJXSyfymc0ZNXaBD4wQ_CXojrNU.roa
File:                     AJXSyfymc0ZNXaBD4wQ_CXojrNU.roa (raw, json)
Hash identifier:          IEKfVlGCNO0k9/PEwkKVpaVd+QI7iET2CIAUyaqWhoM=
Subject key identifier:   00:95:D2:C9:FC:A6:73:46:4D:5D:A0:43:E3:04:3F:09:7A:23:AC:D5
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       0194206804114782A6A726FB2A7036DD1965
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/AJXSyfymc0ZNXaBD4wQ_CXojrNU.roa
Signing time:             Wed 01 Jan 2025 05:47:55 +0000
ROA not before:           Wed 01 Jan 2025 05:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48314
IP address blocks:        185.243.114.0/24 maxlen: 24
                          185.243.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:04:11:47:82:a6:a7:26:fb:2a:70:36:dd:19:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  1 05:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0095d2c9fca673464d5da043e3043f097a23acd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e6:9d:6a:97:0f:aa:f9:ee:c2:86:65:5f:a4:
                    94:4b:07:9e:cc:05:4d:53:60:b0:34:f2:92:e1:f8:
                    b1:92:9f:fb:82:63:41:cc:a6:a6:43:b0:a4:79:ab:
                    35:17:58:da:68:8c:84:02:e4:a6:02:78:2a:1b:6b:
                    7e:ee:3d:7d:92:00:51:75:9c:b4:09:c5:37:58:61:
                    43:23:2d:c6:83:c3:4b:ef:96:f6:10:05:c1:d0:72:
                    76:42:8d:bf:57:eb:cf:8f:81:df:fe:ec:0b:25:cf:
                    13:1e:13:98:a7:ab:de:63:f6:f8:74:1f:17:6a:1b:
                    5f:0a:5f:26:2b:ab:e8:78:69:67:3d:13:41:ed:d2:
                    4d:e6:f8:b4:1e:15:b6:71:27:63:67:9c:32:90:a0:
                    f2:a8:67:e3:27:f2:a7:3e:98:9c:4e:3e:94:93:67:
                    81:74:d2:6c:52:07:ce:75:c6:b9:c9:ef:93:c2:ab:
                    20:1b:e5:de:47:4d:de:26:90:76:7d:35:fd:6a:cc:
                    7f:5d:4c:62:87:95:26:05:a4:52:01:66:a9:9f:fc:
                    ae:f7:70:f2:0c:91:9e:b4:23:d6:46:0e:b2:4a:dd:
                    b2:14:41:51:07:9b:d2:8f:a8:49:d9:fe:4a:b3:50:
                    2d:7e:c7:99:37:22:53:84:9a:a0:07:fa:7f:53:46:
                    c8:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:95:D2:C9:FC:A6:73:46:4D:5D:A0:43:E3:04:3F:09:7A:23:AC:D5
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/AJXSyfymc0ZNXaBD4wQ_CXojrNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         59:e8:ec:48:36:5d:5d:38:91:42:0d:52:94:f4:e8:34:8a:90:
         18:f7:fa:8a:8b:d6:b1:1b:8c:cd:45:2b:08:64:f0:98:52:34:
         fa:6f:62:26:1c:30:e1:09:10:44:0a:08:79:b9:ef:95:33:6f:
         ac:57:4d:c4:e7:80:fb:5b:55:4d:ca:0c:3d:e8:e0:b9:0e:d8:
         f6:15:a1:1b:a1:77:b1:09:6c:95:1d:45:d6:73:39:56:81:83:
         b3:5d:e4:f5:2b:28:f5:f1:f0:a7:80:a0:47:9c:e1:d4:81:e6:
         d7:dc:e2:de:b6:4e:36:2b:7e:e4:47:07:80:9c:e1:d5:62:da:
         48:61:4d:24:f8:48:cf:7e:9d:75:3b:41:02:1c:86:49:b6:0c:
         ee:e7:ae:58:e2:55:97:78:20:be:b6:c1:cd:76:03:2d:86:f0:
         5b:26:b9:d2:3a:9e:be:70:3e:09:b8:80:39:f8:86:73:30:0a:
         68:8b:da:22:d2:69:e9:45:d5:f8:e2:c5:04:f0:97:25:e7:79:
         f1:97:a2:a4:89:5a:1a:be:31:7f:85:12:59:f4:28:50:db:88:
         30:05:54:ab:d8:99:96:c9:31:9b:4c:dd:04:63:0a:cd:d2:b8:
         9a:82:15:9e:cc:b3:1b:7e:f9:81:55:94:0e:28:d5:b4:de:89:
         56:58:f6:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaAQRR4Kmpyb7KnA23RllMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUwMTAxMDU0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDk1ZDJjOWZjYTY3MzQ2NGQ1ZGEwNDNlMzA0M2YwOTdhMjNhY2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+adapcPqvnuwoZlX6SUSweezAVN
U2CwNPKS4fixkp/7gmNBzKamQ7Ckeas1F1jaaIyEAuSmAngqG2t+7j19kgBRdZy0
CcU3WGFDIy3Gg8NL75b2EAXB0HJ2Qo2/V+vPj4Hf/uwLJc8THhOYp6veY/b4dB8X
ahtfCl8mK6voeGlnPRNB7dJN5vi0HhW2cSdjZ5wykKDyqGfjJ/KnPpicTj6Uk2eB
dNJsUgfOdca5ye+TwqsgG+XeR03eJpB2fTX9asx/XUxih5UmBaRSAWapn/yu93Dy
DJGetCPWRg6ySt2yFEFRB5vSj6hJ2f5Ks1AtfseZNyJThJqgB/p/U0bIXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFACV0sn8pnNGTV2gQ+MEPwl6I6zVMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvQUpYU3lmeW1jMFpOWGFCRDR3UV9DWG9qck5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufNyMA0G
CSqGSIb3DQEBCwUAA4IBAQBZ6OxINl1dOJFCDVKU9Og0ipAY9/qKi9axG4zNRSsI
ZPCYUjT6b2ImHDDhCRBECgh5ue+VM2+sV03E54D7W1VNygw96OC5Dtj2FaEboXex
CWyVHUXWczlWgYOzXeT1Kyj18fCngKBHnOHUgebX3OLetk42K37kRweAnOHVYtpI
YU0k+EjPfp11O0ECHIZJtgzu565Y4lWXeCC+tsHNdgMthvBbJrnSOp6+cD4JuIA5
+IZzMApoi9oi0mnpRdX44sUE8Jcl53nxl6KkiVoavjF/hRJZ9ChQ24gwBVSr2JmW
yTGbTN0EYwrN0riaghWezLMbfvmBVZQOKNW03olWWPaR
-----END CERTIFICATE-----