Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/X_FL5W5PaBcXLOauRMxOwRuyYlc.roa
File:                     X_FL5W5PaBcXLOauRMxOwRuyYlc.roa (raw, json)
Hash identifier:          kCKDT8tcDr1dP8XE79tCmIW9bJ4NTTFNxriENFz7kC0=
Subject key identifier:   5F:F1:4B:E5:6E:4F:68:17:17:2C:E6:AE:44:CC:4E:C1:1B:B2:62:57
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0194221FF4E7E72ACF95C03E9B8011939610
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/X_FL5W5PaBcXLOauRMxOwRuyYlc.roa
Signing time:             Wed 01 Jan 2025 13:48:27 +0000
ROA not before:           Wed 01 Jan 2025 13:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214669
IP address blocks:        43.240.148.0/24 maxlen: 24
                          147.185.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 01:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f4:e7:e7:2a:cf:95:c0:3e:9b:80:11:93:96:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jan  1 13:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ff14be56e4f6817172ce6ae44cc4ec11bb26257
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:75:1e:dc:d7:7a:cb:8d:b0:cc:2d:e8:ba:f0:
                    63:4b:1d:c8:e3:eb:32:2c:bc:ab:98:3d:b3:70:15:
                    32:58:6f:53:fd:0b:0e:16:61:5e:78:18:3d:82:bf:
                    f0:5c:c3:bc:b3:66:3b:ed:19:93:12:40:44:8f:33:
                    7d:91:cf:23:5d:c5:ef:4c:f2:1e:aa:7e:e3:6d:ec:
                    9b:05:54:06:da:6f:b9:04:6b:93:16:90:ff:c7:2b:
                    9a:7f:47:e6:dc:b6:81:32:d1:b6:ef:ce:de:a5:fb:
                    38:6f:82:3b:a4:d0:bb:eb:9f:39:8f:53:b9:33:58:
                    11:89:14:40:73:e9:cb:83:c3:aa:50:9f:37:1b:fa:
                    d8:f2:33:53:ec:1d:e7:87:d1:c8:e4:5a:a8:e3:b0:
                    b1:b9:58:fb:bf:b5:1e:e6:54:0f:f7:11:dc:08:11:
                    bf:0a:cc:f5:32:6d:fa:fc:81:25:12:ae:85:89:41:
                    90:69:31:17:9a:ff:dc:0c:08:ef:90:e5:23:4e:a6:
                    12:4e:0c:e2:01:b4:60:14:ba:e7:71:a5:89:4d:c3:
                    0a:99:30:b3:3b:c4:e8:21:3f:c6:f6:8b:02:bf:90:
                    3d:a4:6a:89:e5:48:f5:c1:9c:2b:5d:1b:70:2d:33:
                    1a:37:1e:43:a6:b6:cb:a3:9a:22:31:4a:71:6e:2a:
                    d2:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:F1:4B:E5:6E:4F:68:17:17:2C:E6:AE:44:CC:4E:C1:1B:B2:62:57
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/X_FL5W5PaBcXLOauRMxOwRuyYlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.240.148.0/24
                  147.185.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:e8:3f:c8:e3:a4:33:61:1f:59:a1:45:48:84:5b:25:30:27:
         18:6b:03:68:df:83:41:8d:0a:16:e4:fd:42:a7:e2:5e:50:7f:
         3f:80:f3:ee:34:b4:62:ec:74:47:c2:ac:a1:3a:5a:43:f8:dc:
         06:63:0d:c2:21:74:1a:34:1e:a6:d9:f5:e4:9e:6c:10:c0:d9:
         ec:55:b2:72:fb:61:7f:44:31:d1:ba:8a:aa:25:13:b1:06:46:
         e1:21:67:ef:73:68:2c:68:b0:d6:8d:ee:19:e7:9c:91:97:b9:
         8e:0d:ea:39:32:a8:63:9b:a7:d6:0b:09:27:54:67:5a:48:7e:
         d0:c7:f4:2f:e9:0b:5e:d3:1a:45:3d:fc:c2:79:eb:e4:f2:39:
         5e:07:b5:75:c0:4b:29:92:d0:30:44:c3:a1:36:c7:02:82:57:
         48:3e:85:f2:51:6d:66:14:f0:a0:50:b3:93:42:ce:ce:97:dc:
         3f:0e:4d:df:16:49:56:ba:01:9e:db:8a:6e:b6:f6:7c:38:80:
         5c:e1:fa:53:93:53:b6:c7:ae:31:c8:96:42:16:86:f7:bf:2c:
         25:c4:8e:1f:f7:a6:43:43:d7:72:f8:f7:8c:71:a6:f4:f0:a5:
         af:e7:f5:69:21:a6:53:5f:51:d5:d0:96:8f:95:e6:19:19:9d:
         c1:5e:86:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH/Tn5yrPlcA+m4ARk5YQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwMTAxMTM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmYxNGJlNTZlNGY2ODE3MTcyY2U2YWU0NGNjNGVjMTFiYjI2MjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnUe3Nd6y42wzC3ouvBjSx3I4+sy
LLyrmD2zcBUyWG9T/QsOFmFeeBg9gr/wXMO8s2Y77RmTEkBEjzN9kc8jXcXvTPIe
qn7jbeybBVQG2m+5BGuTFpD/xyuaf0fm3LaBMtG2787epfs4b4I7pNC76585j1O5
M1gRiRRAc+nLg8OqUJ83G/rY8jNT7B3nh9HI5Fqo47CxuVj7v7Ue5lQP9xHcCBG/
Csz1Mm36/IElEq6FiUGQaTEXmv/cDAjvkOUjTqYSTgziAbRgFLrncaWJTcMKmTCz
O8ToIT/G9osCv5A9pGqJ5Uj1wZwrXRtwLTMaNx5DprbLo5oiMUpxbirS7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF/xS+VuT2gXFyzmrkTMTsEbsmJXMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvWF9GTDVXNVBhQmNYTE9hdVJNeE93UnV5WWxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAK/CUAwQA
k7nOMA0GCSqGSIb3DQEBCwUAA4IBAQBM6D/I46QzYR9ZoUVIhFslMCcYawNo34NB
jQoW5P1Cp+JeUH8/gPPuNLRi7HRHwqyhOlpD+NwGYw3CIXQaNB6m2fXknmwQwNns
VbJy+2F/RDHRuoqqJROxBkbhIWfvc2gsaLDWje4Z55yRl7mODeo5Mqhjm6fWCwkn
VGdaSH7Qx/Qv6Qte0xpFPfzCeevk8jleB7V1wEspktAwRMOhNscCgldIPoXyUW1m
FPCgULOTQs7Ol9w/Dk3fFklWugGe24putvZ8OIBc4fpTk1O2x64xyJZCFob3vywl
xI4f96ZDQ9dy+PeMcab08KWv5/VpIaZTX1HV0JaPleYZGZ3BXoZx
-----END CERTIFICATE-----