Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/f2ec53-223b-4b3b-9d20-ceec5a739c72/1/AjvxEqBMDb1RszeU2KHX57XFBR4.roa
File:                     AjvxEqBMDb1RszeU2KHX57XFBR4.roa (raw, json)
Hash identifier:          2SKQ42yk6CMNYGHFFloN2VEeMp0spaMezeJijIs3El8=
Subject key identifier:   02:3B:F1:12:A0:4C:0D:BD:51:B3:37:94:D8:A1:D7:E7:B5:C5:05:1E
Certificate issuer:       /CN=d18a56d6a14e6763fc7733a8a5f9431db7568cb5
Certificate serial:       019425FD720D634D0764D496EAA5D26D699F
Authority key identifier: D1:8A:56:D6:A1:4E:67:63:FC:77:33:A8:A5:F9:43:1D:B7:56:8C:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0YpW1qFOZ2P8dzOopflDHbdWjLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/f2ec53-223b-4b3b-9d20-ceec5a739c72/1/AjvxEqBMDb1RszeU2KHX57XFBR4.roa
Signing time:             Thu 02 Jan 2025 07:49:14 +0000
ROA not before:           Thu 02 Jan 2025 07:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2852
IP address blocks:        147.228.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/f2ec53-223b-4b3b-9d20-ceec5a739c72/1/0YpW1qFOZ2P8dzOopflDHbdWjLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/f2ec53-223b-4b3b-9d20-ceec5a739c72/1/0YpW1qFOZ2P8dzOopflDHbdWjLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0YpW1qFOZ2P8dzOopflDHbdWjLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:72:0d:63:4d:07:64:d4:96:ea:a5:d2:6d:69:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d18a56d6a14e6763fc7733a8a5f9431db7568cb5
        Validity
            Not Before: Jan  2 07:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=023bf112a04c0dbd51b33794d8a1d7e7b5c5051e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e3:5f:c0:6c:01:e8:a4:06:35:f9:f2:58:6a:
                    2b:9c:76:75:06:47:23:d3:72:3e:23:80:85:79:3c:
                    74:17:6a:5b:f5:f3:d9:54:ad:86:10:1a:c1:a4:a5:
                    b7:62:b5:7b:ef:b6:2e:ac:78:0c:4c:fd:7b:32:8a:
                    86:f8:31:ca:ab:6a:a2:1a:da:f7:98:5f:41:07:11:
                    90:60:01:20:3c:87:a1:c8:ed:96:c1:be:b3:24:12:
                    2b:a1:dd:93:a2:22:85:b5:18:05:0a:bc:2d:9a:ff:
                    cc:40:6b:85:37:e8:7a:3d:99:0d:bd:ad:f2:58:03:
                    41:b5:e7:13:89:f2:bc:8e:f9:7f:97:33:bf:b2:79:
                    4a:97:c1:e9:6f:6e:c7:45:7c:84:01:c5:67:40:76:
                    4d:ce:1f:9b:10:ad:3f:7a:31:6a:ce:23:f8:5f:b5:
                    a9:ac:59:1b:a2:05:c5:cd:3b:d9:f3:85:b4:76:bc:
                    bc:58:12:c2:ba:2c:82:ea:b1:34:9b:93:a7:80:0f:
                    93:cf:a0:27:dd:88:a2:29:6c:b6:9b:c7:7e:d6:63:
                    a8:0f:d0:15:d1:7e:b4:2f:d5:62:59:a0:bc:ae:db:
                    f6:08:d3:4d:e0:8c:0f:f8:c9:3b:16:0e:9b:d2:eb:
                    aa:62:bf:fe:64:56:ed:6e:c6:43:e7:dd:dc:69:e1:
                    de:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:3B:F1:12:A0:4C:0D:BD:51:B3:37:94:D8:A1:D7:E7:B5:C5:05:1E
            X509v3 Authority Key Identifier:
                keyid:D1:8A:56:D6:A1:4E:67:63:FC:77:33:A8:A5:F9:43:1D:B7:56:8C:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0YpW1qFOZ2P8dzOopflDHbdWjLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/f2ec53-223b-4b3b-9d20-ceec5a739c72/1/AjvxEqBMDb1RszeU2KHX57XFBR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/f2ec53-223b-4b3b-9d20-ceec5a739c72/1/0YpW1qFOZ2P8dzOopflDHbdWjLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.228.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         27:10:4a:5d:3e:a6:73:14:a0:29:40:38:b3:b0:66:ed:0f:d2:
         ca:4a:bd:36:bd:3e:79:7f:63:d9:63:8c:7b:e4:6f:f4:3b:0b:
         5d:db:f1:5f:fb:9b:bc:e9:17:57:b0:ae:8f:66:a9:70:6f:6c:
         a7:3f:15:1f:ef:fb:29:36:d6:9c:44:90:28:00:c7:af:c4:0f:
         7e:be:83:65:29:1c:d7:06:fa:d3:81:64:98:4a:01:d5:59:e7:
         61:da:f2:f6:d3:14:b6:ac:9c:bf:8a:1e:75:3f:cc:07:83:ab:
         8e:54:bf:f1:75:ae:9d:e7:83:96:f1:fb:fb:06:69:a2:9a:a2:
         b6:c0:d4:57:80:72:52:46:47:88:b9:36:7f:42:dc:92:8d:df:
         53:6d:d7:cb:b8:e9:de:82:bb:71:0d:22:a3:b8:5d:d3:98:1d:
         50:40:50:69:25:3b:5c:fc:e3:1c:a8:21:72:27:6e:1a:dc:c2:
         a2:3c:06:48:75:4b:de:b5:cb:4a:62:7f:e5:1c:98:42:a7:b6:
         44:8c:cb:3d:78:90:52:30:6f:b6:5f:4c:d5:1d:8a:9e:a1:c4:
         6d:30:86:c7:1f:01:f1:b2:50:ba:59:6c:e1:e7:c3:ec:62:cb:
         63:55:83:9b:45:fa:97:c5:db:07:cc:ee:d2:55:c6:17:f8:51:
         1d:9a:29:46
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQl/XINY00HZNSW6qXSbWmfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxOGE1NmQ2YTE0ZTY3NjNmYzc3MzNhOGE1Zjk0MzFkYjc1
NjhjYjUwHhcNMjUwMTAyMDc0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjNiZjExMmEwNGMwZGJkNTFiMzM3OTRkOGExZDdlN2I1YzUwNTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+NfwGwB6KQGNfnyWGornHZ1Bkcj
03I+I4CFeTx0F2pb9fPZVK2GEBrBpKW3YrV777YurHgMTP17MoqG+DHKq2qiGtr3
mF9BBxGQYAEgPIehyO2Wwb6zJBIrod2ToiKFtRgFCrwtmv/MQGuFN+h6PZkNva3y
WANBtecTifK8jvl/lzO/snlKl8Hpb27HRXyEAcVnQHZNzh+bEK0/ejFqziP4X7Wp
rFkbogXFzTvZ84W0dry8WBLCuiyC6rE0m5OngA+Tz6An3YiiKWy2m8d+1mOoD9AV
0X60L9ViWaC8rtv2CNNN4IwP+Mk7Fg6b0uuqYr/+ZFbtbsZD593caeHe9wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFAI78RKgTA29UbM3lNih1+e1xQUeMB8GA1UdIwQY
MBaAFNGKVtahTmdj/HczqKX5Qx23Voy1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFlwVzFxRk9aMlA4ZHpPb3BmbERIYmRXakxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9mMmVjNTMtMjIzYi00YjNiLTlkMjAt
Y2VlYzVhNzM5YzcyLzEvQWp2eEVxQk1EYjFSc3plVTJLSFg1N1hGQlI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9mMmVjNTMtMjIzYi00YjNiLTlkMjAtY2VlYzVhNzM5Yzcy
LzEvMFlwVzFxRk9aMlA4ZHpPb3BmbERIYmRXakxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAk+QwDQYJ
KoZIhvcNAQELBQADggEBACcQSl0+pnMUoClAOLOwZu0P0spKvTa9Pnl/Y9ljjHvk
b/Q7C13b8V/7m7zpF1ewro9mqXBvbKc/FR/v+yk21pxEkCgAx6/ED36+g2UpHNcG
+tOBZJhKAdVZ52Ha8vbTFLasnL+KHnU/zAeDq45Uv/F1rp3ng5bx+/sGaaKaorbA
1FeAclJGR4i5Nn9C3JKN31Nt18u46d6Cu3ENIqO4XdOYHVBAUGklO1z84xyoIXIn
bhrcwqI8Bkh1S961y0pif+UcmEKntkSMyz14kFIwb7ZfTNUdip6hxG0whscfAfGy
ULpZbOHnw+xiy2NVg5tF+pfF2wfM7tJVxhf4UR2aKUY=
-----END CERTIFICATE-----