Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/243IV1WXDUNyw7rjuRN5vP7IoKY.roa
File:                     243IV1WXDUNyw7rjuRN5vP7IoKY.roa (raw, json)
Hash identifier:          0O92Hb85YHbJvLZRlVOgE6xTVbqzeKYfm5ftactSgfc=
Subject key identifier:   DB:8D:C8:57:55:97:0D:43:72:C3:BA:E3:B9:13:79:BC:FE:C8:A0:A6
Certificate issuer:       /CN=e5825fbee7c43a29838eabe4fc87d794349c0c80
Certificate serial:       01953D283EF3D2267CB12505A30EDA8C977B
Authority key identifier: E5:82:5F:BE:E7:C4:3A:29:83:8E:AB:E4:FC:87:D7:94:34:9C:0C:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YJfvufEOimDjqvk_IfXlDScDIA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/243IV1WXDUNyw7rjuRN5vP7IoKY.roa
Signing time:             Tue 25 Feb 2025 12:50:02 +0000
ROA not before:           Tue 25 Feb 2025 12:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29436
IP address blocks:        94.240.136.0/21 maxlen: 21
                          94.240.160.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/5YJfvufEOimDjqvk_IfXlDScDIA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/5YJfvufEOimDjqvk_IfXlDScDIA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YJfvufEOimDjqvk_IfXlDScDIA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3d:28:3e:f3:d2:26:7c:b1:25:05:a3:0e:da:8c:97:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5825fbee7c43a29838eabe4fc87d794349c0c80
        Validity
            Not Before: Feb 25 12:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db8dc85755970d4372c3bae3b91379bcfec8a0a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:81:04:e6:a2:b4:75:83:57:cf:e4:67:cb:a5:
                    0f:74:eb:71:8e:78:32:1b:b0:40:1a:73:d7:1c:09:
                    f6:28:68:d5:d7:0c:90:8c:6c:d0:55:dc:69:52:e8:
                    56:b6:92:43:58:2f:9d:c9:75:df:67:37:cc:66:cd:
                    cc:8d:e5:52:87:93:69:f6:f7:ca:6f:c6:30:c3:d4:
                    8b:fe:50:95:ce:54:f5:b0:38:af:a2:f3:fe:a5:07:
                    fd:be:78:2e:ab:be:03:df:d8:77:f7:f2:bd:37:7c:
                    c6:90:06:e4:7b:a2:4c:7a:12:03:f4:c1:2b:f2:fb:
                    0c:f9:0f:f1:36:e1:fd:db:39:92:42:11:bb:52:78:
                    ba:d1:12:e6:8c:15:b9:71:5f:d9:68:f1:b4:22:7a:
                    32:c5:88:f0:9a:8b:5d:39:e6:58:09:0e:20:2d:f7:
                    96:fc:d6:87:54:33:71:e8:45:ac:08:37:b4:ef:2a:
                    78:a5:46:8b:21:84:3a:3b:23:b6:b6:f5:b6:ab:26:
                    54:83:e1:52:c9:ac:3b:f5:9c:30:95:2a:9b:b8:83:
                    18:9a:b7:7b:9b:68:f7:48:d9:35:b0:9b:b9:2e:d0:
                    9b:87:3d:15:aa:e2:89:9c:9d:95:28:9c:4f:c1:af:
                    b6:cf:8d:2d:7b:e4:39:8a:15:64:53:e8:5a:dd:32:
                    c1:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:8D:C8:57:55:97:0D:43:72:C3:BA:E3:B9:13:79:BC:FE:C8:A0:A6
            X509v3 Authority Key Identifier:
                keyid:E5:82:5F:BE:E7:C4:3A:29:83:8E:AB:E4:FC:87:D7:94:34:9C:0C:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YJfvufEOimDjqvk_IfXlDScDIA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/243IV1WXDUNyw7rjuRN5vP7IoKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/5YJfvufEOimDjqvk_IfXlDScDIA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.240.136.0/21
                  94.240.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         41:78:6c:60:ce:b4:49:09:25:de:00:39:f7:d3:73:90:dd:23:
         48:5a:ca:da:30:6c:8f:ae:6d:bc:3b:94:db:2a:64:f3:af:3f:
         ba:ca:5f:af:c7:f0:65:89:34:30:9b:66:43:74:fb:30:a3:16:
         01:33:17:12:f6:b5:b4:a2:ac:90:47:e2:01:cb:91:08:08:32:
         9f:34:d1:aa:1a:94:8a:25:66:b3:f2:25:a8:b8:63:41:ea:97:
         70:fd:13:94:fd:64:82:51:a8:f1:8d:6e:76:99:04:a8:94:0c:
         ae:74:38:91:49:b2:00:62:fb:57:d5:6c:5c:96:51:76:bb:50:
         45:0d:3c:e1:0c:b3:5f:45:8b:4d:59:c7:82:5e:49:08:23:4f:
         13:e2:d2:90:c4:19:bf:5c:04:4b:f8:ed:bf:ca:63:0b:a5:c4:
         ca:ed:b0:16:e5:d1:10:b8:03:eb:b8:61:d2:bf:44:ee:1e:fc:
         fb:dd:30:bf:08:ec:86:a8:ee:49:25:49:f6:6b:df:55:41:98:
         1a:6a:ad:d2:2f:9e:ad:d5:93:db:c8:9c:13:86:c2:9a:2b:68:
         c2:6c:b4:0f:82:67:b3:7a:fb:23:a4:78:22:23:99:13:1e:fa:
         45:aa:33:dd:01:c7:a9:a5:d1:c9:e3:0e:18:81:48:32:40:da:
         ed:14:0d:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZU9KD7z0iZ8sSUFow7ajJd7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODI1ZmJlZTdjNDNhMjk4MzhlYWJlNGZjODdkNzk0MzQ5
YzBjODAwHhcNMjUwMjI1MTI1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjhkYzg1NzU1OTcwZDQzNzJjM2JhZTNiOTEzNzliY2ZlYzhhMGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroEE5qK0dYNXz+Rny6UPdOtxjngy
G7BAGnPXHAn2KGjV1wyQjGzQVdxpUuhWtpJDWC+dyXXfZzfMZs3MjeVSh5Np9vfK
b8Yww9SL/lCVzlT1sDivovP+pQf9vnguq74D39h39/K9N3zGkAbke6JMehID9MEr
8vsM+Q/xNuH92zmSQhG7Uni60RLmjBW5cV/ZaPG0InoyxYjwmotdOeZYCQ4gLfeW
/NaHVDNx6EWsCDe07yp4pUaLIYQ6OyO2tvW2qyZUg+FSyaw79ZwwlSqbuIMYmrd7
m2j3SNk1sJu5LtCbhz0VquKJnJ2VKJxPwa+2z40te+Q5ihVkU+ha3TLBMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNuNyFdVlw1DcsO647kTebz+yKCmMB8GA1UdIwQY
MBaAFOWCX77nxDopg46r5PyH15Q0nAyAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlKZnZ1ZkVPaW1EanF2a19JZlhsRFNjRElBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS83NThjOTYtNjExZC00MTY3LTgwY2Qt
MDQxYWIzMDJjMmY5LzEvMjQzSVYxV1hEVU55dzdyanVSTjV2UDdJb0tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS83NThjOTYtNjExZC00MTY3LTgwY2QtMDQxYWIzMDJjMmY5
LzEvNVlKZnZ1ZkVPaW1EanF2a19JZlhsRFNjRElBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDXvCIAwQF
XvCgMA0GCSqGSIb3DQEBCwUAA4IBAQBBeGxgzrRJCSXeADn303OQ3SNIWsraMGyP
rm28O5TbKmTzrz+6yl+vx/BliTQwm2ZDdPswoxYBMxcS9rW0oqyQR+IBy5EICDKf
NNGqGpSKJWaz8iWouGNB6pdw/ROU/WSCUajxjW52mQSolAyudDiRSbIAYvtX1Wxc
llF2u1BFDTzhDLNfRYtNWceCXkkII08T4tKQxBm/XARL+O2/ymMLpcTK7bAW5dEQ
uAPruGHSv0TuHvz73TC/COyGqO5JJUn2a99VQZgaaq3SL56t1ZPbyJwThsKaK2jC
bLQPgmezevsjpHgiI5kTHvpFqjPdAceppdHJ4w4YgUgyQNrtFA1n
-----END CERTIFICATE-----