Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/368df0-5c41-49d3-a9a9-c45903c3b329/1/LsWSdAS1TXKersyl9EL18bbqBfM.roa
File:                     LsWSdAS1TXKersyl9EL18bbqBfM.roa (raw, json)
Hash identifier:          YbeY8cd/gw+TzClLCzR2l5xbj5HoKVEuVLP8CS1pIGI=
Subject key identifier:   2E:C5:92:74:04:B5:4D:72:9E:AE:CC:A5:F4:42:F5:F1:B6:EA:05:F3
Certificate issuer:       /CN=e9d2721f2e2bd011b8a6860ad2572c405c0b540f
Certificate serial:       01941FFA0C7324A443907176050BFA12E82A
Authority key identifier: E9:D2:72:1F:2E:2B:D0:11:B8:A6:86:0A:D2:57:2C:40:5C:0B:54:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6dJyHy4r0BG4poYK0lcsQFwLVA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/368df0-5c41-49d3-a9a9-c45903c3b329/1/LsWSdAS1TXKersyl9EL18bbqBfM.roa
Signing time:             Wed 01 Jan 2025 03:47:48 +0000
ROA not before:           Wed 01 Jan 2025 03:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.43.192.0/24 maxlen: 24
                          185.43.193.0/24 maxlen: 24
                          185.43.194.0/24 maxlen: 24
                          185.43.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/368df0-5c41-49d3-a9a9-c45903c3b329/1/6dJyHy4r0BG4poYK0lcsQFwLVA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/368df0-5c41-49d3-a9a9-c45903c3b329/1/6dJyHy4r0BG4poYK0lcsQFwLVA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6dJyHy4r0BG4poYK0lcsQFwLVA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:0c:73:24:a4:43:90:71:76:05:0b:fa:12:e8:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9d2721f2e2bd011b8a6860ad2572c405c0b540f
        Validity
            Not Before: Jan  1 03:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ec5927404b54d729eaecca5f442f5f1b6ea05f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:a6:81:b0:c7:60:e6:46:de:72:7c:eb:ad:52:
                    b5:18:d9:55:d8:c9:46:fa:46:13:39:8a:b0:ba:2f:
                    5e:39:f3:4b:7b:8f:62:b0:60:e7:80:2e:1d:b8:76:
                    05:aa:61:48:3c:41:2e:50:1e:78:41:0e:bf:5f:03:
                    8d:46:59:d2:87:4f:12:86:65:79:c0:6b:e9:36:37:
                    5c:de:d1:c4:1b:d5:73:dc:e8:f5:a3:1f:d8:3b:4e:
                    06:cf:1b:8e:b5:9c:f8:b4:54:9d:b7:0c:5b:bd:4b:
                    87:1c:57:f3:8b:4e:c6:55:d1:8e:4f:27:90:5c:fb:
                    d3:16:7c:ec:db:3e:f4:ec:e1:91:6c:12:f2:73:99:
                    68:16:cc:58:e1:e8:85:4a:09:35:41:cc:8b:98:20:
                    86:05:b3:01:24:5b:8a:4c:8f:6c:c7:ea:96:6d:5b:
                    ed:2c:a0:07:96:f7:a0:c0:6d:60:56:01:1c:61:9a:
                    8c:d0:0a:bd:a5:c8:59:75:37:1c:92:57:94:2c:70:
                    2f:fe:12:b7:09:59:13:e9:2a:2a:50:1b:b2:b9:f0:
                    d2:dd:4b:fb:29:f9:c0:2f:db:75:bc:43:4e:4f:50:
                    d7:00:0d:1c:d3:ab:dc:1d:17:95:8f:8b:56:14:7a:
                    0b:09:05:66:06:36:40:b2:d5:e3:b3:8c:11:6c:8a:
                    87:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:C5:92:74:04:B5:4D:72:9E:AE:CC:A5:F4:42:F5:F1:B6:EA:05:F3
            X509v3 Authority Key Identifier:
                keyid:E9:D2:72:1F:2E:2B:D0:11:B8:A6:86:0A:D2:57:2C:40:5C:0B:54:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6dJyHy4r0BG4poYK0lcsQFwLVA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/368df0-5c41-49d3-a9a9-c45903c3b329/1/LsWSdAS1TXKersyl9EL18bbqBfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/368df0-5c41-49d3-a9a9-c45903c3b329/1/6dJyHy4r0BG4poYK0lcsQFwLVA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:7e:b2:63:8c:0b:07:d8:fe:02:b3:07:07:70:df:74:0e:80:
         50:12:b9:84:6a:c7:70:94:1d:97:e5:0a:c5:12:6a:f7:0e:ea:
         03:a2:c2:41:32:15:28:8b:ef:50:fa:09:8b:0a:fe:17:cc:b9:
         84:9c:a1:53:82:97:18:80:a4:8d:60:8a:37:ba:3d:48:7c:c5:
         c2:57:aa:88:58:2b:31:ce:de:1b:f1:04:11:43:ce:32:a7:29:
         12:1f:22:c8:93:e7:8a:bb:d1:5b:2d:3f:80:07:60:3b:b9:1b:
         07:24:7d:2c:b8:13:69:26:b5:58:12:e6:8e:1c:7c:ad:30:00:
         97:ed:96:47:2b:b0:cc:31:90:64:7d:ef:a1:2c:bd:79:46:48:
         73:5b:4f:14:9c:86:21:1b:4b:7f:6e:15:b9:f9:0a:26:56:11:
         b0:7e:55:67:bb:db:63:55:b6:50:14:40:b0:e8:f7:07:be:6e:
         50:5e:75:70:c0:0c:e1:e4:99:10:59:72:2f:ed:52:ad:ea:2d:
         27:4a:58:54:77:8e:70:40:10:21:3c:71:31:4d:16:81:38:ff:
         4b:b2:d0:99:da:1c:85:6f:50:8f:f5:5c:60:ca:24:51:68:a3:
         36:d5:6e:38:25:05:5e:17:c6:bb:78:5e:88:d0:ff:ca:07:81:
         d3:75:fc:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+gxzJKRDkHF2BQv6EugqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5ZDI3MjFmMmUyYmQwMTFiOGE2ODYwYWQyNTcyYzQwNWMw
YjU0MGYwHhcNMjUwMTAxMDM0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWM1OTI3NDA0YjU0ZDcyOWVhZWNjYTVmNDQyZjVmMWI2ZWEwNWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16aBsMdg5kbecnzrrVK1GNlV2MlG
+kYTOYqwui9eOfNLe49isGDngC4duHYFqmFIPEEuUB54QQ6/XwONRlnSh08ShmV5
wGvpNjdc3tHEG9Vz3Oj1ox/YO04GzxuOtZz4tFSdtwxbvUuHHFfzi07GVdGOTyeQ
XPvTFnzs2z707OGRbBLyc5loFsxY4eiFSgk1QcyLmCCGBbMBJFuKTI9sx+qWbVvt
LKAHlvegwG1gVgEcYZqM0Aq9pchZdTcckleULHAv/hK3CVkT6SoqUBuyufDS3Uv7
KfnAL9t1vENOT1DXAA0c06vcHReVj4tWFHoLCQVmBjZAstXjs4wRbIqH1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7FknQEtU1ynq7MpfRC9fG26gXzMB8GA1UdIwQY
MBaAFOnSch8uK9ARuKaGCtJXLEBcC1QPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmRKeUh5NHIwQkc0cG9ZSzBsY3NRRndMVkE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8zNjhkZjAtNWM0MS00OWQzLWE5YTkt
YzQ1OTAzYzNiMzI5LzEvTHNXU2RBUzFUWEtlcnN5bDlFTDE4YmJxQmZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8zNjhkZjAtNWM0MS00OWQzLWE5YTktYzQ1OTAzYzNiMzI5
LzEvNmRKeUh5NHIwQkc0cG9ZSzBsY3NRRndMVkE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSvAMA0G
CSqGSIb3DQEBCwUAA4IBAQBffrJjjAsH2P4CswcHcN90DoBQErmEasdwlB2X5QrF
Emr3DuoDosJBMhUoi+9Q+gmLCv4XzLmEnKFTgpcYgKSNYIo3uj1IfMXCV6qIWCsx
zt4b8QQRQ84ypykSHyLIk+eKu9FbLT+AB2A7uRsHJH0suBNpJrVYEuaOHHytMACX
7ZZHK7DMMZBkfe+hLL15RkhzW08UnIYhG0t/bhW5+QomVhGwflVnu9tjVbZQFECw
6PcHvm5QXnVwwAzh5JkQWXIv7VKt6i0nSlhUd45wQBAhPHExTRaBOP9LstCZ2hyF
b1CP9VxgyiRRaKM21W44JQVeF8a7eF6I0P/KB4HTdfxH
-----END CERTIFICATE-----