Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/e-v0jP0Yr1s-j_LETXIOOzdyLGk.roa
File:                     e-v0jP0Yr1s-j_LETXIOOzdyLGk.roa (raw, json)
Hash identifier:          xcWMYa3OgNb5AY/zol6hl7sqGF74VxIwNPjPwmEIM7U=
Subject key identifier:   7B:EB:F4:8C:FD:18:AF:5B:3E:8F:F2:C4:4D:72:0E:3B:37:72:2C:69
Certificate issuer:       /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial:       019424448EE1E3087765C394B5167B58037E
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/e-v0jP0Yr1s-j_LETXIOOzdyLGk.roa
Signing time:             Wed 01 Jan 2025 23:47:40 +0000
ROA not before:           Wed 01 Jan 2025 23:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199238
IP address blocks:        94.240.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:8e:e1:e3:08:77:65:c3:94:b5:16:7b:58:03:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
        Validity
            Not Before: Jan  1 23:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7bebf48cfd18af5b3e8ff2c44d720e3b37722c69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:ce:1f:a9:d5:09:72:2c:91:53:bf:5f:39:84:
                    85:a1:30:5f:61:0b:e5:b6:77:c2:a0:c6:93:ae:44:
                    78:94:93:cd:92:da:49:23:a4:12:67:35:d0:92:c4:
                    20:40:9a:a6:1e:40:9d:c2:ff:76:16:79:3c:f7:c6:
                    a5:c3:b4:4b:fe:4f:d2:c3:f1:cc:0f:02:e7:86:e6:
                    67:27:1d:58:8f:26:1e:01:ef:69:39:35:18:d5:8b:
                    27:a4:55:d4:a3:97:3d:91:c0:89:70:b3:62:d6:e2:
                    c0:e5:33:48:f6:9d:d8:40:af:ac:84:0a:d0:0b:53:
                    ed:3d:fb:d7:4d:89:00:85:87:39:3f:93:9c:ec:52:
                    f5:f6:ab:28:37:fc:21:33:e3:44:bb:f0:23:4a:cb:
                    d6:c5:77:67:62:d8:7e:07:4a:ec:98:6c:c1:72:71:
                    a6:82:2c:ac:b5:4f:c5:7f:06:be:df:6b:6e:ec:78:
                    ba:b1:eb:ef:3f:ce:d6:65:a3:eb:e3:34:11:c9:0f:
                    a7:a1:e8:04:c7:69:1c:2b:98:12:eb:45:1c:b5:c8:
                    2f:85:99:96:db:7d:81:4c:5c:26:ef:d5:9a:9d:1e:
                    f1:57:d4:8e:48:63:fa:50:61:bb:e5:ad:47:d3:fa:
                    d6:43:29:27:aa:ae:ee:e9:48:7d:f0:6c:e6:0f:ef:
                    ca:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:EB:F4:8C:FD:18:AF:5B:3E:8F:F2:C4:4D:72:0E:3B:37:72:2C:69
            X509v3 Authority Key Identifier:
                keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/e-v0jP0Yr1s-j_LETXIOOzdyLGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.240.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:32:a5:b6:b7:43:14:4c:84:83:42:42:e7:1f:f2:64:b0:5f:
         5b:d7:bd:4e:d9:ca:28:aa:cf:21:e9:82:52:23:fd:60:01:8f:
         e4:fa:88:51:76:26:a7:79:2d:fd:82:46:e7:1d:53:b3:85:5f:
         31:10:ef:79:3d:bb:50:bc:6c:76:6f:82:51:3b:91:7e:72:ce:
         e6:e9:87:7b:56:78:48:aa:69:e3:7e:2a:b9:ce:53:5b:fb:c2:
         0e:9c:4a:02:d9:85:ae:64:ee:25:14:b4:06:4c:93:d0:9f:7c:
         f0:f0:f3:fe:3f:64:e2:34:98:b8:2a:e1:26:b8:12:c6:b2:a6:
         c7:48:fa:a9:93:56:af:0b:2d:49:d3:b3:15:cc:52:72:26:f2:
         9c:19:d0:cd:64:5b:f0:dc:f4:fb:30:de:ea:ac:31:3a:09:b2:
         e9:35:71:4a:22:30:c8:7b:92:00:e5:4d:6d:7b:89:c4:25:ad:
         7c:6d:12:36:84:04:2d:ef:02:33:a5:6a:11:ac:da:d5:9c:9c:
         ba:fa:fe:c5:fa:01:f1:f4:4d:bb:db:5c:b7:48:37:d7:1e:ef:
         6b:56:cf:ad:1f:a3:2b:b7:71:f2:84:2a:31:bc:ca:7f:46:2f:
         99:73:65:6e:c9:bb:ad:2f:44:d6:6e:4b:dd:d6:dd:ad:0a:af:
         9a:a8:e5:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRI7h4wh3ZcOUtRZ7WAN+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjUwMTAxMjM0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmViZjQ4Y2ZkMThhZjViM2U4ZmYyYzQ0ZDcyMGUzYjM3NzIyYzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7s4fqdUJciyRU79fOYSFoTBfYQvl
tnfCoMaTrkR4lJPNktpJI6QSZzXQksQgQJqmHkCdwv92Fnk898alw7RL/k/Sw/HM
DwLnhuZnJx1YjyYeAe9pOTUY1YsnpFXUo5c9kcCJcLNi1uLA5TNI9p3YQK+shArQ
C1PtPfvXTYkAhYc5P5Oc7FL19qsoN/whM+NEu/AjSsvWxXdnYth+B0rsmGzBcnGm
giystU/Ffwa+32tu7Hi6sevvP87WZaPr4zQRyQ+noegEx2kcK5gS60UctcgvhZmW
232BTFwm79WanR7xV9SOSGP6UGG75a1H0/rWQyknqq7u6Uh98GzmD+/KsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHvr9Iz9GK9bPo/yxE1yDjs3cixpMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvZS12MGpQMFlyMXMtal9MRVRYSU9PemR5TEdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvAWMA0G
CSqGSIb3DQEBCwUAA4IBAQBLMqW2t0MUTISDQkLnH/JksF9b171O2cooqs8h6YJS
I/1gAY/k+ohRdianeS39gkbnHVOzhV8xEO95PbtQvGx2b4JRO5F+cs7m6Yd7VnhI
qmnjfiq5zlNb+8IOnEoC2YWuZO4lFLQGTJPQn3zw8PP+P2TiNJi4KuEmuBLGsqbH
SPqpk1avCy1J07MVzFJyJvKcGdDNZFvw3PT7MN7qrDE6CbLpNXFKIjDIe5IA5U1t
e4nEJa18bRI2hAQt7wIzpWoRrNrVnJy6+v7F+gHx9E2721y3SDfXHu9rVs+tH6Mr
t3HyhCoxvMp/Ri+Zc2VuybutL0TWbkvd1t2tCq+aqOUx
-----END CERTIFICATE-----