Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/ef3e43-7bf7-404f-a9a3-b3e9255d2b3e/1/AOSq8jvRD_WKVZyPJu4LaHoHpzE.roa
File:                     AOSq8jvRD_WKVZyPJu4LaHoHpzE.roa (raw, json)
Hash identifier:          n60VWQlqDY23/ZNqDJ0OTIszqL0LQ9YP9uU56T6Wofs=
Subject key identifier:   00:E4:AA:F2:3B:D1:0F:F5:8A:55:9C:8F:26:EE:0B:68:7A:07:A7:31
Certificate issuer:       /CN=b8d5b3d379d21162e2b522c43801fb9603988245
Certificate serial:       01942067C93E6B3BA8A9B2C03F1ECFE4C07C
Authority key identifier: B8:D5:B3:D3:79:D2:11:62:E2:B5:22:C4:38:01:FB:96:03:98:82:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uNWz03nSEWLitSLEOAH7lgOYgkU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/ef3e43-7bf7-404f-a9a3-b3e9255d2b3e/1/AOSq8jvRD_WKVZyPJu4LaHoHpzE.roa
Signing time:             Wed 01 Jan 2025 05:47:40 +0000
ROA not before:           Wed 01 Jan 2025 05:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.243.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/ef3e43-7bf7-404f-a9a3-b3e9255d2b3e/1/uNWz03nSEWLitSLEOAH7lgOYgkU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/ef3e43-7bf7-404f-a9a3-b3e9255d2b3e/1/uNWz03nSEWLitSLEOAH7lgOYgkU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uNWz03nSEWLitSLEOAH7lgOYgkU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:c9:3e:6b:3b:a8:a9:b2:c0:3f:1e:cf:e4:c0:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8d5b3d379d21162e2b522c43801fb9603988245
        Validity
            Not Before: Jan  1 05:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00e4aaf23bd10ff58a559c8f26ee0b687a07a731
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:00:23:d1:57:8e:bc:52:60:ed:7f:68:7d:a0:
                    36:5b:b7:ae:7e:5b:84:6b:f3:a3:74:5a:ad:10:d6:
                    52:6b:cb:a9:42:85:5b:60:cb:25:53:57:63:05:91:
                    e1:f5:83:a2:0a:7c:57:25:63:08:3d:f2:c8:ba:b9:
                    d2:42:c7:77:30:ee:c8:5a:5d:51:59:52:c7:74:2f:
                    c0:7d:eb:e0:c6:e3:74:92:cc:c9:65:23:5d:7e:31:
                    d8:a8:d0:15:fd:a4:b3:de:6e:2c:f5:b4:09:3e:f2:
                    80:0c:c5:62:84:67:1c:e5:20:2d:a7:ae:2f:ec:c0:
                    07:37:1b:5a:68:36:96:a5:1a:6c:0d:6c:26:8a:87:
                    0b:2d:74:58:0c:c4:e5:bc:66:f8:ca:22:39:3d:c6:
                    0e:d3:77:7c:ab:b5:d8:0b:a1:eb:b6:a5:43:14:c8:
                    34:0a:06:eb:26:fb:c7:aa:b3:e0:ea:77:ab:4a:d2:
                    44:db:01:77:52:f6:7c:d6:1c:5f:ac:f1:05:cf:8d:
                    87:f1:d0:44:96:4b:73:76:19:1e:05:2c:59:51:0a:
                    2f:42:15:8a:3d:4f:47:39:20:62:8e:94:6d:eb:04:
                    35:29:56:60:52:34:61:1b:f3:60:55:8f:ff:9d:99:
                    21:29:af:f9:4a:95:a5:7e:fa:07:02:13:25:86:e9:
                    cf:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:E4:AA:F2:3B:D1:0F:F5:8A:55:9C:8F:26:EE:0B:68:7A:07:A7:31
            X509v3 Authority Key Identifier:
                keyid:B8:D5:B3:D3:79:D2:11:62:E2:B5:22:C4:38:01:FB:96:03:98:82:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uNWz03nSEWLitSLEOAH7lgOYgkU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/ef3e43-7bf7-404f-a9a3-b3e9255d2b3e/1/AOSq8jvRD_WKVZyPJu4LaHoHpzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/ef3e43-7bf7-404f-a9a3-b3e9255d2b3e/1/uNWz03nSEWLitSLEOAH7lgOYgkU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:ce:d9:00:c4:dd:61:6d:07:6a:7a:6f:95:b1:61:eb:07:23:
         0f:37:57:d5:87:a4:01:8f:6c:ad:c0:99:f6:87:e2:bf:64:a7:
         73:bd:da:0c:b3:8f:85:29:0a:07:ba:81:b1:de:49:7b:9a:11:
         a6:84:fc:7f:20:6d:9c:36:4f:9c:4a:89:fa:f4:c2:0b:35:9f:
         ec:1c:62:f4:b1:d7:0b:76:87:4c:7b:b4:50:7a:d9:22:db:d0:
         d6:d1:e4:4c:a2:f2:a6:b4:1a:cc:e4:06:29:90:34:67:f7:6a:
         5e:c3:e4:04:4e:f7:4a:89:4b:e7:a9:bc:b6:65:be:9f:57:2c:
         14:bf:20:64:84:81:7a:9c:9b:f6:f7:bc:0c:4b:36:5e:1b:a1:
         fe:7b:be:63:05:a6:86:b9:1a:3f:a8:78:f4:0f:51:ed:a7:13:
         59:ba:ba:ae:8b:a6:5b:e4:3f:d9:3e:65:8b:2a:f5:d4:c4:df:
         d6:4a:96:54:18:e5:a5:aa:28:0b:bb:1f:b2:fb:96:52:08:c5:
         61:3f:49:0e:58:07:34:8a:66:20:56:16:7c:57:b3:9a:70:26:
         be:e2:4f:83:b1:6b:31:63:98:1f:03:48:b0:5b:4f:b9:73:60:
         2b:d0:56:7a:69:02:2d:fd:e8:50:1a:a6:4a:9a:e6:1a:50:a7:
         c6:0a:67:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ8k+azuoqbLAPx7P5MB8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZDViM2QzNzlkMjExNjJlMmI1MjJjNDM4MDFmYjk2MDM5
ODgyNDUwHhcNMjUwMTAxMDU0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGU0YWFmMjNiZDEwZmY1OGE1NTljOGYyNmVlMGI2ODdhMDdhNzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2AAj0VeOvFJg7X9ofaA2W7eufluE
a/OjdFqtENZSa8upQoVbYMslU1djBZHh9YOiCnxXJWMIPfLIurnSQsd3MO7IWl1R
WVLHdC/AfevgxuN0kszJZSNdfjHYqNAV/aSz3m4s9bQJPvKADMVihGcc5SAtp64v
7MAHNxtaaDaWpRpsDWwmiocLLXRYDMTlvGb4yiI5PcYO03d8q7XYC6HrtqVDFMg0
CgbrJvvHqrPg6nerStJE2wF3UvZ81hxfrPEFz42H8dBElktzdhkeBSxZUQovQhWK
PU9HOSBijpRt6wQ1KVZgUjRhG/NgVY//nZkhKa/5SpWlfvoHAhMlhunPLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADkqvI70Q/1ilWcjybuC2h6B6cxMB8GA1UdIwQY
MBaAFLjVs9N50hFi4rUixDgB+5YDmIJFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU5XejAzblNFV0xpdFNMRU9BSDdsZ09ZZ2tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9lZjNlNDMtN2JmNy00MDRmLWE5YTMt
YjNlOTI1NWQyYjNlLzEvQU9TcThqdlJEX1dLVlp5UEp1NExhSG9IcHpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9lZjNlNDMtN2JmNy00MDRmLWE5YTMtYjNlOTI1NWQyYjNl
LzEvdU5XejAzblNFV0xpdFNMRU9BSDdsZ09ZZ2tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufOAMA0G
CSqGSIb3DQEBCwUAA4IBAQCwztkAxN1hbQdqem+VsWHrByMPN1fVh6QBj2ytwJn2
h+K/ZKdzvdoMs4+FKQoHuoGx3kl7mhGmhPx/IG2cNk+cSon69MILNZ/sHGL0sdcL
dodMe7RQetki29DW0eRMovKmtBrM5AYpkDRn92pew+QETvdKiUvnqby2Zb6fVywU
vyBkhIF6nJv297wMSzZeG6H+e75jBaaGuRo/qHj0D1HtpxNZurqui6Zb5D/ZPmWL
KvXUxN/WSpZUGOWlqigLux+y+5ZSCMVhP0kOWAc0imYgVhZ8V7OacCa+4k+DsWsx
Y5gfA0iwW0+5c2Ar0FZ6aQIt/ehQGqZKmuYaUKfGCmdE
-----END CERTIFICATE-----