Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/AilefJlvShXLkY-nKNI04kMzXu0.roa
File:                     AilefJlvShXLkY-nKNI04kMzXu0.roa (raw, json)
Hash identifier:          P/gw55cXoOfEcWl12zjpR5/RgHEgak+vAJQaqUi6SE0=
Subject key identifier:   02:29:5E:7C:99:6F:4A:15:CB:91:8F:A7:28:D2:34:E2:43:33:5E:ED
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019422200D2BC1ED3CB1F7293BF0DB697259
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/AilefJlvShXLkY-nKNI04kMzXu0.roa
Signing time:             Wed 01 Jan 2025 13:48:33 +0000
ROA not before:           Wed 01 Jan 2025 13:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19437
IP address blocks:        14.102.235.0/24 maxlen: 24
                          103.47.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:0d:2b:c1:ed:3c:b1:f7:29:3b:f0:db:69:72:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan  1 13:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02295e7c996f4a15cb918fa728d234e243335eed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:d6:a5:ac:20:d6:4a:2b:8d:b6:ca:bf:42:90:
                    70:1a:2a:29:3c:2a:8b:23:5e:11:00:11:a4:97:da:
                    d1:3c:20:a5:45:40:7b:02:a7:a4:2d:6d:2b:6b:ac:
                    f7:58:cf:70:2d:40:e6:f0:7e:bb:fd:37:06:e0:89:
                    37:bd:d2:66:37:e8:52:6e:4d:d3:44:d8:c5:7d:2c:
                    17:60:d2:54:58:0b:07:c4:86:5b:f8:b5:03:d9:14:
                    a4:80:61:e6:59:5f:a3:70:94:e8:8f:6e:ca:3a:6b:
                    ef:a7:5e:ed:a2:93:36:a4:53:0a:b2:ea:9b:2a:b7:
                    85:a8:8d:57:3c:02:41:69:c0:69:64:9e:c3:a6:ad:
                    ee:bf:ea:ec:a9:ca:49:07:f1:03:6f:55:30:10:de:
                    fc:d3:77:99:83:d8:04:55:4e:8f:35:b8:93:17:e3:
                    7b:b5:a8:56:3b:04:4e:2b:af:01:52:1c:36:e3:0f:
                    fb:ba:ce:23:67:4a:95:ba:c5:fa:db:fc:83:af:f3:
                    e3:cd:1b:bb:c9:79:95:01:26:a0:31:a9:60:c4:bd:
                    1d:f5:71:3f:93:87:7e:57:c6:63:26:2c:77:9b:c7:
                    95:56:31:b9:92:76:7f:4c:1e:76:39:b9:bc:33:04:
                    b0:0e:b5:38:12:59:ef:e5:84:b9:d2:9d:e5:57:76:
                    8d:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:29:5E:7C:99:6F:4A:15:CB:91:8F:A7:28:D2:34:E2:43:33:5E:ED
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/AilefJlvShXLkY-nKNI04kMzXu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.235.0/24
                  103.47.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:66:6b:e1:0b:77:9d:e9:69:1e:46:7b:c4:c5:c3:78:ba:c7:
         ab:69:ce:3d:a1:2d:21:0c:75:8b:b6:62:50:ca:21:fc:fb:97:
         b4:a9:bc:84:d5:22:e5:c9:6b:27:2a:99:57:fe:50:89:64:84:
         08:93:36:e2:02:4c:ab:57:de:6a:c5:42:c0:3f:97:96:a4:25:
         6e:6a:b7:6f:84:95:03:46:76:47:d3:c2:7a:75:ad:2e:77:cc:
         03:7c:08:2d:bb:0d:67:89:5a:b1:83:12:f4:ef:c9:f0:62:fc:
         0f:67:e6:ff:d9:99:cf:8b:07:f1:b1:94:2d:09:72:01:a5:f7:
         eb:e8:95:fe:71:09:81:82:61:44:55:bb:f9:90:ee:e5:ff:c4:
         b7:3a:fc:da:e0:f1:c7:61:55:e9:40:f8:84:bb:d4:0e:41:c4:
         53:8a:46:04:cc:25:81:d2:d3:f8:06:ad:41:1b:e2:66:18:94:
         c9:34:b0:75:c2:f2:92:20:26:9c:23:e0:b8:56:71:a6:f2:62:
         b0:5c:d9:4f:1d:29:d9:5f:d8:5a:52:60:f4:d3:79:37:82:53:
         c4:2e:ec:74:54:03:62:3a:94:a1:40:25:90:fb:2d:00:df:d0:
         96:26:69:2f:74:24:2e:0d:ab:69:0b:bc:44:6f:60:62:0d:7b:
         be:82:22:ab
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIA0rwe08sfcpO/DbaXJZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwMTAxMTM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjI5NWU3Yzk5NmY0YTE1Y2I5MThmYTcyOGQyMzRlMjQzMzM1ZWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09alrCDWSiuNtsq/QpBwGiopPCqL
I14RABGkl9rRPCClRUB7AqekLW0ra6z3WM9wLUDm8H67/TcG4Ik3vdJmN+hSbk3T
RNjFfSwXYNJUWAsHxIZb+LUD2RSkgGHmWV+jcJToj27KOmvvp17topM2pFMKsuqb
KreFqI1XPAJBacBpZJ7Dpq3uv+rsqcpJB/EDb1UwEN7803eZg9gEVU6PNbiTF+N7
tahWOwROK68BUhw24w/7us4jZ0qVusX62/yDr/PjzRu7yXmVASagMalgxL0d9XE/
k4d+V8ZjJix3m8eVVjG5knZ/TB52Obm8MwSwDrU4Elnv5YS50p3lV3aNvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAIpXnyZb0oVy5GPpyjSNOJDM17tMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvQWlsZWZKbHZTaFhMa1ktbktOSTA0a016WHUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQADmbrAwQA
Zy86MA0GCSqGSIb3DQEBCwUAA4IBAQBaZmvhC3ed6WkeRnvExcN4userac49oS0h
DHWLtmJQyiH8+5e0qbyE1SLlyWsnKplX/lCJZIQIkzbiAkyrV95qxULAP5eWpCVu
ardvhJUDRnZH08J6da0ud8wDfAgtuw1niVqxgxL078nwYvwPZ+b/2ZnPiwfxsZQt
CXIBpffr6JX+cQmBgmFEVbv5kO7l/8S3Ovza4PHHYVXpQPiEu9QOQcRTikYEzCWB
0tP4Bq1BG+JmGJTJNLB1wvKSICacI+C4VnGm8mKwXNlPHSnZX9haUmD003k3glPE
Lux0VANiOpShQCWQ+y0A39CWJmkvdCQuDatpC7xEb2BiDXu+giKr
-----END CERTIFICATE-----