Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/115c44-bc4a-4e24-bf38-8c72609f2f02/1/2E-i-XVwWZd-hZzL5RDcxHIUK_w.roa
File:                     2E-i-XVwWZd-hZzL5RDcxHIUK_w.roa (raw, json)
Hash identifier:          kmE7612P7PDRz8jZU91zzdg87lpJGT1okogHYfmxmWk=
Subject key identifier:   D8:4F:A2:F9:75:70:59:97:7E:85:9C:CB:E5:10:DC:C4:72:14:2B:FC
Certificate issuer:       /CN=47ea61d7cc2c278a7c4bcfbc2137b394a22654ad
Certificate serial:       0194244596BE54C6F4FA21C77A27779EC969
Authority key identifier: 47:EA:61:D7:CC:2C:27:8A:7C:4B:CF:BC:21:37:B3:94:A2:26:54:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R-ph18wsJ4p8S8-8ITezlKImVK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/115c44-bc4a-4e24-bf38-8c72609f2f02/1/2E-i-XVwWZd-hZzL5RDcxHIUK_w.roa
Signing time:             Wed 01 Jan 2025 23:48:47 +0000
ROA not before:           Wed 01 Jan 2025 23:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42640
IP address blocks:        195.248.228.0/24 maxlen: 24
                          195.248.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/115c44-bc4a-4e24-bf38-8c72609f2f02/1/R-ph18wsJ4p8S8-8ITezlKImVK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/115c44-bc4a-4e24-bf38-8c72609f2f02/1/R-ph18wsJ4p8S8-8ITezlKImVK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R-ph18wsJ4p8S8-8ITezlKImVK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 11:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:96:be:54:c6:f4:fa:21:c7:7a:27:77:9e:c9:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47ea61d7cc2c278a7c4bcfbc2137b394a22654ad
        Validity
            Not Before: Jan  1 23:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d84fa2f9757059977e859ccbe510dcc472142bfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:b5:b0:2a:b4:2c:bd:f4:2b:97:d9:9e:5d:7c:
                    12:8a:8e:c8:da:ac:1c:35:5b:55:de:cb:63:4e:c4:
                    ba:0f:2a:96:8c:8e:7b:2f:a8:0d:d5:c4:43:38:8f:
                    88:28:c4:cd:ac:22:8e:9b:2d:b3:df:0a:dc:19:79:
                    f4:87:cc:cb:78:ac:8b:3d:51:56:51:21:64:65:b5:
                    4c:1d:34:da:2e:e6:e5:22:87:35:b3:dc:5f:2d:dc:
                    57:8b:6f:43:c0:53:e6:9b:7f:c7:a1:12:64:74:4d:
                    b6:08:86:94:45:cd:5c:95:68:d8:8e:13:e3:12:85:
                    4e:15:a6:d7:1f:d7:fc:df:80:69:8e:37:9f:0d:25:
                    9d:40:bf:39:d4:ff:58:73:b0:30:3f:71:8c:00:96:
                    19:53:88:9c:71:80:f2:1e:bc:8f:6e:90:57:87:9b:
                    c4:21:22:b6:38:37:8a:d6:1e:22:78:36:71:41:3c:
                    1f:be:d8:95:72:9e:b3:21:18:4f:56:3f:d1:9b:04:
                    20:bd:64:2b:eb:4f:46:17:d2:a5:21:02:03:64:1d:
                    fd:7e:95:33:9e:d4:83:52:af:79:77:2b:75:c5:49:
                    54:c8:7d:d2:69:8e:42:bc:14:22:20:1d:10:d8:2a:
                    d0:73:ca:06:47:16:80:70:f5:0a:d0:b9:9f:8a:41:
                    8b:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:4F:A2:F9:75:70:59:97:7E:85:9C:CB:E5:10:DC:C4:72:14:2B:FC
            X509v3 Authority Key Identifier:
                keyid:47:EA:61:D7:CC:2C:27:8A:7C:4B:CF:BC:21:37:B3:94:A2:26:54:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R-ph18wsJ4p8S8-8ITezlKImVK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/115c44-bc4a-4e24-bf38-8c72609f2f02/1/2E-i-XVwWZd-hZzL5RDcxHIUK_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/115c44-bc4a-4e24-bf38-8c72609f2f02/1/R-ph18wsJ4p8S8-8ITezlKImVK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:7b:af:29:fb:71:98:a5:4a:de:bb:d2:3c:c5:f9:d9:7e:a2:
         6b:01:72:2b:a2:ac:66:89:f5:99:d2:09:7c:c5:b2:0e:11:a0:
         3a:c4:e3:e2:ea:2b:2f:26:1c:2a:0b:c8:f0:30:fc:d5:fb:2e:
         a2:f6:d7:da:21:98:86:f3:2e:d4:4e:c2:a0:2a:7e:26:21:f1:
         43:cd:6e:ab:50:92:ec:d0:76:ad:4f:26:c1:49:62:0d:95:8a:
         84:f4:8d:2b:be:3b:3c:2e:df:cb:c4:a8:33:15:94:db:26:93:
         a4:85:0f:7d:3e:50:2c:e5:b1:6f:eb:9a:ac:d8:64:a9:11:11:
         3f:eb:4e:5c:14:c0:ad:d8:e0:68:be:c4:b9:e6:a6:89:8f:59:
         6e:b6:5a:c8:c1:23:66:36:1c:29:4e:e6:56:b9:35:b4:42:de:
         d3:bc:4a:69:c2:32:ba:a2:ec:53:b2:72:ea:3f:f8:f2:20:16:
         bf:91:26:93:41:a2:93:c7:f3:a7:a6:9c:a5:64:2e:4e:a0:15:
         f5:00:1a:f0:11:e5:da:95:ff:14:ac:60:3f:f8:04:57:6b:a8:
         82:2e:c7:7a:af:4c:eb:fe:f3:26:8d:09:06:87:93:f0:00:74:
         02:4a:8f:07:55:cc:64:ac:ba:92:76:f6:27:b4:2a:05:8e:ea:
         19:cf:64:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRZa+VMb0+iHHeid3nslpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZWE2MWQ3Y2MyYzI3OGE3YzRiY2ZiYzIxMzdiMzk0YTIy
NjU0YWQwHhcNMjUwMTAxMjM0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODRmYTJmOTc1NzA1OTk3N2U4NTljY2JlNTEwZGNjNDcyMTQyYmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5rWwKrQsvfQrl9meXXwSio7I2qwc
NVtV3stjTsS6DyqWjI57L6gN1cRDOI+IKMTNrCKOmy2z3wrcGXn0h8zLeKyLPVFW
USFkZbVMHTTaLublIoc1s9xfLdxXi29DwFPmm3/HoRJkdE22CIaURc1clWjYjhPj
EoVOFabXH9f834BpjjefDSWdQL851P9Yc7AwP3GMAJYZU4iccYDyHryPbpBXh5vE
ISK2ODeK1h4ieDZxQTwfvtiVcp6zIRhPVj/RmwQgvWQr609GF9KlIQIDZB39fpUz
ntSDUq95dyt1xUlUyH3SaY5CvBQiIB0Q2CrQc8oGRxaAcPUK0LmfikGLpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhPovl1cFmXfoWcy+UQ3MRyFCv8MB8GA1UdIwQY
MBaAFEfqYdfMLCeKfEvPvCE3s5SiJlStMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUi1waDE4d3NKNHA4UzgtOElUZXpsS0ltVkswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8xMTVjNDQtYmM0YS00ZTI0LWJmMzgt
OGM3MjYwOWYyZjAyLzEvMkUtaS1YVndXWmQtaFp6TDVSRGN4SElVS193LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8xMTVjNDQtYmM0YS00ZTI0LWJmMzgtOGM3MjYwOWYyZjAy
LzEvUi1waDE4d3NKNHA4UzgtOElUZXpsS0ltVkswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/jkMA0G
CSqGSIb3DQEBCwUAA4IBAQB+e68p+3GYpUreu9I8xfnZfqJrAXIroqxmifWZ0gl8
xbIOEaA6xOPi6isvJhwqC8jwMPzV+y6i9tfaIZiG8y7UTsKgKn4mIfFDzW6rUJLs
0HatTybBSWINlYqE9I0rvjs8Lt/LxKgzFZTbJpOkhQ99PlAs5bFv65qs2GSpERE/
605cFMCt2OBovsS55qaJj1lutlrIwSNmNhwpTuZWuTW0Qt7TvEppwjK6ouxTsnLq
P/jyIBa/kSaTQaKTx/OnppylZC5OoBX1ABrwEeXalf8UrGA/+ARXa6iCLsd6r0zr
/vMmjQkGh5PwAHQCSo8HVcxkrLqSdvYntCoFjuoZz2Sl
-----END CERTIFICATE-----