Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/30d3cf-9557-4bba-ab42-c26c17563174/1/L3NuWTe_ZTmjBo-VlxbB6Itqb5c.roa
File:                     L3NuWTe_ZTmjBo-VlxbB6Itqb5c.roa (raw, json)
Hash identifier:          1CPUHzNqQbUf2XOYArYRqgpqG1Ievq6YnuLxsGd4YuI=
Subject key identifier:   2F:73:6E:59:37:BF:65:39:A3:06:8F:95:97:16:C1:E8:8B:6A:6F:97
Certificate issuer:       /CN=d0bc52d94e62efa3ebf2cca16f42d2e5607388f0
Certificate serial:       019818812BEAA184D6691812D8957C5351F4
Authority key identifier: D0:BC:52:D9:4E:62:EF:A3:EB:F2:CC:A1:6F:42:D2:E5:60:73:88:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0LxS2U5i76Pr8syhb0LS5WBziPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/30d3cf-9557-4bba-ab42-c26c17563174/1/L3NuWTe_ZTmjBo-VlxbB6Itqb5c.roa
Signing time:             Thu 17 Jul 2025 13:09:35 +0000
ROA not before:           Thu 17 Jul 2025 13:09:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33993
IP address blocks:        94.131.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/30d3cf-9557-4bba-ab42-c26c17563174/1/0LxS2U5i76Pr8syhb0LS5WBziPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/30d3cf-9557-4bba-ab42-c26c17563174/1/0LxS2U5i76Pr8syhb0LS5WBziPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0LxS2U5i76Pr8syhb0LS5WBziPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 20:26:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:18:81:2b:ea:a1:84:d6:69:18:12:d8:95:7c:53:51:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0bc52d94e62efa3ebf2cca16f42d2e5607388f0
        Validity
            Not Before: Jul 17 13:09:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f736e5937bf6539a3068f959716c1e88b6a6f97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:10:89:32:6e:b5:83:82:f3:35:05:55:7d:10:
                    03:bd:87:df:cf:64:e6:ad:d7:42:f3:7d:c4:58:51:
                    dd:63:c3:7a:28:05:5a:ed:bd:d0:ed:ef:bb:97:e1:
                    b0:83:72:d1:c5:cc:f9:af:84:45:b9:92:12:bd:fe:
                    80:53:67:82:89:a6:9a:83:76:9a:08:7e:90:03:14:
                    62:35:90:c6:6b:07:e4:33:d5:60:80:4e:2d:67:9d:
                    01:e3:5d:7f:d8:97:d5:2f:ba:19:d7:f8:3b:1e:dd:
                    bb:2d:f1:d9:6b:df:23:95:2f:95:85:46:2c:9d:4c:
                    92:58:17:87:70:bf:7b:90:84:10:1e:91:52:67:16:
                    ae:27:6a:97:2a:e0:54:6e:8d:5b:40:0e:98:a0:a6:
                    5a:21:f7:ff:98:fe:d1:7e:64:39:a8:e6:a1:78:70:
                    c8:d3:3f:71:b8:c4:70:81:15:38:8b:5f:a7:9f:39:
                    c1:ff:7c:55:11:5a:3e:50:b1:18:79:07:3d:df:5d:
                    58:53:40:04:c5:ba:59:1f:ec:f8:f8:d1:40:df:55:
                    87:58:92:4f:f4:b6:bf:ce:1a:79:1e:a9:45:fc:8c:
                    6a:a0:21:62:f9:43:35:7f:14:76:b5:0d:84:33:9d:
                    8a:ca:06:a9:e8:3f:f1:ba:db:b6:f9:a8:6a:30:af:
                    87:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:73:6E:59:37:BF:65:39:A3:06:8F:95:97:16:C1:E8:8B:6A:6F:97
            X509v3 Authority Key Identifier:
                keyid:D0:BC:52:D9:4E:62:EF:A3:EB:F2:CC:A1:6F:42:D2:E5:60:73:88:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0LxS2U5i76Pr8syhb0LS5WBziPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/30d3cf-9557-4bba-ab42-c26c17563174/1/L3NuWTe_ZTmjBo-VlxbB6Itqb5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/30d3cf-9557-4bba-ab42-c26c17563174/1/0LxS2U5i76Pr8syhb0LS5WBziPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:4d:d8:e0:53:d3:cc:c1:bf:ee:83:55:a3:7e:7f:92:8a:74:
         97:48:22:24:34:e6:2b:23:82:d7:75:ff:cc:40:26:63:72:da:
         54:31:65:a6:3f:1c:b7:23:41:9f:bf:4b:bd:9e:ff:2a:1c:cd:
         36:16:05:61:64:80:e1:00:1e:55:64:4b:f6:a2:96:3d:e4:3f:
         98:67:4d:ba:c5:b4:a1:32:ad:63:68:e6:8e:5b:16:76:ab:f4:
         a4:32:e3:93:fc:f6:66:e8:ef:61:8d:dc:ac:ad:27:77:a8:bb:
         b8:cb:d1:b6:96:3f:72:48:e1:9d:82:56:b2:37:29:af:5b:cd:
         18:21:f4:69:d3:9b:3a:cd:be:40:89:78:cb:3e:37:ce:e8:09:
         6e:9a:aa:9e:17:98:11:f1:05:9d:ce:6c:d6:7b:0c:22:e0:9c:
         82:06:ed:f4:06:48:b0:bc:9b:ea:d1:44:d3:b7:49:7b:4c:12:
         b5:bf:bc:d1:ed:2b:9c:69:88:d2:77:43:9c:f9:7c:5b:20:da:
         49:63:79:20:ed:29:1d:0f:7a:94:3c:86:7d:3a:28:e8:45:43:
         1b:d8:6f:04:8e:c6:2f:69:aa:91:1a:67:de:f8:f9:bf:90:28:
         c5:21:96:99:cf:02:02:31:20:52:8d:14:4e:71:c6:8f:ac:93:
         54:06:79:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgYgSvqoYTWaRgS2JV8U1H0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYmM1MmQ5NGU2MmVmYTNlYmYyY2NhMTZmNDJkMmU1NjA3
Mzg4ZjAwHhcNMjUwNzE3MTMwOTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjczNmU1OTM3YmY2NTM5YTMwNjhmOTU5NzE2YzFlODhiNmE2Zjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxCJMm61g4LzNQVVfRADvYffz2Tm
rddC833EWFHdY8N6KAVa7b3Q7e+7l+Gwg3LRxcz5r4RFuZISvf6AU2eCiaaag3aa
CH6QAxRiNZDGawfkM9VggE4tZ50B411/2JfVL7oZ1/g7Ht27LfHZa98jlS+VhUYs
nUySWBeHcL97kIQQHpFSZxauJ2qXKuBUbo1bQA6YoKZaIff/mP7RfmQ5qOaheHDI
0z9xuMRwgRU4i1+nnznB/3xVEVo+ULEYeQc9311YU0AExbpZH+z4+NFA31WHWJJP
9La/zhp5HqlF/IxqoCFi+UM1fxR2tQ2EM52Kygap6D/xutu2+ahqMK+HywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC9zblk3v2U5owaPlZcWweiLam+XMB8GA1UdIwQY
MBaAFNC8UtlOYu+j6/LMoW9C0uVgc4jwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEx4UzJVNWk3NlByOHN5aGIwTFM1V0J6aVBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8zMGQzY2YtOTU1Ny00YmJhLWFiNDIt
YzI2YzE3NTYzMTc0LzEvTDNOdVdUZV9aVG1qQm8tVmx4YkI2SXRxYjVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8zMGQzY2YtOTU1Ny00YmJhLWFiNDItYzI2YzE3NTYzMTc0
LzEvMEx4UzJVNWk3NlByOHN5aGIwTFM1V0J6aVBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoMXMA0G
CSqGSIb3DQEBCwUAA4IBAQBUTdjgU9PMwb/ug1Wjfn+SinSXSCIkNOYrI4LXdf/M
QCZjctpUMWWmPxy3I0Gfv0u9nv8qHM02FgVhZIDhAB5VZEv2opY95D+YZ026xbSh
Mq1jaOaOWxZ2q/SkMuOT/PZm6O9hjdysrSd3qLu4y9G2lj9ySOGdglayNymvW80Y
IfRp05s6zb5AiXjLPjfO6AlumqqeF5gR8QWdzmzWewwi4JyCBu30BkiwvJvq0UTT
t0l7TBK1v7zR7SucaYjSd0Oc+XxbINpJY3kg7SkdD3qUPIZ9OijoRUMb2G8EjsYv
aaqRGmfe+Pm/kCjFIZaZzwICMSBSjRROccaPrJNUBnmT
-----END CERTIFICATE-----