Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/llr3G6G5AM7M10tmA9xFiPTyO0Y.roa
File:                     llr3G6G5AM7M10tmA9xFiPTyO0Y.roa (raw, json)
Hash identifier:          iQGQsp8WoDcGM5vwoYe4dx6kdl9hCiwMrIHoYkwEWK0=
Subject key identifier:   96:5A:F7:1B:A1:B9:00:CE:CC:D7:4B:66:03:DC:45:88:F4:F2:3B:46
Certificate issuer:       /CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
Certificate serial:       0194258FBD707DF0524B09D70A787E3D1563
Authority key identifier: A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/llr3G6G5AM7M10tmA9xFiPTyO0Y.roa
Signing time:             Thu 02 Jan 2025 05:49:24 +0000
ROA not before:           Thu 02 Jan 2025 05:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41969
IP address blocks:        192.108.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:bd:70:7d:f0:52:4b:09:d7:0a:78:7e:3d:15:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
        Validity
            Not Before: Jan  2 05:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=965af71ba1b900ceccd74b6603dc4588f4f23b46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:56:d7:2b:6a:3c:1f:bb:03:5b:c0:bd:56:f0:
                    e1:3c:03:c1:da:e7:a5:ff:cd:02:51:6d:00:44:4d:
                    2a:f7:61:11:0e:74:b9:6e:4a:7f:e6:ed:52:d5:ce:
                    dc:89:cc:b8:e3:ac:39:9c:8a:2b:45:23:e0:d6:41:
                    40:01:d9:b4:16:56:cb:ac:3b:5b:73:d6:96:d5:99:
                    16:71:c0:d6:f4:7e:a2:e9:6a:5b:83:29:c9:bd:dc:
                    5c:86:53:0c:6c:7d:0e:0a:05:8c:f6:27:ae:c3:07:
                    52:fa:ef:c1:5d:5a:dc:65:a7:21:c8:43:02:19:54:
                    b2:46:ae:f0:20:3e:09:fc:20:91:16:37:88:0f:1d:
                    81:be:da:07:00:48:8c:0d:f7:83:3c:f3:70:83:b9:
                    ff:12:19:59:5b:62:5b:a7:48:c4:19:9e:65:56:1b:
                    9b:9f:46:3a:d2:2e:e7:14:72:ec:27:14:b3:96:64:
                    8d:0b:36:d9:0a:41:fe:75:39:73:a7:24:8e:af:22:
                    c1:fd:4b:4e:4f:58:92:b0:4f:e9:06:b5:eb:02:29:
                    ed:26:17:93:e5:d6:18:34:ad:81:9c:11:11:ac:2e:
                    55:29:ec:e4:e8:74:a5:9b:cf:03:61:23:de:ae:9e:
                    c5:ab:1f:7e:63:05:a4:1a:cb:19:48:02:4c:20:53:
                    c9:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:5A:F7:1B:A1:B9:00:CE:CC:D7:4B:66:03:DC:45:88:F4:F2:3B:46
            X509v3 Authority Key Identifier:
                keyid:A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/llr3G6G5AM7M10tmA9xFiPTyO0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.108.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:77:52:38:58:09:05:d8:f8:e3:a5:25:30:5e:23:af:8c:86:
         4e:52:58:19:aa:04:30:1f:ac:6c:39:fe:ec:02:57:b6:21:71:
         94:12:c9:4f:00:99:fa:35:22:02:09:2f:c2:7b:62:aa:a5:a8:
         33:39:38:af:7b:e6:f9:cd:5e:73:17:20:25:8a:6f:94:db:3c:
         bf:a7:93:2b:93:72:b5:2a:ee:58:22:e7:0d:a5:4b:46:38:d9:
         35:71:37:dc:c1:d0:09:ad:41:5a:84:64:5d:60:9a:b3:76:8e:
         e5:2e:41:dc:dd:b2:4c:93:c0:b9:29:7a:05:76:25:47:94:8f:
         ff:9c:9c:08:3c:b9:08:ba:93:00:46:fa:a0:1a:25:77:ad:76:
         80:55:46:75:4f:55:5f:87:fc:af:22:a5:85:9f:6f:8a:b7:40:
         ad:73:8e:be:4e:bc:2d:3a:96:0f:09:e4:de:ef:30:55:80:e6:
         64:a4:71:92:72:96:b1:7c:46:16:6f:cd:ba:19:c6:cc:cf:47:
         d7:59:fa:14:7a:44:56:47:b4:52:a6:15:f8:e6:2d:1d:e0:34:
         90:9e:ad:1e:95:99:5d:90:3d:f8:e5:50:3b:0c:75:29:59:e0:
         6d:2a:38:0d:84:c1:49:8a:64:93:47:16:2c:84:00:3d:8e:d1:
         3d:10:90:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj71wffBSSwnXCnh+PRVjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OTk5MDNkYWI4NWY2YTU5NzcyYjNlZGZkNGJmMGU0OTFh
ZjU3YzQwHhcNMjUwMTAyMDU0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjVhZjcxYmExYjkwMGNlY2NkNzRiNjYwM2RjNDU4OGY0ZjIzYjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5FbXK2o8H7sDW8C9VvDhPAPB2uel
/80CUW0ARE0q92ERDnS5bkp/5u1S1c7cicy446w5nIorRSPg1kFAAdm0FlbLrDtb
c9aW1ZkWccDW9H6i6WpbgynJvdxchlMMbH0OCgWM9ieuwwdS+u/BXVrcZachyEMC
GVSyRq7wID4J/CCRFjeIDx2BvtoHAEiMDfeDPPNwg7n/EhlZW2Jbp0jEGZ5lVhub
n0Y60i7nFHLsJxSzlmSNCzbZCkH+dTlzpySOryLB/UtOT1iSsE/pBrXrAintJheT
5dYYNK2BnBERrC5VKezk6HSlm88DYSPerp7Fqx9+YwWkGssZSAJMIFPJ7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJZa9xuhuQDOzNdLZgPcRYj08jtGMB8GA1UdIwQY
MBaAFKSZkD2rhfall3Kz7f1L8OSRr1fEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQt
NTdlYzEyZTg2NDFlLzEvbGxyM0c2RzVBTTdNMTB0bUE5eEZpUFR5TzBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQtNTdlYzEyZTg2NDFl
LzEvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwGxIMA0G
CSqGSIb3DQEBCwUAA4IBAQBCd1I4WAkF2PjjpSUwXiOvjIZOUlgZqgQwH6xsOf7s
Ale2IXGUEslPAJn6NSICCS/Ce2KqpagzOTive+b5zV5zFyAlim+U2zy/p5Mrk3K1
Ku5YIucNpUtGONk1cTfcwdAJrUFahGRdYJqzdo7lLkHc3bJMk8C5KXoFdiVHlI//
nJwIPLkIupMARvqgGiV3rXaAVUZ1T1Vfh/yvIqWFn2+Kt0Ctc46+TrwtOpYPCeTe
7zBVgOZkpHGScpaxfEYWb826GcbMz0fXWfoUekRWR7RSphX45i0d4DSQnq0elZld
kD345VA7DHUpWeBtKjgNhMFJimSTRxYshAA9jtE9EJDl
-----END CERTIFICATE-----