Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/8ce795-3fa9-4cb7-831a-1de56e475fbf/1/1-lvK1BgwcNHjtpfnLdG3UaLjqn4.roa
File:                     1-lvK1BgwcNHjtpfnLdG3UaLjqn4.roa (raw, json)
Hash identifier:          hB5Mx+mQ6y7CKmWEvcE4cdS1DxjfdWVYD7EJHEQbkT8=
Subject key identifier:   FA:5B:CA:D4:18:30:70:D1:E3:B6:97:E7:2D:D1:B7:51:A2:E3:AA:7E
Certificate issuer:       /CN=c373fae99d651298845d22f89d8d2b2e1d13bc04
Certificate serial:       019427B550E9EA062F0352F48B2230CD857B
Authority key identifier: C3:73:FA:E9:9D:65:12:98:84:5D:22:F8:9D:8D:2B:2E:1D:13:BC:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w3P66Z1lEpiEXSL4nY0rLh0TvAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/8ce795-3fa9-4cb7-831a-1de56e475fbf/1/1-lvK1BgwcNHjtpfnLdG3UaLjqn4.roa
Signing time:             Thu 02 Jan 2025 15:49:41 +0000
ROA not before:           Thu 02 Jan 2025 15:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214238
IP address blocks:        188.190.3.0/24 maxlen: 24
                          188.190.4.0/24 maxlen: 24
                          188.190.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/8ce795-3fa9-4cb7-831a-1de56e475fbf/1/w3P66Z1lEpiEXSL4nY0rLh0TvAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/8ce795-3fa9-4cb7-831a-1de56e475fbf/1/w3P66Z1lEpiEXSL4nY0rLh0TvAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w3P66Z1lEpiEXSL4nY0rLh0TvAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:50:e9:ea:06:2f:03:52:f4:8b:22:30:cd:85:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c373fae99d651298845d22f89d8d2b2e1d13bc04
        Validity
            Not Before: Jan  2 15:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa5bcad4183070d1e3b697e72dd1b751a2e3aa7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f0:d9:8c:08:19:9d:b4:2c:62:b5:02:63:15:
                    0b:6f:ac:fc:a6:8e:2c:15:c2:8b:11:06:4c:8d:4d:
                    63:2a:bf:3f:88:ba:aa:9f:d8:76:59:e3:80:8d:2f:
                    61:31:9c:af:6d:29:bb:01:57:e6:1f:e1:09:7e:e3:
                    82:c2:36:16:82:3f:c9:bd:2d:6e:7a:c2:e6:27:cc:
                    6a:d5:c9:16:50:59:b7:95:86:93:d1:39:c0:d2:20:
                    23:b5:4d:80:f8:51:aa:ea:24:8f:fd:d7:43:62:ba:
                    ff:ce:47:db:e3:5d:96:bb:21:2a:d7:80:2a:b3:af:
                    79:af:5b:bf:22:d0:68:6a:e2:1e:01:36:de:6f:65:
                    7b:7b:c2:da:8c:3e:c5:89:d2:a9:cd:26:8b:b3:04:
                    85:dc:2a:87:28:de:a8:72:db:65:1c:3b:57:c1:02:
                    9e:c9:4d:9c:5f:2f:98:45:93:d6:f3:80:e7:e5:13:
                    ae:27:5a:c4:d4:d6:7f:0d:2c:42:7f:bf:89:9f:41:
                    ee:13:c7:e2:1c:14:6c:dc:cc:25:d7:cb:f3:58:e8:
                    29:29:49:e0:d3:8d:a6:c0:ad:bc:93:26:89:a6:45:
                    04:75:aa:19:35:45:04:6d:88:60:21:c1:14:60:ec:
                    b1:6c:ed:c4:68:b5:e6:0e:b5:8b:92:d7:3a:70:c1:
                    c4:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:5B:CA:D4:18:30:70:D1:E3:B6:97:E7:2D:D1:B7:51:A2:E3:AA:7E
            X509v3 Authority Key Identifier:
                keyid:C3:73:FA:E9:9D:65:12:98:84:5D:22:F8:9D:8D:2B:2E:1D:13:BC:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w3P66Z1lEpiEXSL4nY0rLh0TvAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/8ce795-3fa9-4cb7-831a-1de56e475fbf/1/1-lvK1BgwcNHjtpfnLdG3UaLjqn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/8ce795-3fa9-4cb7-831a-1de56e475fbf/1/w3P66Z1lEpiEXSL4nY0rLh0TvAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.190.3.0-188.190.5.255

    Signature Algorithm: sha256WithRSAEncryption
         5b:f6:9f:2c:cd:f5:f3:4b:42:df:bf:34:29:c5:ff:3d:dc:e0:
         92:38:47:01:6b:b5:e2:76:f7:54:19:89:36:de:6c:ce:8f:3a:
         10:14:b1:6d:3f:39:ce:ec:3c:7c:37:0c:52:76:a7:85:76:ec:
         4d:0a:42:d3:18:11:44:82:0d:8b:20:83:af:68:36:65:e4:fc:
         de:3f:be:ba:5b:c0:04:0f:70:ca:b5:9e:a0:88:e4:48:a1:17:
         53:2e:01:a5:ec:02:1e:ce:aa:3b:ac:63:34:88:84:3e:6f:a1:
         f0:2c:4b:9c:30:e0:0d:82:d0:16:47:2c:21:11:de:61:5d:60:
         7a:75:93:1f:a9:9d:fa:fa:e3:b4:c6:65:f3:90:4a:7f:29:a7:
         2a:32:b3:e3:21:73:97:13:7f:27:d7:45:7a:be:c2:b9:58:86:
         63:3d:cc:1e:96:00:3f:00:70:86:99:bd:fa:78:10:3e:5d:1d:
         e3:e0:11:e9:b2:fe:fa:df:71:29:6f:7a:d0:5b:aa:00:eb:f7:
         55:1c:f5:3a:9a:34:52:ce:af:f3:11:5a:0a:0e:c9:52:a5:27:
         45:4b:37:7e:46:0d:ca:f9:fd:c0:5b:64:32:b1:1e:fe:08:c5:
         e5:90:7d:02:01:1d:55:8d:0c:93:a3:19:79:51:13:72:67:48:
         8f:b5:9a:5a
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZQntVDp6gYvA1L0iyIwzYV7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNzNmYWU5OWQ2NTEyOTg4NDVkMjJmODlkOGQyYjJlMWQx
M2JjMDQwHhcNMjUwMTAyMTU0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTViY2FkNDE4MzA3MGQxZTNiNjk3ZTcyZGQxYjc1MWEyZTNhYTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fDZjAgZnbQsYrUCYxULb6z8po4s
FcKLEQZMjU1jKr8/iLqqn9h2WeOAjS9hMZyvbSm7AVfmH+EJfuOCwjYWgj/JvS1u
esLmJ8xq1ckWUFm3lYaT0TnA0iAjtU2A+FGq6iSP/ddDYrr/zkfb412WuyEq14Aq
s695r1u/ItBoauIeATbeb2V7e8LajD7FidKpzSaLswSF3CqHKN6octtlHDtXwQKe
yU2cXy+YRZPW84Dn5ROuJ1rE1NZ/DSxCf7+Jn0HuE8fiHBRs3Mwl18vzWOgpKUng
042mwK28kyaJpkUEdaoZNUUEbYhgIcEUYOyxbO3EaLXmDrWLktc6cMHEvwIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFPpbytQYMHDR47aX5y3Rt1Gi46p+MB8GA1UdIwQY
MBaAFMNz+umdZRKYhF0i+J2NKy4dE7wEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzNQNjZaMWxFcGlFWFNMNG5ZMHJMaDBUdkFRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC84Y2U3OTUtM2ZhOS00Y2I3LTgzMWEt
MWRlNTZlNDc1ZmJmLzEvMS1sdksxQmd3Y05IanRwZm5MZEczVWFManFuNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzQvOGNlNzk1LTNmYTktNGNiNy04MzFhLTFkZTU2ZTQ3NWZi
Zi8xL3czUDY2WjFsRXBpRVhTTDRuWTByTGgwVHZBUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAnBggrBgEFBQcBBwEB/wQYMBYwFAQCAAEwDjAMAwQAvL4D
AwQBvL4EMA0GCSqGSIb3DQEBCwUAA4IBAQBb9p8szfXzS0LfvzQpxf893OCSOEcB
a7XidvdUGYk23mzOjzoQFLFtPznO7Dx8NwxSdqeFduxNCkLTGBFEgg2LIIOvaDZl
5PzeP766W8AED3DKtZ6giORIoRdTLgGl7AIezqo7rGM0iIQ+b6HwLEucMOANgtAW
RywhEd5hXWB6dZMfqZ36+uO0xmXzkEp/KacqMrPjIXOXE38n10V6vsK5WIZjPcwe
lgA/AHCGmb36eBA+XR3j4BHpsv7633Epb3rQW6oA6/dVHPU6mjRSzq/zEVoKDslS
pSdFSzd+Rg3K+f3AW2QysR7+CMXlkH0CAR1VjQyToxl5URNyZ0iPtZpa
-----END CERTIFICATE-----