Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/lKdTsJ9TvIICTgPRcm3O1hlBWiM.roa
File:                     lKdTsJ9TvIICTgPRcm3O1hlBWiM.roa (raw, json)
Hash identifier:          py16JH9zUXcJT+HWUygN67vLSyq6kBTksveRhrIkt/k=
Subject key identifier:   94:A7:53:B0:9F:53:BC:82:02:4E:03:D1:72:6D:CE:D6:19:41:5A:23
Certificate issuer:       /CN=6b7d1f1e877c12798274e01334554f899f38eac1
Certificate serial:       019426D96527AF601051F2DBF63DC15EE92B
Authority key identifier: 6B:7D:1F:1E:87:7C:12:79:82:74:E0:13:34:55:4F:89:9F:38:EA:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a30fHod8EnmCdOATNFVPiZ846sE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/lKdTsJ9TvIICTgPRcm3O1hlBWiM.roa
Signing time:             Thu 02 Jan 2025 11:49:28 +0000
ROA not before:           Thu 02 Jan 2025 11:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3257
IP address blocks:        195.160.192.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/a30fHod8EnmCdOATNFVPiZ846sE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/a30fHod8EnmCdOATNFVPiZ846sE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a30fHod8EnmCdOATNFVPiZ846sE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 11:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:65:27:af:60:10:51:f2:db:f6:3d:c1:5e:e9:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b7d1f1e877c12798274e01334554f899f38eac1
        Validity
            Not Before: Jan  2 11:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94a753b09f53bc82024e03d1726dced619415a23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:bf:0c:19:4d:52:88:5d:80:47:94:98:96:cc:
                    18:be:6f:23:28:36:0e:1b:97:51:0e:45:8b:5e:22:
                    c0:5f:e1:9e:99:dd:67:3d:5c:c2:ed:d8:61:87:51:
                    5e:43:22:9a:2b:88:1c:53:61:4d:81:fa:e1:6b:56:
                    7f:e8:f6:5e:0c:20:a6:47:3b:56:86:f7:f9:2a:0e:
                    94:a8:a8:77:a5:0a:bf:a3:77:aa:83:7d:f8:1e:07:
                    bd:e8:ed:22:70:de:c0:06:da:71:be:3f:e8:86:39:
                    2d:41:c3:5c:3a:bf:43:e2:3f:27:68:26:8d:61:d0:
                    c1:e3:c1:7c:e2:97:95:be:8f:d0:47:4e:60:6d:a6:
                    e2:6f:38:9a:2a:4f:51:82:50:b0:64:10:a3:07:83:
                    cd:1f:8f:33:97:3b:4e:4d:95:ff:1f:e0:77:ed:44:
                    f7:ca:c3:86:a6:bf:0e:84:0d:ef:b0:74:89:af:d3:
                    c7:6b:69:cb:48:33:1c:2f:60:2e:7b:e1:30:c0:62:
                    b7:f0:4f:b5:46:50:65:2b:6d:e5:ce:dd:51:94:65:
                    2b:f5:80:46:f3:23:69:b5:8d:a3:ed:6b:bb:88:12:
                    75:95:aa:c8:37:cf:c5:c0:48:25:86:de:1e:0c:e0:
                    93:01:45:99:29:f8:49:5a:49:be:4a:3c:7f:fe:af:
                    26:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:A7:53:B0:9F:53:BC:82:02:4E:03:D1:72:6D:CE:D6:19:41:5A:23
            X509v3 Authority Key Identifier:
                keyid:6B:7D:1F:1E:87:7C:12:79:82:74:E0:13:34:55:4F:89:9F:38:EA:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a30fHod8EnmCdOATNFVPiZ846sE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/lKdTsJ9TvIICTgPRcm3O1hlBWiM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/a30fHod8EnmCdOATNFVPiZ846sE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.160.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         aa:63:a0:3a:af:2d:17:df:da:34:3d:17:15:19:f2:a2:ba:0a:
         90:f5:b0:b6:71:b0:b5:3b:11:a3:57:d4:00:3b:e7:fb:b2:a3:
         98:c7:9f:b0:fd:9d:34:bb:21:8d:cd:74:fb:08:8d:74:21:da:
         53:0e:e7:26:fe:a9:d7:59:20:98:a3:ab:32:55:11:9f:5c:72:
         85:eb:6d:4c:a3:8a:48:e4:3b:c9:54:fc:71:94:3b:4b:de:50:
         4c:74:f3:78:d5:0a:98:c1:27:37:9b:32:d2:e5:86:42:6f:1b:
         38:af:a1:b4:74:82:6f:bb:73:ff:9c:6e:44:c4:1d:25:d1:46:
         56:ce:60:d1:f0:74:0e:72:36:e0:43:33:13:2c:66:58:59:87:
         15:a2:58:17:0b:f6:66:0f:c6:ba:16:37:eb:79:0a:a1:0e:07:
         e2:8c:c0:31:e8:eb:58:8e:cc:2b:23:8f:64:39:0c:b7:ef:21:
         a9:ae:e9:95:e8:d9:31:20:d7:02:82:ed:69:1c:1b:df:ca:a1:
         d2:fd:03:53:0b:38:a6:9e:39:88:56:84:98:39:ee:a5:50:4a:
         66:04:c5:d1:06:7f:23:fd:d3:5a:ba:06:61:60:21:73:ef:f1:
         9c:94:d6:63:f4:33:0b:f4:d4:d8:19:97:78:cb:4a:3f:30:98:
         bd:0a:7a:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2WUnr2AQUfLb9j3BXukrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiN2QxZjFlODc3YzEyNzk4Mjc0ZTAxMzM0NTU0Zjg5OWYz
OGVhYzEwHhcNMjUwMTAyMTE0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGE3NTNiMDlmNTNiYzgyMDI0ZTAzZDE3MjZkY2VkNjE5NDE1YTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoL8MGU1SiF2AR5SYlswYvm8jKDYO
G5dRDkWLXiLAX+Gemd1nPVzC7dhhh1FeQyKaK4gcU2FNgfrha1Z/6PZeDCCmRztW
hvf5Kg6UqKh3pQq/o3eqg334Hge96O0icN7ABtpxvj/ohjktQcNcOr9D4j8naCaN
YdDB48F84peVvo/QR05gbabibziaKk9RglCwZBCjB4PNH48zlztOTZX/H+B37UT3
ysOGpr8OhA3vsHSJr9PHa2nLSDMcL2Aue+EwwGK38E+1RlBlK23lzt1RlGUr9YBG
8yNptY2j7Wu7iBJ1larIN8/FwEglht4eDOCTAUWZKfhJWkm+Sjx//q8m7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSnU7CfU7yCAk4D0XJtztYZQVojMB8GA1UdIwQY
MBaAFGt9Hx6HfBJ5gnTgEzRVT4mfOOrBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTMwZkhvZDhFbm1DZE9BVE5GVlBpWjg0NnNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9hMTNjNDAtZGM2Ny00MjNjLTk3OWUt
MmZhZDlhMmZjM2VmLzEvbEtkVHNKOVR2SUlDVGdQUmNtM08xaGxCV2lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9hMTNjNDAtZGM2Ny00MjNjLTk3OWUtMmZhZDlhMmZjM2Vm
LzEvYTMwZkhvZDhFbm1DZE9BVE5GVlBpWjg0NnNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw6DAMA0G
CSqGSIb3DQEBCwUAA4IBAQCqY6A6ry0X39o0PRcVGfKiugqQ9bC2cbC1OxGjV9QA
O+f7sqOYx5+w/Z00uyGNzXT7CI10IdpTDucm/qnXWSCYo6syVRGfXHKF621Mo4pI
5DvJVPxxlDtL3lBMdPN41QqYwSc3mzLS5YZCbxs4r6G0dIJvu3P/nG5ExB0l0UZW
zmDR8HQOcjbgQzMTLGZYWYcVolgXC/ZmD8a6FjfreQqhDgfijMAx6OtYjswrI49k
OQy37yGprumV6NkxINcCgu1pHBvfyqHS/QNTCzimnjmIVoSYOe6lUEpmBMXRBn8j
/dNaugZhYCFz7/GclNZj9DML9NTYGZd4y0o/MJi9Cnoj
-----END CERTIFICATE-----