Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/oL3-_6pqYdpSPuSTN2GkwZaneN0.roa
File:                     oL3-_6pqYdpSPuSTN2GkwZaneN0.roa (raw, json)
Hash identifier:          o/fwSGo3+i4YRX9/IGl/K4XHnL01gJ3TF73Zb1RldpA=
Subject key identifier:   A0:BD:FE:FF:AA:6A:61:DA:52:3E:E4:93:37:61:A4:C1:96:A7:78:DD
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019473155910CE034ADF817F0883EDC0629A
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/oL3-_6pqYdpSPuSTN2GkwZaneN0.roa
Signing time:             Fri 17 Jan 2025 07:06:06 +0000
ROA not before:           Fri 17 Jan 2025 07:06:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136359
IP address blocks:        103.216.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:73:15:59:10:ce:03:4a:df:81:7f:08:83:ed:c0:62:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan 17 07:06:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0bdfeffaa6a61da523ee4933761a4c196a778dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:fd:3e:6d:74:79:50:51:b2:ea:4b:49:80:ad:
                    c1:f2:16:5c:5c:fd:aa:7a:4c:17:63:9c:1a:29:21:
                    14:74:28:02:3e:0d:d4:7f:0b:a0:42:9b:96:ed:02:
                    aa:6e:5f:b9:23:ff:41:11:d6:1e:67:42:fc:af:10:
                    0f:15:2f:a7:80:d1:16:39:a0:2b:b9:c5:3d:f0:c8:
                    81:1c:b9:e5:32:3a:1a:19:71:ab:8f:c1:58:01:19:
                    0c:92:74:55:57:f4:40:74:f5:99:ca:a6:8b:ff:cb:
                    36:e5:2d:6d:84:e7:f8:49:99:c5:4a:ea:95:25:6f:
                    f6:28:85:e0:d1:14:ce:dc:1a:ea:64:c6:97:f3:0b:
                    d8:c8:23:e1:30:6f:ee:66:eb:31:a5:30:32:d7:fd:
                    67:98:a5:4a:80:57:25:7d:05:b4:22:de:3f:a3:27:
                    b2:be:ca:a0:6e:0c:a9:9e:f0:a5:17:bd:6f:a6:30:
                    99:9e:85:ab:12:88:78:eb:5b:c7:d7:ac:e9:cd:9e:
                    a9:fa:59:72:ae:5e:50:1a:b5:f9:5c:fa:6f:e4:19:
                    c4:35:f6:37:f8:84:15:1b:d3:0d:0c:fe:b0:30:b9:
                    39:38:e4:c7:f0:d2:14:04:7d:87:a9:8c:36:5c:07:
                    d0:46:56:38:62:fd:d0:b9:fa:72:b9:74:18:56:5f:
                    e7:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:BD:FE:FF:AA:6A:61:DA:52:3E:E4:93:37:61:A4:C1:96:A7:78:DD
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/oL3-_6pqYdpSPuSTN2GkwZaneN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.216.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:1c:25:fd:95:49:53:f3:e5:cb:02:fb:0b:36:47:75:55:a1:
         af:85:a8:2c:9f:ca:36:c3:67:78:56:52:28:6a:19:2c:34:b3:
         83:52:79:b2:5d:35:31:d6:c8:75:9f:f8:e5:76:2e:24:61:39:
         32:c6:ad:47:e8:72:30:32:e7:3e:6b:04:99:75:27:d9:f6:8e:
         2b:81:2f:dc:9f:b7:6d:f2:f1:fd:8a:75:5e:69:bd:28:ad:3e:
         d4:07:f2:52:25:9e:5b:2c:51:f1:23:1d:30:43:0b:c6:73:d4:
         e0:bc:5d:17:cf:30:51:48:bf:60:5b:4a:ab:62:5b:c6:07:90:
         6b:24:1d:b8:d5:57:ab:52:09:08:33:fe:c3:1e:19:89:34:59:
         b4:d4:34:67:62:42:4d:7f:86:f2:68:2b:63:a6:ae:ff:6e:9d:
         bc:77:7d:07:1c:a2:e6:80:42:80:a7:d1:4a:b4:90:56:f5:68:
         64:cd:ca:8e:52:8f:88:aa:0d:16:80:21:13:10:66:d7:eb:57:
         1d:68:ae:dd:92:ea:9d:0e:1e:a0:13:47:6d:90:f1:bb:fa:78:
         d8:04:f3:a6:9a:37:b3:0e:be:f3:9d:10:b9:07:81:21:4a:38:
         53:a2:ea:16:f8:79:4b:27:59:0c:cf:30:d5:4f:b7:25:53:67:
         30:ca:33:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRzFVkQzgNK34F/CIPtwGKaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwMTE3MDcwNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGJkZmVmZmFhNmE2MWRhNTIzZWU0OTMzNzYxYTRjMTk2YTc3OGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyP0+bXR5UFGy6ktJgK3B8hZcXP2q
ekwXY5waKSEUdCgCPg3UfwugQpuW7QKqbl+5I/9BEdYeZ0L8rxAPFS+ngNEWOaAr
ucU98MiBHLnlMjoaGXGrj8FYARkMknRVV/RAdPWZyqaL/8s25S1thOf4SZnFSuqV
JW/2KIXg0RTO3BrqZMaX8wvYyCPhMG/uZusxpTAy1/1nmKVKgFclfQW0It4/oyey
vsqgbgypnvClF71vpjCZnoWrEoh461vH16zpzZ6p+llyrl5QGrX5XPpv5BnENfY3
+IQVG9MNDP6wMLk5OOTH8NIUBH2HqYw2XAfQRlY4Yv3QufpyuXQYVl/nawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKC9/v+qamHaUj7kkzdhpMGWp3jdMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvb0wzLV82cHFZZHBTUHVTVE4yR2t3WmFuZU4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ9itMA0G
CSqGSIb3DQEBCwUAA4IBAQAqHCX9lUlT8+XLAvsLNkd1VaGvhagsn8o2w2d4VlIo
ahksNLODUnmyXTUx1sh1n/jldi4kYTkyxq1H6HIwMuc+awSZdSfZ9o4rgS/cn7dt
8vH9inVeab0orT7UB/JSJZ5bLFHxIx0wQwvGc9TgvF0XzzBRSL9gW0qrYlvGB5Br
JB241VerUgkIM/7DHhmJNFm01DRnYkJNf4byaCtjpq7/bp28d30HHKLmgEKAp9FK
tJBW9WhkzcqOUo+Iqg0WgCETEGbX61cdaK7dkuqdDh6gE0dtkPG7+njYBPOmmjez
Dr7znRC5B4EhSjhTouoW+HlLJ1kMzzDVT7clU2cwyjP9
-----END CERTIFICATE-----