Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/Low4CRi4iGKYokty-NINmJn09rg.roa
File:                     Low4CRi4iGKYokty-NINmJn09rg.roa (raw, json)
Hash identifier:          Mly1uM7PqUcjuRWWihLVa+ejMa5zwEjs5HqRkIM9ZCc=
Subject key identifier:   2E:8C:38:09:18:B8:88:62:98:A2:4B:72:F8:D2:0D:98:99:F4:F6:B8
Certificate issuer:       /CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
Certificate serial:       019427478651932CCBEBE27EF174427635F9
Authority key identifier: DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/Low4CRi4iGKYokty-NINmJn09rg.roa
Signing time:             Thu 02 Jan 2025 13:49:46 +0000
ROA not before:           Thu 02 Jan 2025 13:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47377
IP address blocks:        212.124.94.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 07:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:86:51:93:2c:cb:eb:e2:7e:f1:74:42:76:35:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
        Validity
            Not Before: Jan  2 13:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e8c380918b8886298a24b72f8d20d9899f4f6b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:8b:3d:8b:8c:c5:36:81:29:16:d6:a9:0d:8d:
                    46:ad:90:04:d6:95:44:58:ce:76:40:05:e3:a2:eb:
                    9c:e1:81:6d:03:19:72:b6:94:bf:39:90:74:3a:dc:
                    0a:5b:bb:ce:22:be:89:78:1b:fc:62:c5:86:04:31:
                    a3:aa:52:61:dc:ee:3d:47:0a:ba:6f:dc:89:21:08:
                    a5:de:2f:41:d6:d2:ce:2c:7e:ae:2f:84:ff:d7:14:
                    6b:56:38:b3:05:ee:30:b0:15:04:bf:48:d2:22:04:
                    9f:d2:24:4f:0b:01:af:79:92:dd:bf:4e:54:ae:ab:
                    ed:79:fb:69:7d:58:45:0f:d7:c5:f2:c4:64:67:96:
                    b7:11:db:c7:93:bf:75:00:a5:5c:02:bf:2c:08:26:
                    1b:59:89:1c:3b:47:ab:35:1c:8d:e9:1b:62:81:fa:
                    3f:98:8d:61:25:46:e8:f8:82:14:a9:e9:aa:a8:c7:
                    be:b5:85:b9:d4:e9:f8:36:69:0b:b6:ae:45:34:74:
                    9e:ee:ef:c8:c4:f2:b2:2f:c8:d1:01:93:73:71:14:
                    64:b8:60:80:60:7c:bc:f7:d0:49:d1:1e:4f:8f:0f:
                    bb:f2:3f:b3:f7:25:a1:90:c9:75:11:10:d6:e8:c2:
                    b1:85:ed:ef:15:4b:ae:f6:5a:0f:3f:88:65:68:49:
                    d9:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:8C:38:09:18:B8:88:62:98:A2:4B:72:F8:D2:0D:98:99:F4:F6:B8
            X509v3 Authority Key Identifier:
                keyid:DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/Low4CRi4iGKYokty-NINmJn09rg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.124.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:ff:0c:9a:92:02:9d:90:ef:51:2d:a0:c2:d4:f5:21:68:83:
         51:15:2c:be:94:39:26:bb:0c:d6:cb:5d:0b:4f:21:48:c1:31:
         33:cd:87:e1:73:09:b1:06:1a:e7:55:d9:77:62:a6:64:c9:9f:
         89:6f:c0:24:29:c1:5d:d2:a5:ae:82:0c:30:b4:cc:0c:12:d8:
         aa:11:95:c9:3d:85:10:64:99:89:bc:06:f3:e1:57:85:63:20:
         b6:c7:4a:39:2f:a6:11:f3:b6:9e:bd:1f:5b:87:00:e8:9e:a2:
         6f:52:45:03:97:c9:7b:7a:0a:dc:70:d0:18:56:fa:9f:68:bf:
         40:a5:68:ce:a0:69:c3:a5:fe:6f:47:c7:36:79:a7:9f:64:84:
         9c:9d:f6:9f:0a:1b:3f:96:39:4c:2f:5f:04:34:b8:8d:5f:4f:
         33:60:81:05:24:ce:91:3b:c4:55:28:a5:90:d1:bf:43:49:27:
         23:5d:42:6c:55:76:cb:75:90:a1:4e:fd:8f:bb:19:69:ab:6d:
         b9:10:ca:64:62:3c:19:ec:95:24:fc:d1:17:d6:c6:77:4b:61:
         e9:a1:40:c1:5c:51:22:57:1c:be:06:d9:de:fc:09:7b:c4:18:
         59:67:4f:11:1e:45:ff:b8:39:64:73:68:a8:63:0d:0d:85:6d:
         d5:5c:e1:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR4ZRkyzL6+J+8XRCdjX5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZWUyYmY0M2YyMWE4MWM0OTJjNmU2YTlmYzZmMDc0ZDJm
MGEyMTcwHhcNMjUwMTAyMTM0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZThjMzgwOTE4Yjg4ODYyOThhMjRiNzJmOGQyMGQ5ODk5ZjRmNmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsos9i4zFNoEpFtapDY1GrZAE1pVE
WM52QAXjouuc4YFtAxlytpS/OZB0OtwKW7vOIr6JeBv8YsWGBDGjqlJh3O49Rwq6
b9yJIQil3i9B1tLOLH6uL4T/1xRrVjizBe4wsBUEv0jSIgSf0iRPCwGveZLdv05U
rqvteftpfVhFD9fF8sRkZ5a3EdvHk791AKVcAr8sCCYbWYkcO0erNRyN6Rtigfo/
mI1hJUbo+IIUqemqqMe+tYW51On4NmkLtq5FNHSe7u/IxPKyL8jRAZNzcRRkuGCA
YHy899BJ0R5Pjw+78j+z9yWhkMl1ERDW6MKxhe3vFUuu9loPP4hlaEnZpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6MOAkYuIhimKJLcvjSDZiZ9Pa4MB8GA1UdIwQY
MBaAFN/uK/Q/IagcSSxuap/G8HTS8KIXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTIt
MjhkNzhlYjlmMmRjLzEvTG93NENSaTRpR0tZb2t0eS1OSU5tSm4wOXJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTItMjhkNzhlYjlmMmRj
LzEvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1HxeMA0G
CSqGSIb3DQEBCwUAA4IBAQBS/wyakgKdkO9RLaDC1PUhaINRFSy+lDkmuwzWy10L
TyFIwTEzzYfhcwmxBhrnVdl3YqZkyZ+Jb8AkKcFd0qWuggwwtMwMEtiqEZXJPYUQ
ZJmJvAbz4VeFYyC2x0o5L6YR87aevR9bhwDonqJvUkUDl8l7egrccNAYVvqfaL9A
pWjOoGnDpf5vR8c2eaefZIScnfafChs/ljlML18ENLiNX08zYIEFJM6RO8RVKKWQ
0b9DSScjXUJsVXbLdZChTv2Puxlpq225EMpkYjwZ7JUk/NEX1sZ3S2HpoUDBXFEi
Vxy+Btne/Al7xBhZZ08RHkX/uDlkc2ioYw0NhW3VXOFf
-----END CERTIFICATE-----