Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ll0DCKsSPHdcV55SgR0z9rae5ZA.roa
File:                     ll0DCKsSPHdcV55SgR0z9rae5ZA.roa (raw, json)
Hash identifier:          WjtQ0hHF2seIwty1EPRsdFwBt+HOR1gW/9zHTPsv/KQ=
Subject key identifier:   96:5D:03:08:AB:12:3C:77:5C:57:9E:52:81:1D:33:F6:B6:9E:E5:90
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01972038140F3B58451C6080023703DD130F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ll0DCKsSPHdcV55SgR0z9rae5ZA.roa
Signing time:             Fri 30 May 2025 08:03:55 +0000
ROA not before:           Fri 30 May 2025 08:03:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207835
IP address blocks:        109.176.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 10:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:20:38:14:0f:3b:58:45:1c:60:80:02:37:03:dd:13:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 30 08:03:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=965d0308ab123c775c579e52811d33f6b69ee590
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:92:4e:d9:63:0f:a5:b8:b2:2e:13:0c:cd:84:
                    07:0d:0d:e1:83:8b:f3:b5:04:ac:5f:2d:a8:de:f8:
                    9e:e8:17:9b:19:5a:c1:13:61:ed:d2:7f:8e:10:20:
                    83:d9:7f:88:e2:46:1f:da:b7:df:72:99:7c:c5:a6:
                    fd:4d:26:a8:23:c6:6e:4a:cf:9f:09:61:19:da:87:
                    96:a4:ba:70:4f:57:fc:0b:fc:a5:76:c7:e2:e3:6b:
                    6b:26:6c:fe:25:0a:ed:f6:e3:1b:eb:19:30:0d:42:
                    c6:46:61:20:31:88:29:07:22:7f:30:31:14:93:9e:
                    15:7e:cb:99:b8:c2:d3:f5:1d:58:c5:d8:da:5e:1b:
                    82:37:7f:52:db:ec:c3:52:25:7f:b3:a8:b1:17:0b:
                    13:c1:19:58:05:8b:42:cd:e7:df:ef:32:39:28:c3:
                    0d:e0:e3:0b:54:d6:ad:2b:38:dc:5e:18:5a:e9:38:
                    57:34:56:4d:c5:fb:51:61:5a:03:cf:fb:c3:52:bd:
                    37:b8:62:29:6e:eb:a8:88:40:f2:8e:74:5b:7d:68:
                    a4:a0:29:e5:d1:1d:63:9a:f2:fe:76:77:42:42:4c:
                    c7:cc:cd:c3:e7:e2:81:6d:ae:6a:ab:58:fd:61:a8:
                    49:88:2e:a9:f3:ab:35:ac:c1:cf:55:42:e5:44:14:
                    69:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:5D:03:08:AB:12:3C:77:5C:57:9E:52:81:1D:33:F6:B6:9E:E5:90
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ll0DCKsSPHdcV55SgR0z9rae5ZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:f5:8f:ae:84:f8:2b:42:a2:b6:42:42:b5:dd:af:c4:da:2c:
         ef:20:e2:fb:73:c8:c0:79:64:82:2e:ac:4d:e7:82:ef:ab:dc:
         00:29:b5:7f:7b:a9:6b:91:73:7c:6c:e6:12:ac:46:6b:d0:74:
         b3:02:fd:b3:16:72:82:56:e4:89:23:d5:50:e9:3c:e6:d4:fb:
         4d:75:b4:0a:6f:a9:2e:60:15:63:6c:ec:56:ac:89:2b:af:b1:
         4d:d2:9c:05:3d:69:d1:65:cf:a2:67:c4:32:3e:8c:90:6e:a9:
         dc:e7:ba:1d:ec:79:e0:df:34:b3:f9:0a:df:38:86:81:bf:ca:
         5c:a8:c6:46:e8:16:1b:5a:61:58:26:8d:82:c9:ed:55:a3:d8:
         d5:f3:4b:92:ce:8e:67:16:c1:59:8c:11:33:cc:cd:cd:ff:87:
         d1:c8:80:00:c0:76:4d:5a:e7:ad:21:1c:cb:39:27:99:0b:4c:
         f8:37:c5:c2:cd:c5:a8:2f:b4:8d:ec:4f:c6:98:d3:a5:54:c2:
         1d:27:58:13:65:9b:48:bc:1d:c0:02:92:36:0a:b1:e3:6f:fc:
         a5:a9:13:bf:72:86:c5:0f:54:78:3a:45:e4:56:d8:28:91:28:
         66:86:12:bc:99:ef:d9:58:fb:2d:63:17:f1:9e:de:e4:a9:8b:
         5e:4e:0b:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcgOBQPO1hFHGCAAjcD3RMPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNTMwMDgwMzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjVkMDMwOGFiMTIzYzc3NWM1NzllNTI4MTFkMzNmNmI2OWVlNTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pJO2WMPpbiyLhMMzYQHDQ3hg4vz
tQSsXy2o3vie6BebGVrBE2Ht0n+OECCD2X+I4kYf2rffcpl8xab9TSaoI8ZuSs+f
CWEZ2oeWpLpwT1f8C/yldsfi42trJmz+JQrt9uMb6xkwDULGRmEgMYgpByJ/MDEU
k54VfsuZuMLT9R1YxdjaXhuCN39S2+zDUiV/s6ixFwsTwRlYBYtCzeff7zI5KMMN
4OMLVNatKzjcXhha6ThXNFZNxftRYVoDz/vDUr03uGIpbuuoiEDyjnRbfWikoCnl
0R1jmvL+dndCQkzHzM3D5+KBba5qq1j9YahJiC6p86s1rMHPVULlRBRpZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJZdAwirEjx3XFeeUoEdM/a2nuWQMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbGwwRENLc1NQSGRjVjU1U2dSMHo5cmFlNVpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbD9MA0G
CSqGSIb3DQEBCwUAA4IBAQCo9Y+uhPgrQqK2QkK13a/E2izvIOL7c8jAeWSCLqxN
54Lvq9wAKbV/e6lrkXN8bOYSrEZr0HSzAv2zFnKCVuSJI9VQ6Tzm1PtNdbQKb6ku
YBVjbOxWrIkrr7FN0pwFPWnRZc+iZ8QyPoyQbqnc57od7Hng3zSz+QrfOIaBv8pc
qMZG6BYbWmFYJo2Cye1Vo9jV80uSzo5nFsFZjBEzzM3N/4fRyIAAwHZNWuetIRzL
OSeZC0z4N8XCzcWoL7SN7E/GmNOlVMIdJ1gTZZtIvB3AApI2CrHjb/ylqRO/cobF
D1R4OkXkVtgokShmhhK8me/ZWPstYxfxnt7kqYteTgtg
-----END CERTIFICATE-----