Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/8c3d5c-a36c-4e3f-a059-1a5579e8c6c0/1/L3VPH_zsfjbjwAwWmPKEb-EZRqg.roa
File:                     L3VPH_zsfjbjwAwWmPKEb-EZRqg.roa (raw, json)
Hash identifier:          UjjV+/8s9XVTqZqV/PGNgru/2pjUXQnn5HjnZe2AuZE=
Subject key identifier:   2F:75:4F:1F:FC:EC:7E:36:E3:C0:0C:16:98:F2:84:6F:E1:19:46:A8
Certificate issuer:       /CN=a1864edfa412d77a03cbf59131e3fcc03a60e188
Certificate serial:       0194258FC797FDC92C96A79EB541C741C680
Authority key identifier: A1:86:4E:DF:A4:12:D7:7A:03:CB:F5:91:31:E3:FC:C0:3A:60:E1:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oYZO36QS13oDy_WRMeP8wDpg4Yg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/8c3d5c-a36c-4e3f-a059-1a5579e8c6c0/1/L3VPH_zsfjbjwAwWmPKEb-EZRqg.roa
Signing time:             Thu 02 Jan 2025 05:49:27 +0000
ROA not before:           Thu 02 Jan 2025 05:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201322
IP address blocks:        91.186.68.0/23 maxlen: 23
                          91.186.70.0/24 maxlen: 24
                          91.186.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/8c3d5c-a36c-4e3f-a059-1a5579e8c6c0/1/oYZO36QS13oDy_WRMeP8wDpg4Yg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/8c3d5c-a36c-4e3f-a059-1a5579e8c6c0/1/oYZO36QS13oDy_WRMeP8wDpg4Yg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oYZO36QS13oDy_WRMeP8wDpg4Yg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 08:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:c7:97:fd:c9:2c:96:a7:9e:b5:41:c7:41:c6:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1864edfa412d77a03cbf59131e3fcc03a60e188
        Validity
            Not Before: Jan  2 05:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f754f1ffcec7e36e3c00c1698f2846fe11946a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:55:bf:e7:fc:65:50:63:07:79:59:7b:b0:c1:
                    ac:02:fa:0b:2f:fc:28:28:53:b2:79:6e:da:90:ca:
                    26:d7:17:1f:67:fb:1e:be:72:16:99:36:b0:6e:25:
                    6f:8a:b4:4c:84:03:38:ea:01:6b:3d:0e:74:06:e3:
                    42:45:24:06:ce:fa:a3:35:e4:3e:70:9a:db:91:26:
                    83:61:a1:3a:ad:e3:15:bc:44:22:d3:e1:c9:b7:38:
                    f3:23:63:fb:9c:d3:ac:09:64:3e:5f:77:16:02:fa:
                    0e:09:7c:29:b9:d3:1f:46:a1:2c:db:00:1f:68:6f:
                    1b:7f:4e:5c:07:be:17:1c:d2:b3:f5:11:11:d1:2e:
                    9a:d1:86:e6:97:42:c8:dc:e2:1d:21:26:02:e9:80:
                    2f:43:d4:1f:79:e0:cb:84:e0:7e:42:0d:1b:3e:2f:
                    e4:ad:9a:7d:e4:9f:32:cb:cb:c9:b7:89:99:e9:65:
                    e6:ec:52:af:7b:e8:42:1c:af:f3:e8:66:aa:58:ec:
                    9f:69:8d:6f:d1:20:35:08:0d:e1:d3:21:84:88:e2:
                    36:bf:9f:2a:64:59:11:2c:92:55:c1:67:8f:36:60:
                    9d:6b:84:ce:2e:4c:e7:67:32:24:df:79:5a:80:0c:
                    cd:91:6f:0d:a3:0d:c6:ff:24:a9:df:78:41:a2:a0:
                    3b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:75:4F:1F:FC:EC:7E:36:E3:C0:0C:16:98:F2:84:6F:E1:19:46:A8
            X509v3 Authority Key Identifier:
                keyid:A1:86:4E:DF:A4:12:D7:7A:03:CB:F5:91:31:E3:FC:C0:3A:60:E1:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oYZO36QS13oDy_WRMeP8wDpg4Yg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/8c3d5c-a36c-4e3f-a059-1a5579e8c6c0/1/L3VPH_zsfjbjwAwWmPKEb-EZRqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/8c3d5c-a36c-4e3f-a059-1a5579e8c6c0/1/oYZO36QS13oDy_WRMeP8wDpg4Yg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:33:93:be:37:4e:ca:1b:10:36:47:8a:06:51:1d:67:1f:34:
         fc:7a:ee:b2:dd:a7:d6:e4:6e:9c:c7:be:45:34:02:a0:ca:48:
         63:23:b5:84:71:62:d8:34:dc:b3:51:01:14:4e:a0:f3:00:1c:
         11:bc:e5:c8:cc:fa:ba:50:2e:c5:c5:62:18:80:e2:11:19:96:
         68:81:27:60:41:c0:16:8a:ea:ac:4f:71:ac:7d:71:9e:82:ad:
         96:dc:1d:8e:b9:be:5b:35:fe:b0:37:3f:bc:56:b3:64:8b:12:
         ad:24:5f:a0:19:98:16:39:3e:3f:66:26:e3:eb:f6:07:db:24:
         f7:e7:a1:60:3a:1a:69:62:94:af:5d:7a:b7:21:93:97:4c:00:
         b1:8c:4b:d4:16:b5:e9:e4:83:7e:e7:a9:2d:d9:2e:db:14:d7:
         8e:26:d3:23:fc:58:35:b0:d9:53:5b:a6:ef:e6:6b:13:3b:22:
         e3:41:e8:8c:91:68:d3:c4:8b:67:8b:72:db:46:70:f5:8c:9d:
         53:45:e7:bb:a6:22:98:62:33:a7:f9:42:72:8b:83:cf:a2:ec:
         9c:74:f2:bd:2a:fc:6a:94:90:12:f2:b7:ef:49:70:d9:14:19:
         a9:d8:bb:10:c0:39:f9:9f:97:bb:38:fd:5c:b9:41:e5:d1:ad:
         7d:af:2a:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj8eX/ckslqeetUHHQcaAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExODY0ZWRmYTQxMmQ3N2EwM2NiZjU5MTMxZTNmY2MwM2E2
MGUxODgwHhcNMjUwMTAyMDU0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjc1NGYxZmZjZWM3ZTM2ZTNjMDBjMTY5OGYyODQ2ZmUxMTk0NmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVW/5/xlUGMHeVl7sMGsAvoLL/wo
KFOyeW7akMom1xcfZ/sevnIWmTawbiVvirRMhAM46gFrPQ50BuNCRSQGzvqjNeQ+
cJrbkSaDYaE6reMVvEQi0+HJtzjzI2P7nNOsCWQ+X3cWAvoOCXwpudMfRqEs2wAf
aG8bf05cB74XHNKz9RER0S6a0Ybml0LI3OIdISYC6YAvQ9QfeeDLhOB+Qg0bPi/k
rZp95J8yy8vJt4mZ6WXm7FKve+hCHK/z6GaqWOyfaY1v0SA1CA3h0yGEiOI2v58q
ZFkRLJJVwWePNmCda4TOLkznZzIk33lagAzNkW8Now3G/ySp33hBoqA7QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC91Tx/87H4248AMFpjyhG/hGUaoMB8GA1UdIwQY
MBaAFKGGTt+kEtd6A8v1kTHj/MA6YOGIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1laTzM2UVMxM29EeV9XUk1lUDh3RHBnNFlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS84YzNkNWMtYTM2Yy00ZTNmLWEwNTkt
MWE1NTc5ZThjNmMwLzEvTDNWUEhfenNmamJqd0F3V21QS0ViLUVaUnFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS84YzNkNWMtYTM2Yy00ZTNmLWEwNTktMWE1NTc5ZThjNmMw
LzEvb1laTzM2UVMxM29EeV9XUk1lUDh3RHBnNFlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW7pEMA0G
CSqGSIb3DQEBCwUAA4IBAQBkM5O+N07KGxA2R4oGUR1nHzT8eu6y3afW5G6cx75F
NAKgykhjI7WEcWLYNNyzUQEUTqDzABwRvOXIzPq6UC7FxWIYgOIRGZZogSdgQcAW
iuqsT3GsfXGegq2W3B2Oub5bNf6wNz+8VrNkixKtJF+gGZgWOT4/Zibj6/YH2yT3
56FgOhppYpSvXXq3IZOXTACxjEvUFrXp5IN+56kt2S7bFNeOJtMj/Fg1sNlTW6bv
5msTOyLjQeiMkWjTxItni3LbRnD1jJ1TRee7piKYYjOn+UJyi4PPouycdPK9Kvxq
lJAS8rfvSXDZFBmp2LsQwDn5n5e7OP1cuUHl0a19rypj
-----END CERTIFICATE-----