Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/3LjHO8Vj5I2D_0m4AkpFsxQaRus.roa
File:                     3LjHO8Vj5I2D_0m4AkpFsxQaRus.roa (raw, json)
Hash identifier:          tiNPlHVjL8rOSp8ul+MoAs3IbABBrBORX2SiAFfJyb0=
Subject key identifier:   DC:B8:C7:3B:C5:63:E4:8D:83:FF:49:B8:02:4A:45:B3:14:1A:46:EB
Certificate issuer:       /CN=e15136feff3574ef9b2262de59b06a21908fab3e
Certificate serial:       0196C3FA1C569280904D7F84EC749535F381
Authority key identifier: E1:51:36:FE:FF:35:74:EF:9B:22:62:DE:59:B0:6A:21:90:8F:AB:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VE2_v81dO-bImLeWbBqIZCPqz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/3LjHO8Vj5I2D_0m4AkpFsxQaRus.roa
Signing time:             Mon 12 May 2025 10:11:10 +0000
ROA not before:           Mon 12 May 2025 10:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202319
IP address blocks:        185.166.104.0/24 maxlen: 24
                          185.166.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/4VE2_v81dO-bImLeWbBqIZCPqz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/4VE2_v81dO-bImLeWbBqIZCPqz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VE2_v81dO-bImLeWbBqIZCPqz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 16:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c3:fa:1c:56:92:80:90:4d:7f:84:ec:74:95:35:f3:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15136feff3574ef9b2262de59b06a21908fab3e
        Validity
            Not Before: May 12 10:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcb8c73bc563e48d83ff49b8024a45b3141a46eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b5:2c:b6:75:b2:ee:81:ba:d9:12:53:f4:e2:
                    43:fc:c0:f4:5a:8b:6e:2b:b5:a7:50:3f:72:24:bd:
                    3a:d2:98:14:8b:51:99:eb:d9:ae:54:78:ee:f7:a1:
                    a7:36:b6:33:17:03:01:f5:3e:35:71:6f:d8:c9:49:
                    cc:a2:76:0f:33:02:89:60:26:44:d5:18:0a:01:92:
                    c4:4e:46:82:8f:33:f6:6e:0f:a7:e0:0c:92:23:02:
                    b6:a7:5b:94:24:82:8e:2f:ae:78:f4:fa:e0:57:82:
                    44:ca:b5:1f:73:93:42:ec:3b:9c:86:8c:0f:3c:86:
                    26:df:99:f9:4a:85:e7:21:82:8a:8f:b0:a3:84:42:
                    80:c5:55:00:5b:2e:d9:1a:b5:b1:43:ba:d4:12:95:
                    43:40:4b:af:fc:f3:48:f1:42:16:aa:bc:55:c7:9b:
                    70:1c:4a:58:6b:01:4d:76:02:fb:f5:d9:51:3c:61:
                    f7:e7:c2:00:2b:c1:6e:19:46:99:51:16:d4:5b:05:
                    59:d4:e7:04:c9:e9:c4:1a:b1:37:ec:6d:a0:5e:be:
                    dc:47:41:30:c0:9d:5d:ce:dc:20:e3:e1:56:ae:2f:
                    ae:3b:20:96:6f:0d:45:47:1a:65:10:79:73:dc:f3:
                    80:a9:2f:53:5f:fb:fb:d6:5d:f7:8e:4b:69:c4:82:
                    bc:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:B8:C7:3B:C5:63:E4:8D:83:FF:49:B8:02:4A:45:B3:14:1A:46:EB
            X509v3 Authority Key Identifier:
                keyid:E1:51:36:FE:FF:35:74:EF:9B:22:62:DE:59:B0:6A:21:90:8F:AB:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VE2_v81dO-bImLeWbBqIZCPqz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/3LjHO8Vj5I2D_0m4AkpFsxQaRus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/4VE2_v81dO-bImLeWbBqIZCPqz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.104.0/24
                  185.166.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:9c:bc:18:35:fb:dd:5c:2c:7e:e6:9f:8f:52:28:64:e9:35:
         c8:95:a5:9b:d3:34:37:3a:20:50:e0:62:aa:37:0c:e0:24:ae:
         f3:7f:7c:df:bd:dc:0a:c9:93:2d:04:de:9f:1b:63:be:18:43:
         3f:81:0a:9a:c6:0d:36:86:58:1d:72:ad:9e:60:95:e2:19:d9:
         77:8e:57:67:00:38:72:9a:b1:70:1c:4b:10:df:98:36:98:c5:
         8f:ca:41:70:0b:4f:85:72:73:5e:c9:7e:c5:55:01:18:3a:0e:
         97:48:f1:18:68:11:c5:92:e8:2b:bf:b2:0f:f8:dd:5f:1a:64:
         75:95:3f:7d:b4:c4:c3:9a:b7:51:00:06:12:fd:ef:75:a8:c0:
         9b:f7:c3:74:f2:2f:29:6a:85:60:de:0b:89:be:ac:88:18:02:
         d2:3b:2e:2b:68:a4:14:9c:d6:92:75:67:d6:c9:9c:90:27:e8:
         87:bb:cf:e4:ed:f7:e6:cf:e1:53:54:9f:f5:88:82:2c:9f:0c:
         49:44:2f:99:22:30:6b:a5:d6:9a:97:20:bd:0b:43:6d:9d:71:
         f8:05:e1:8e:7a:e1:61:c4:f1:f0:00:67:be:b4:43:89:f1:c4:
         c9:55:a2:d4:17:4f:e3:cc:dc:79:a0:0a:ff:62:35:2a:f4:7d:
         06:5b:89:09
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbD+hxWkoCQTX+E7HSVNfOBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTEzNmZlZmYzNTc0ZWY5YjIyNjJkZTU5YjA2YTIxOTA4
ZmFiM2UwHhcNMjUwNTEyMTAxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2I4YzczYmM1NjNlNDhkODNmZjQ5YjgwMjRhNDViMzE0MWE0NmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rUstnWy7oG62RJT9OJD/MD0Wotu
K7WnUD9yJL060pgUi1GZ69muVHju96GnNrYzFwMB9T41cW/YyUnMonYPMwKJYCZE
1RgKAZLETkaCjzP2bg+n4AySIwK2p1uUJIKOL6549PrgV4JEyrUfc5NC7DuchowP
PIYm35n5SoXnIYKKj7CjhEKAxVUAWy7ZGrWxQ7rUEpVDQEuv/PNI8UIWqrxVx5tw
HEpYawFNdgL79dlRPGH358IAK8FuGUaZURbUWwVZ1OcEyenEGrE37G2gXr7cR0Ew
wJ1dztwg4+FWri+uOyCWbw1FRxplEHlz3POAqS9TX/v71l33jktpxIK8xQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNy4xzvFY+SNg/9JuAJKRbMUGkbrMB8GA1UdIwQY
MBaAFOFRNv7/NXTvmyJi3lmwaiGQj6s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZFMl92ODFkTy1iSW1MZVdiQnFJWkNQcXo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8xZTA5YTYtNjk1Yi00MDJlLTliZmMt
MDQxMzEyMjQyZmYzLzEvM0xqSE84Vmo1STJEXzBtNEFrcEZzeFFhUnVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8xZTA5YTYtNjk1Yi00MDJlLTliZmMtMDQxMzEyMjQyZmYz
LzEvNFZFMl92ODFkTy1iSW1MZVdiQnFJWkNQcXo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuaZoAwQA
uaZqMA0GCSqGSIb3DQEBCwUAA4IBAQBYnLwYNfvdXCx+5p+PUihk6TXIlaWb0zQ3
OiBQ4GKqNwzgJK7zf3zfvdwKyZMtBN6fG2O+GEM/gQqaxg02hlgdcq2eYJXiGdl3
jldnADhymrFwHEsQ35g2mMWPykFwC0+FcnNeyX7FVQEYOg6XSPEYaBHFkugrv7IP
+N1fGmR1lT99tMTDmrdRAAYS/e91qMCb98N08i8paoVg3guJvqyIGALSOy4raKQU
nNaSdWfWyZyQJ+iHu8/k7ffmz+FTVJ/1iIIsnwxJRC+ZIjBrpdaalyC9C0NtnXH4
BeGOeuFhxPHwAGe+tEOJ8cTJVaLUF0/jzNx5oAr/YjUq9H0GW4kJ
-----END CERTIFICATE-----