Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/LLU_h_MCx_PI6iuzjG5n-X7Mntk.roa
File:                     LLU_h_MCx_PI6iuzjG5n-X7Mntk.roa (raw, json)
Hash identifier:          co72FMpEqNr608uwvHI73L404xOIPq+UDmFSQ66G/4s=
Subject key identifier:   2C:B5:3F:87:F3:02:C7:F3:C8:EA:2B:B3:8C:6E:67:F9:7E:CC:9E:D9
Certificate issuer:       /CN=7415fec4ae76b24e4f02991649917b99b740044a
Certificate serial:       019426D99A4F17245DB98D61EC44D749BAD3
Authority key identifier: 74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/LLU_h_MCx_PI6iuzjG5n-X7Mntk.roa
Signing time:             Thu 02 Jan 2025 11:49:42 +0000
ROA not before:           Thu 02 Jan 2025 11:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214422
IP address blocks:        77.105.164.0/24 maxlen: 24
                          92.42.102.0/24 maxlen: 24
                          185.225.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:9a:4f:17:24:5d:b9:8d:61:ec:44:d7:49:ba:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7415fec4ae76b24e4f02991649917b99b740044a
        Validity
            Not Before: Jan  2 11:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2cb53f87f302c7f3c8ea2bb38c6e67f97ecc9ed9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:dc:69:34:b7:7b:f9:5b:18:5a:96:6a:c7:be:
                    53:2f:5b:9d:33:fc:2f:f9:37:df:86:e0:c3:70:ec:
                    a6:99:88:19:8a:60:40:b2:bc:23:c5:c3:11:f4:66:
                    11:99:cf:c5:d9:7b:3a:4f:96:24:1a:f3:5e:d8:5c:
                    fd:b3:1f:d3:83:e5:e0:01:69:09:9a:eb:28:db:8a:
                    72:c2:7a:f6:44:95:87:d0:e9:9e:e3:c4:80:a4:5e:
                    54:1b:29:96:fe:36:b3:f7:88:c1:db:08:8b:a8:53:
                    a7:16:88:33:75:47:14:4a:fb:c6:3c:88:8d:4e:58:
                    be:f2:c8:01:44:6d:34:46:b7:3f:db:1e:96:6a:31:
                    5d:8b:0d:8f:06:dc:f7:f9:a1:4d:ed:c3:3a:8b:be:
                    ac:8a:73:ef:cf:c2:22:07:d9:8b:bf:70:59:1c:37:
                    28:8f:28:8b:81:75:cf:c8:6a:bf:b7:7b:8b:37:82:
                    56:b1:28:1c:a6:a7:f9:1f:ea:a5:12:2e:bc:56:65:
                    90:a5:71:6f:06:20:12:37:be:1a:65:22:a6:e5:cf:
                    46:fd:bb:2e:5e:a1:ca:7f:08:68:ae:59:7a:77:0b:
                    75:0b:97:87:6b:1f:cf:4e:60:2a:75:7e:f2:fd:93:
                    d5:23:49:de:4c:66:3f:19:5f:8b:c3:3c:31:67:0b:
                    ca:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:B5:3F:87:F3:02:C7:F3:C8:EA:2B:B3:8C:6E:67:F9:7E:CC:9E:D9
            X509v3 Authority Key Identifier:
                keyid:74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/LLU_h_MCx_PI6iuzjG5n-X7Mntk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.164.0/24
                  92.42.102.0/24
                  185.225.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:e8:ac:5a:8e:f9:af:83:fe:87:07:b1:93:ee:21:c5:8a:e2:
         88:3a:74:bd:0d:ac:fc:8c:e2:ce:00:d9:56:22:a6:3e:4f:ed:
         8b:50:51:be:bb:b5:26:68:02:64:03:02:94:c4:c8:97:36:b3:
         2f:6a:a7:ef:22:43:58:f1:1f:10:3f:bf:5f:37:75:db:2d:c8:
         26:4f:ba:c6:6f:2b:cd:e5:82:ff:0f:e9:91:3e:1b:52:53:4d:
         e1:f8:e8:84:65:45:05:36:63:1b:88:a9:a8:f6:45:d5:8e:fb:
         a6:f5:d2:4d:94:e3:5a:ec:43:f5:6c:53:45:7f:85:a7:b1:99:
         4a:1f:57:3d:52:f8:14:c0:3c:94:c1:61:04:b8:b1:05:01:7c:
         d4:29:75:62:57:17:f8:6f:88:56:46:71:7e:ee:55:ce:a8:92:
         40:7e:af:1f:f0:44:5c:a8:67:69:c8:76:4a:02:53:7a:c2:43:
         30:cb:e1:9f:e6:39:d2:de:03:d4:ca:d9:4a:7b:25:61:7a:ed:
         ff:d7:73:66:40:42:bd:17:84:4b:75:3f:51:20:40:f9:b4:a6:
         29:bd:d1:4c:db:b6:23:fb:89:49:09:1d:7d:19:c8:e7:00:35:
         31:8c:f7:36:be:83:9c:e6:dd:ae:2d:95:55:90:c2:2e:4d:19:
         6f:13:ec:02
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQm2ZpPFyRduY1h7ETXSbrTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MTVmZWM0YWU3NmIyNGU0ZjAyOTkxNjQ5OTE3Yjk5Yjc0
MDA0NGEwHhcNMjUwMTAyMTE0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2I1M2Y4N2YzMDJjN2YzYzhlYTJiYjM4YzZlNjdmOTdlY2M5ZWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29xpNLd7+VsYWpZqx75TL1udM/wv
+TffhuDDcOymmYgZimBAsrwjxcMR9GYRmc/F2Xs6T5YkGvNe2Fz9sx/Tg+XgAWkJ
muso24pywnr2RJWH0Ome48SApF5UGymW/jaz94jB2wiLqFOnFogzdUcUSvvGPIiN
Tli+8sgBRG00Rrc/2x6WajFdiw2PBtz3+aFN7cM6i76sinPvz8IiB9mLv3BZHDco
jyiLgXXPyGq/t3uLN4JWsSgcpqf5H+qlEi68VmWQpXFvBiASN74aZSKm5c9G/bsu
XqHKfwhorll6dwt1C5eHax/PTmAqdX7y/ZPVI0neTGY/GV+LwzwxZwvKFQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCy1P4fzAsfzyOors4xuZ/l+zJ7ZMB8GA1UdIwQY
MBaAFHQV/sSudrJOTwKZFkmRe5m3QARKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEt
ZWQ1MzU4YjZkYTMxLzEvTExVX2hfTUN4X1BJNml1empHNW4tWDdNbnRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEtZWQ1MzU4YjZkYTMx
LzEvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATWmkAwQA
XCpmAwQAueHKMA0GCSqGSIb3DQEBCwUAA4IBAQAa6Kxajvmvg/6HB7GT7iHFiuKI
OnS9Daz8jOLOANlWIqY+T+2LUFG+u7UmaAJkAwKUxMiXNrMvaqfvIkNY8R8QP79f
N3XbLcgmT7rGbyvN5YL/D+mRPhtSU03h+OiEZUUFNmMbiKmo9kXVjvum9dJNlONa
7EP1bFNFf4WnsZlKH1c9UvgUwDyUwWEEuLEFAXzUKXViVxf4b4hWRnF+7lXOqJJA
fq8f8ERcqGdpyHZKAlN6wkMwy+Gf5jnS3gPUytlKeyVheu3/13NmQEK9F4RLdT9R
IED5tKYpvdFM27Yj+4lJCR19GcjnADUxjPc2voOc5t2uLZVVkMIuTRlvE+wC
-----END CERTIFICATE-----