Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/e05614-2824-4298-be0c-e3a7ff11c631/1/3-lLWfL65uJnHZ2rztKfPXmI6kg.roa
File:                     3-lLWfL65uJnHZ2rztKfPXmI6kg.roa (raw, json)
Hash identifier:          TNLFS3eE9Ow6yD/bR32mYv3A5v+ZXVoId2+UI7n/x9s=
Subject key identifier:   DF:E9:4B:59:F2:FA:E6:E2:67:1D:9D:AB:CE:D2:9F:3D:79:88:EA:48
Certificate issuer:       /CN=6f9360b6f5839aafdce21cd6de763bdaa26bfbf0
Certificate serial:       019423D6FB9B852A5C98AD61F121B62E687E
Authority key identifier: 6F:93:60:B6:F5:83:9A:AF:DC:E2:1C:D6:DE:76:3B:DA:A2:6B:FB:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b5NgtvWDmq_c4hzW3nY72qJr-_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/e05614-2824-4298-be0c-e3a7ff11c631/1/3-lLWfL65uJnHZ2rztKfPXmI6kg.roa
Signing time:             Wed 01 Jan 2025 21:47:59 +0000
ROA not before:           Wed 01 Jan 2025 21:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16077
IP address blocks:        193.41.180.0/23 maxlen: 23
                          193.108.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/e05614-2824-4298-be0c-e3a7ff11c631/1/b5NgtvWDmq_c4hzW3nY72qJr-_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/e05614-2824-4298-be0c-e3a7ff11c631/1/b5NgtvWDmq_c4hzW3nY72qJr-_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b5NgtvWDmq_c4hzW3nY72qJr-_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:fb:9b:85:2a:5c:98:ad:61:f1:21:b6:2e:68:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f9360b6f5839aafdce21cd6de763bdaa26bfbf0
        Validity
            Not Before: Jan  1 21:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dfe94b59f2fae6e2671d9dabced29f3d7988ea48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b8:97:45:67:ed:22:1f:e7:bb:56:0f:66:f4:
                    16:74:27:a4:99:2a:3b:77:7c:90:81:ab:09:a2:f0:
                    43:eb:51:09:7b:b1:10:92:09:6a:8e:c2:95:94:7f:
                    4e:29:40:6c:a9:68:51:b6:8d:25:f8:4a:59:f9:ee:
                    b8:8c:e1:79:12:df:66:f8:31:b9:e2:4e:08:64:1d:
                    27:ad:d5:bc:65:5d:99:49:c9:1a:51:e0:59:f2:59:
                    55:af:24:0b:d7:69:11:a1:db:bc:78:27:ed:69:71:
                    89:b5:2c:ed:d0:2e:33:a1:d4:0c:29:1a:5a:2d:71:
                    7a:d5:9d:7b:c6:07:ce:f2:06:e3:d0:12:6d:f6:e9:
                    ff:4c:e1:2f:39:eb:28:4e:93:30:d2:87:b8:09:4a:
                    dd:91:b7:37:50:92:5d:f1:51:94:f4:7d:69:83:dc:
                    04:ca:d1:ca:e7:f6:ac:74:e2:68:9c:2c:2d:ff:9f:
                    b7:61:d3:c7:fd:d5:73:c2:5f:29:ee:87:2a:db:07:
                    f4:ab:31:66:6c:6e:a6:84:2e:0b:21:7c:c4:eb:22:
                    5d:53:a4:57:a6:cf:8d:eb:cc:ab:4b:11:df:82:18:
                    18:83:fd:08:c5:35:37:a1:04:34:17:f9:c8:50:3c:
                    a4:5d:d4:3c:1b:11:c5:82:91:f8:79:0b:9f:76:5d:
                    bd:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:E9:4B:59:F2:FA:E6:E2:67:1D:9D:AB:CE:D2:9F:3D:79:88:EA:48
            X509v3 Authority Key Identifier:
                keyid:6F:93:60:B6:F5:83:9A:AF:DC:E2:1C:D6:DE:76:3B:DA:A2:6B:FB:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5NgtvWDmq_c4hzW3nY72qJr-_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/e05614-2824-4298-be0c-e3a7ff11c631/1/3-lLWfL65uJnHZ2rztKfPXmI6kg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/e05614-2824-4298-be0c-e3a7ff11c631/1/b5NgtvWDmq_c4hzW3nY72qJr-_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.180.0/23
                  193.108.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:a1:ce:92:b2:06:ab:96:55:eb:e7:65:80:35:4d:e9:e0:e1:
         c1:4e:24:aa:9c:61:3c:76:62:17:99:4e:39:1f:1e:8a:6a:d7:
         39:d0:d1:96:a0:17:91:a2:72:40:9c:57:2b:83:7e:4d:3b:80:
         ee:57:f7:1a:e4:4a:98:d0:cb:f8:a0:a2:e2:16:f4:b3:a2:86:
         87:2c:3f:24:da:fb:5b:d0:11:7d:d9:0f:f4:66:2b:b5:60:ba:
         38:44:90:a4:b4:4c:e0:dd:d8:58:40:45:f0:73:b8:9a:4f:64:
         cc:5f:a4:bd:80:0e:e7:70:8a:37:6f:fb:5a:60:5a:43:59:0b:
         bd:19:bb:65:49:cc:84:88:cf:6d:9b:b8:f7:29:96:d6:e0:1f:
         38:96:51:61:6e:15:99:30:bb:46:ed:9a:ed:ef:26:5e:8f:c3:
         39:54:40:d7:f4:95:71:1e:da:42:2c:83:7f:a1:b7:46:d4:0f:
         78:2c:08:58:a8:bc:f2:d0:7f:38:4b:fc:35:e3:31:59:fa:4a:
         1c:8f:9e:9d:38:6c:75:16:9a:77:23:da:b6:2b:4d:5e:d3:2a:
         54:d4:8b:77:72:1a:fc:f6:1a:6e:3e:54:cf:43:dd:48:bf:bb:
         08:28:b0:5f:6f:2d:ea:ae:77:d2:7a:3b:3f:99:2b:8d:c8:d7:
         76:9b:3f:9a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1vubhSpcmK1h8SG2Lmh+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmOTM2MGI2ZjU4MzlhYWZkY2UyMWNkNmRlNzYzYmRhYTI2
YmZiZjAwHhcNMjUwMTAxMjE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmU5NGI1OWYyZmFlNmUyNjcxZDlkYWJjZWQyOWYzZDc5ODhlYTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7iXRWftIh/nu1YPZvQWdCekmSo7
d3yQgasJovBD61EJe7EQkglqjsKVlH9OKUBsqWhRto0l+EpZ+e64jOF5Et9m+DG5
4k4IZB0nrdW8ZV2ZSckaUeBZ8llVryQL12kRodu8eCftaXGJtSzt0C4zodQMKRpa
LXF61Z17xgfO8gbj0BJt9un/TOEvOesoTpMw0oe4CUrdkbc3UJJd8VGU9H1pg9wE
ytHK5/asdOJonCwt/5+3YdPH/dVzwl8p7ocq2wf0qzFmbG6mhC4LIXzE6yJdU6RX
ps+N68yrSxHfghgYg/0IxTU3oQQ0F/nIUDykXdQ8GxHFgpH4eQufdl29RwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN/pS1ny+ubiZx2dq87Snz15iOpIMB8GA1UdIwQY
MBaAFG+TYLb1g5qv3OIc1t52O9qia/vwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjVOZ3R2V0RtcV9jNGh6VzNuWTcycUpyLV9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9lMDU2MTQtMjgyNC00Mjk4LWJlMGMt
ZTNhN2ZmMTFjNjMxLzEvMy1sTFdmTDY1dUpuSFoycnp0S2ZQWG1JNmtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9lMDU2MTQtMjgyNC00Mjk4LWJlMGMtZTNhN2ZmMTFjNjMx
LzEvYjVOZ3R2V0RtcV9jNGh6VzNuWTcycUpyLV9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwSm0AwQA
wWzLMA0GCSqGSIb3DQEBCwUAA4IBAQAtoc6SsgarllXr52WANU3p4OHBTiSqnGE8
dmIXmU45Hx6Katc50NGWoBeRonJAnFcrg35NO4DuV/ca5EqY0Mv4oKLiFvSzooaH
LD8k2vtb0BF92Q/0Ziu1YLo4RJCktEzg3dhYQEXwc7iaT2TMX6S9gA7ncIo3b/ta
YFpDWQu9GbtlScyEiM9tm7j3KZbW4B84llFhbhWZMLtG7Zrt7yZej8M5VEDX9JVx
HtpCLIN/obdG1A94LAhYqLzy0H84S/w14zFZ+kocj56dOGx1Fpp3I9q2K01e0ypU
1It3chr89hpuPlTPQ91Iv7sIKLBfby3qrnfSejs/mSuNyNd2mz+a
-----END CERTIFICATE-----