Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/CT-3l0p9gg6VPqpkvwK6-YeB6pE.roa
File:                     CT-3l0p9gg6VPqpkvwK6-YeB6pE.roa (raw, json)
Hash identifier:          RUIJZLk9xg0lGoyDdhD+bJMX1WkdWP7lO6yMUzIdGIw=
Subject key identifier:   09:3F:B7:97:4A:7D:82:0E:95:3E:AA:64:BF:02:BA:F9:87:81:EA:91
Certificate issuer:       /CN=cd65ee23bff42ccf679d7377fe4da695d341aef0
Certificate serial:       0194266A0D73E5BDF6C6B923BAF339B539ED
Authority key identifier: CD:65:EE:23:BF:F4:2C:CF:67:9D:73:77:FE:4D:A6:95:D3:41:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zWXuI7_0LM9nnXN3_k2mldNBrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/CT-3l0p9gg6VPqpkvwK6-YeB6pE.roa
Signing time:             Thu 02 Jan 2025 09:47:51 +0000
ROA not before:           Thu 02 Jan 2025 09:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3301
IP address blocks:        195.43.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/zWXuI7_0LM9nnXN3_k2mldNBrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/zWXuI7_0LM9nnXN3_k2mldNBrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zWXuI7_0LM9nnXN3_k2mldNBrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:0d:73:e5:bd:f6:c6:b9:23:ba:f3:39:b5:39:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd65ee23bff42ccf679d7377fe4da695d341aef0
        Validity
            Not Before: Jan  2 09:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=093fb7974a7d820e953eaa64bf02baf98781ea91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:10:0e:08:a9:d9:36:65:e5:c6:0e:14:2c:44:
                    1d:8f:8a:5a:5a:b8:94:74:7e:18:02:58:6d:8b:24:
                    cd:97:f5:fe:48:d7:bc:81:b1:a7:92:39:16:97:a3:
                    dd:eb:b4:0f:d0:98:22:c9:4e:46:d5:62:0c:80:5e:
                    e0:28:3d:c6:d3:2d:31:e7:0f:1f:0c:5c:46:38:16:
                    1e:b0:68:65:08:60:7d:36:01:a6:7b:16:15:b7:61:
                    12:e5:49:45:0a:c3:0e:b4:bf:37:be:3d:c0:7d:1d:
                    4b:03:fe:7f:88:3d:a1:b3:ce:de:ff:17:e1:24:5d:
                    79:c7:fe:c6:5c:56:97:82:15:20:d2:38:36:5a:46:
                    a0:a6:0c:16:43:41:4c:46:69:a0:49:8d:a6:51:52:
                    2a:8f:8c:6d:64:64:c9:3e:86:f0:e7:b2:92:c5:5e:
                    99:d3:87:8f:de:68:72:7b:62:04:3f:4c:ce:88:1c:
                    86:31:d9:b5:43:27:b9:89:96:3c:59:12:42:89:f4:
                    d7:b4:fa:c5:9b:c9:2c:4c:ee:3c:f4:dd:4b:c9:64:
                    c8:63:27:bd:df:ff:98:f1:2f:f9:03:97:06:ca:cc:
                    fa:9c:62:84:d7:6c:5f:6b:36:92:31:ba:ed:95:63:
                    9c:1e:cd:87:64:c8:85:ad:f6:2c:3f:7c:13:00:9a:
                    09:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:3F:B7:97:4A:7D:82:0E:95:3E:AA:64:BF:02:BA:F9:87:81:EA:91
            X509v3 Authority Key Identifier:
                keyid:CD:65:EE:23:BF:F4:2C:CF:67:9D:73:77:FE:4D:A6:95:D3:41:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zWXuI7_0LM9nnXN3_k2mldNBrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/CT-3l0p9gg6VPqpkvwK6-YeB6pE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/zWXuI7_0LM9nnXN3_k2mldNBrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:15:15:b4:1a:6d:5c:2a:37:ce:91:80:32:51:46:44:d2:a3:
         b5:bb:8c:02:0b:6e:2e:0a:43:56:d3:3e:ff:9a:36:41:20:6a:
         44:22:fc:ec:fc:a8:60:97:1f:bd:53:18:82:e8:d0:b4:26:b1:
         06:0d:74:dc:61:90:0e:66:af:b0:22:67:55:48:79:1d:a2:3e:
         6a:c9:26:e5:86:fc:59:49:d6:4b:63:a9:03:54:af:bc:2a:e1:
         95:bd:0c:48:dd:a4:7a:8e:a7:e8:03:06:e1:db:19:7d:0e:5c:
         9b:a4:b7:bb:b9:e0:cb:6b:ce:be:88:fb:87:ad:4b:12:f5:f9:
         4a:43:fd:ab:6f:0b:07:71:ab:80:80:7a:30:25:d6:89:50:1e:
         ec:66:48:e2:e1:60:2e:6f:d6:f7:f0:88:61:ca:44:1f:93:87:
         38:c1:6f:5e:62:2a:e0:01:8d:48:1e:a9:3e:b6:35:3f:95:de:
         93:a0:e5:61:bd:ac:e6:e3:c2:67:3b:d9:50:fe:69:bc:4a:a0:
         c1:cf:6d:11:ee:aa:4b:ba:ba:89:7f:be:97:a7:0e:27:f5:50:
         7d:ab:44:36:6e:8e:22:ce:79:11:39:da:a5:30:72:73:a9:5d:
         32:dd:57:9d:5a:1d:fc:e4:53:96:76:52:93:77:5d:89:56:48:
         47:0c:2e:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmag1z5b32xrkjuvM5tTntMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNjVlZTIzYmZmNDJjY2Y2NzlkNzM3N2ZlNGRhNjk1ZDM0
MWFlZjAwHhcNMjUwMTAyMDk0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTNmYjc5NzRhN2Q4MjBlOTUzZWFhNjRiZjAyYmFmOTg3ODFlYTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxAOCKnZNmXlxg4ULEQdj4paWriU
dH4YAlhtiyTNl/X+SNe8gbGnkjkWl6Pd67QP0JgiyU5G1WIMgF7gKD3G0y0x5w8f
DFxGOBYesGhlCGB9NgGmexYVt2ES5UlFCsMOtL83vj3AfR1LA/5/iD2hs87e/xfh
JF15x/7GXFaXghUg0jg2WkagpgwWQ0FMRmmgSY2mUVIqj4xtZGTJPobw57KSxV6Z
04eP3mhye2IEP0zOiByGMdm1Qye5iZY8WRJCifTXtPrFm8ksTO489N1LyWTIYye9
3/+Y8S/5A5cGysz6nGKE12xfazaSMbrtlWOcHs2HZMiFrfYsP3wTAJoJMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAk/t5dKfYIOlT6qZL8CuvmHgeqRMB8GA1UdIwQY
MBaAFM1l7iO/9CzPZ51zd/5NppXTQa7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveldYdUk3XzBMTTlublhOM19rMm1sZE5CcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMDZkNDMtM2RiZi00Y2Y4LTgxNWQt
NWRjMmZhNmEzNTAzLzEvQ1QtM2wwcDlnZzZWUHFwa3Z3SzYtWWVCNnBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMDZkNDMtM2RiZi00Y2Y4LTgxNWQtNWRjMmZhNmEzNTAz
LzEveldYdUk3XzBMTTlublhOM19rMm1sZE5CcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyuXMA0G
CSqGSIb3DQEBCwUAA4IBAQAuFRW0Gm1cKjfOkYAyUUZE0qO1u4wCC24uCkNW0z7/
mjZBIGpEIvzs/Khglx+9UxiC6NC0JrEGDXTcYZAOZq+wImdVSHkdoj5qySblhvxZ
SdZLY6kDVK+8KuGVvQxI3aR6jqfoAwbh2xl9DlybpLe7ueDLa86+iPuHrUsS9flK
Q/2rbwsHcauAgHowJdaJUB7sZkji4WAub9b38IhhykQfk4c4wW9eYirgAY1IHqk+
tjU/ld6ToOVhvazm48JnO9lQ/mm8SqDBz20R7qpLurqJf76Xpw4n9VB9q0Q2bo4i
znkROdqlMHJzqV0y3VedWh385FOWdlKTd12JVkhHDC6e
-----END CERTIFICATE-----