Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/L3jfVXtRL6_lD6BNoqXy7sEXYVs.roa
File:                     L3jfVXtRL6_lD6BNoqXy7sEXYVs.roa (raw, json)
Hash identifier:          bCWcb1OjgRUbcmEWxo5WVJLuY5Wam3mN/c101nJS4g4=
Subject key identifier:   2F:78:DF:55:7B:51:2F:AF:E5:0F:A0:4D:A2:A5:F2:EE:C1:17:61:5B
Certificate issuer:       /CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
Certificate serial:       019422FBFCED0372416CE7DEC8AF2A381FDB
Authority key identifier: 7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/L3jfVXtRL6_lD6BNoqXy7sEXYVs.roa
Signing time:             Wed 01 Jan 2025 17:48:47 +0000
ROA not before:           Wed 01 Jan 2025 17:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201627
IP address blocks:        193.71.224.0/21 maxlen: 21
                          193.71.224.0/22 maxlen: 22
                          193.71.228.0/22 maxlen: 22
                          193.71.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 08:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:fc:ed:03:72:41:6c:e7:de:c8:af:2a:38:1f:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
        Validity
            Not Before: Jan  1 17:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f78df557b512fafe50fa04da2a5f2eec117615b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:e7:57:27:6f:5e:23:69:de:80:72:02:85:34:
                    09:65:87:28:39:8e:90:b4:f1:a9:e3:f6:b6:7b:08:
                    11:69:d8:80:82:ac:60:85:0a:ab:15:79:78:5c:21:
                    51:99:23:f9:e5:e6:ff:26:31:6c:3a:72:14:84:7e:
                    83:62:34:8e:34:b8:60:e8:df:c7:b0:77:92:0d:da:
                    ca:c3:ef:d3:8c:9b:f3:d5:b8:db:45:c3:91:1c:29:
                    d7:54:8e:ec:40:18:b6:d4:b9:f6:90:41:ea:2f:4e:
                    bd:d8:1a:ae:6d:a5:d6:ce:b4:65:0c:0d:62:47:f9:
                    03:62:1d:09:bd:f0:70:b9:a0:2b:c6:8e:c5:84:92:
                    62:de:5a:53:b7:a2:81:c7:53:65:77:4a:b6:d1:73:
                    63:62:0b:8d:4d:8c:eb:da:9f:a3:df:e0:3d:08:2e:
                    55:da:33:c1:42:19:a0:56:26:6d:7e:fe:06:4d:ab:
                    a6:b6:5e:5f:08:53:d3:2c:21:51:da:3b:c6:51:86:
                    cd:48:92:76:89:86:40:77:e9:ae:dc:6a:1a:d4:de:
                    a9:b0:9c:8f:25:1d:cf:67:4d:0a:26:fd:d6:63:39:
                    24:e9:a4:3e:68:1f:88:ef:67:53:21:dc:c7:03:0e:
                    f5:f5:08:87:d6:74:d5:08:ba:d7:5e:e7:db:24:9a:
                    51:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:78:DF:55:7B:51:2F:AF:E5:0F:A0:4D:A2:A5:F2:EE:C1:17:61:5B
            X509v3 Authority Key Identifier:
                keyid:7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/L3jfVXtRL6_lD6BNoqXy7sEXYVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.71.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         91:7a:7f:a4:1a:ae:ba:bc:f5:48:96:ae:ab:e5:59:8b:f3:18:
         aa:da:2c:a4:96:83:14:1d:8a:cf:60:e1:8a:dd:e5:5a:21:68:
         b2:14:06:9c:ae:72:07:2d:5a:b4:5d:cb:05:d5:5d:24:d8:0a:
         60:a1:76:0b:fa:8a:13:a1:4a:f3:41:d5:5d:4d:bd:58:0c:01:
         34:ae:25:0e:b7:ab:2f:92:7d:ee:85:07:4d:80:e8:ba:82:41:
         ca:21:bd:7a:4d:a4:ff:f5:bc:3a:66:05:81:c4:8b:10:eb:e1:
         67:2e:38:a4:59:01:38:9e:a8:5e:74:75:e3:8d:71:15:5b:cb:
         9d:4b:9d:67:dd:92:3a:aa:11:69:a9:65:b7:02:dd:f8:0e:d5:
         c4:c9:01:ed:5c:77:6d:3d:6d:aa:49:70:61:0a:ef:84:ec:5a:
         d2:13:ac:e0:31:90:ab:01:24:49:11:c5:31:4a:8f:4a:f6:79:
         9d:fa:6f:e3:99:62:e8:0e:10:97:99:e5:58:ef:5e:ca:e3:8c:
         73:1b:cf:bf:dd:55:ab:ac:5e:71:89:e4:e8:6b:a7:60:20:00:
         78:4a:7d:99:31:75:8b:b9:d2:48:f8:77:c2:e7:e6:18:dd:d3:
         99:52:93:3a:a2:d1:68:2e:59:a3:95:11:42:d6:4f:14:3e:06:
         a0:bc:65:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+/ztA3JBbOfeyK8qOB/bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYzRhY2VkY2I4NmNkZGZlZDdmNmRlOGNhZGZjYTAwNDY5
YmJjOGUwHhcNMjUwMTAxMTc0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjc4ZGY1NTdiNTEyZmFmZTUwZmEwNGRhMmE1ZjJlZWMxMTc2MTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiedXJ29eI2negHIChTQJZYcoOY6Q
tPGp4/a2ewgRadiAgqxghQqrFXl4XCFRmSP55eb/JjFsOnIUhH6DYjSONLhg6N/H
sHeSDdrKw+/TjJvz1bjbRcORHCnXVI7sQBi21Ln2kEHqL0692BqubaXWzrRlDA1i
R/kDYh0JvfBwuaArxo7FhJJi3lpTt6KBx1Nld0q20XNjYguNTYzr2p+j3+A9CC5V
2jPBQhmgViZtfv4GTaumtl5fCFPTLCFR2jvGUYbNSJJ2iYZAd+mu3Goa1N6psJyP
JR3PZ00KJv3WYzkk6aQ+aB+I72dTIdzHAw719QiH1nTVCLrXXufbJJpRnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC9431V7US+v5Q+gTaKl8u7BF2FbMB8GA1UdIwQY
MBaAFH3ErO3Lhs3f7X9t6MrfygBGm7yOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1Nzkt
Mzk0ODAyODVhOTQ4LzEvTDNqZlZYdFJMNl9sRDZCTm9xWHk3c0VYWVZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1NzktMzk0ODAyODVhOTQ4
LzEvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwUfgMA0G
CSqGSIb3DQEBCwUAA4IBAQCRen+kGq66vPVIlq6r5VmL8xiq2iykloMUHYrPYOGK
3eVaIWiyFAacrnIHLVq0XcsF1V0k2ApgoXYL+ooToUrzQdVdTb1YDAE0riUOt6sv
kn3uhQdNgOi6gkHKIb16TaT/9bw6ZgWBxIsQ6+FnLjikWQE4nqhedHXjjXEVW8ud
S51n3ZI6qhFpqWW3At34DtXEyQHtXHdtPW2qSXBhCu+E7FrSE6zgMZCrASRJEcUx
So9K9nmd+m/jmWLoDhCXmeVY717K44xzG8+/3VWrrF5xieToa6dgIAB4Sn2ZMXWL
udJI+HfC5+YY3dOZUpM6otFoLlmjlRFC1k8UPgagvGVP
-----END CERTIFICATE-----