Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/46169f-cf94-4d1b-b2d7-72125297af28/1/3LmcdlhkUozmC6fvBNvRqCvSzt0.roa
File:                     3LmcdlhkUozmC6fvBNvRqCvSzt0.roa (raw, json)
Hash identifier:          Y7dEvx1WxwHh/kqiqr3Nj0OZHbvLg2W3/22cNvnOsh0=
Subject key identifier:   DC:B9:9C:76:58:64:52:8C:E6:0B:A7:EF:04:DB:D1:A8:2B:D2:CE:DD
Certificate issuer:       /CN=1a537a0c0a331091b307253c6f07e8f82854e6b0
Certificate serial:       019421B1E8BE36BA6DEBD252E31920F1E947
Authority key identifier: 1A:53:7A:0C:0A:33:10:91:B3:07:25:3C:6F:07:E8:F8:28:54:E6:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GlN6DAozEJGzByU8bwfo-ChU5rA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/46169f-cf94-4d1b-b2d7-72125297af28/1/3LmcdlhkUozmC6fvBNvRqCvSzt0.roa
Signing time:             Wed 01 Jan 2025 11:48:15 +0000
ROA not before:           Wed 01 Jan 2025 11:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        141.35.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/46169f-cf94-4d1b-b2d7-72125297af28/1/GlN6DAozEJGzByU8bwfo-ChU5rA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/46169f-cf94-4d1b-b2d7-72125297af28/1/GlN6DAozEJGzByU8bwfo-ChU5rA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GlN6DAozEJGzByU8bwfo-ChU5rA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:e8:be:36:ba:6d:eb:d2:52:e3:19:20:f1:e9:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a537a0c0a331091b307253c6f07e8f82854e6b0
        Validity
            Not Before: Jan  1 11:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcb99c765864528ce60ba7ef04dbd1a82bd2cedd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b1:01:64:61:b9:41:58:6d:41:79:01:97:07:
                    52:ab:97:d8:02:e7:c8:69:1b:a8:aa:3b:5b:89:90:
                    6d:16:39:34:54:27:0e:a8:15:29:20:65:64:49:a2:
                    58:54:ed:ff:6c:5d:77:c7:e8:cf:28:88:ee:27:0b:
                    51:3e:ee:70:f1:5e:f1:cc:25:a1:f5:ce:7b:de:f4:
                    b2:28:15:36:aa:82:3a:ae:98:5f:02:0d:b8:2c:9b:
                    e5:04:f2:41:90:b3:8a:5c:9f:52:dc:8f:e4:21:b9:
                    71:3e:36:bb:07:08:3d:d3:36:37:c1:2f:8c:d9:b4:
                    51:b9:1e:e5:d6:44:0b:88:72:74:03:fc:c6:3a:1c:
                    34:e7:ea:c3:86:c9:41:99:88:f4:77:d8:6b:42:05:
                    d0:e3:c3:5f:28:84:09:89:35:25:fc:d1:4d:86:f5:
                    3c:4c:b9:d0:80:71:88:f5:36:20:f3:14:8e:71:80:
                    08:86:ee:e2:f0:f6:5a:76:21:ca:c6:a2:e6:d1:1d:
                    46:bd:80:49:19:6c:09:b7:bd:55:d3:b4:82:f9:75:
                    58:8f:d0:b1:f2:21:0a:8b:30:ab:63:a4:a7:d4:39:
                    dd:d1:1c:90:14:23:fd:4d:50:f4:61:b3:da:2a:4c:
                    ac:be:7a:f0:a1:f8:4a:c5:0f:4d:f5:0d:13:3e:c1:
                    94:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:B9:9C:76:58:64:52:8C:E6:0B:A7:EF:04:DB:D1:A8:2B:D2:CE:DD
            X509v3 Authority Key Identifier:
                keyid:1A:53:7A:0C:0A:33:10:91:B3:07:25:3C:6F:07:E8:F8:28:54:E6:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GlN6DAozEJGzByU8bwfo-ChU5rA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/46169f-cf94-4d1b-b2d7-72125297af28/1/3LmcdlhkUozmC6fvBNvRqCvSzt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/46169f-cf94-4d1b-b2d7-72125297af28/1/GlN6DAozEJGzByU8bwfo-ChU5rA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.35.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3d:52:9b:5f:d7:4f:38:3b:46:f3:85:18:8a:d9:41:b3:bf:c7:
         26:ed:05:5c:79:a1:6d:79:a2:e6:d5:bc:1d:86:27:d7:21:e6:
         56:cb:9f:f7:87:c6:4c:da:2a:85:8a:54:00:f4:55:21:8a:01:
         b9:fa:12:a3:33:2b:e4:a6:57:1b:42:17:2c:89:4e:34:95:2e:
         d5:9c:10:64:68:65:9d:fc:e4:72:2b:86:72:a6:70:02:1a:0f:
         8d:f7:f5:e7:3d:86:ad:ba:4f:ac:06:f7:84:d3:65:91:41:a6:
         f2:a6:f8:fa:1b:9c:b9:c9:8c:13:39:2f:fa:c1:59:90:0e:a2:
         ce:07:cd:ad:34:d6:53:b5:af:ec:cf:69:32:aa:55:3f:86:60:
         8a:0d:89:1a:33:ca:e5:3b:9c:19:f0:39:a3:94:aa:0f:7c:6b:
         26:f6:51:54:49:6c:43:0f:b3:f9:e1:85:6c:83:e0:db:db:22:
         fb:02:88:22:65:31:e0:33:5d:f5:d4:92:53:f4:87:7b:f7:48:
         0f:f9:40:4e:f6:c6:57:4a:f5:84:71:a0:2b:c3:75:92:4a:7d:
         85:88:0e:f1:bf:ee:d8:02:51:c6:e9:43:db:6b:45:a7:e6:33:
         ea:69:a0:b2:ee:c9:ae:14:c0:f4:67:6c:22:58:ea:c9:3c:4f:
         7f:f2:1c:9f
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQhsei+Nrpt69JS4xkg8elHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNTM3YTBjMGEzMzEwOTFiMzA3MjUzYzZmMDdlOGY4Mjg1
NGU2YjAwHhcNMjUwMTAxMTE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2I5OWM3NjU4NjQ1MjhjZTYwYmE3ZWYwNGRiZDFhODJiZDJjZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrEBZGG5QVhtQXkBlwdSq5fYAufI
aRuoqjtbiZBtFjk0VCcOqBUpIGVkSaJYVO3/bF13x+jPKIjuJwtRPu5w8V7xzCWh
9c573vSyKBU2qoI6rphfAg24LJvlBPJBkLOKXJ9S3I/kIblxPja7Bwg90zY3wS+M
2bRRuR7l1kQLiHJ0A/zGOhw05+rDhslBmYj0d9hrQgXQ48NfKIQJiTUl/NFNhvU8
TLnQgHGI9TYg8xSOcYAIhu7i8PZadiHKxqLm0R1GvYBJGWwJt71V07SC+XVYj9Cx
8iEKizCrY6Sn1Dnd0RyQFCP9TVD0YbPaKkysvnrwofhKxQ9N9Q0TPsGUawIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFNy5nHZYZFKM5gun7wTb0agr0s7dMB8GA1UdIwQY
MBaAFBpTegwKMxCRswclPG8H6PgoVOawMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2xONkRBb3pFSkd6QnlVOGJ3Zm8tQ2hVNXJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi80NjE2OWYtY2Y5NC00ZDFiLWIyZDct
NzIxMjUyOTdhZjI4LzEvM0xtY2RsaGtVb3ptQzZmdkJOdlJxQ3ZTenQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi80NjE2OWYtY2Y5NC00ZDFiLWIyZDctNzIxMjUyOTdhZjI4
LzEvR2xONkRBb3pFSkd6QnlVOGJ3Zm8tQ2hVNXJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjSMwDQYJ
KoZIhvcNAQELBQADggEBAD1Sm1/XTzg7RvOFGIrZQbO/xybtBVx5oW15oubVvB2G
J9ch5lbLn/eHxkzaKoWKVAD0VSGKAbn6EqMzK+SmVxtCFyyJTjSVLtWcEGRoZZ38
5HIrhnKmcAIaD4339ec9hq26T6wG94TTZZFBpvKm+PobnLnJjBM5L/rBWZAOos4H
za001lO1r+zPaTKqVT+GYIoNiRozyuU7nBnwOaOUqg98ayb2UVRJbEMPs/nhhWyD
4NvbIvsCiCJlMeAzXfXUklP0h3v3SA/5QE72xldK9YRxoCvDdZJKfYWIDvG/7tgC
UcbpQ9trRafmM+ppoLLuya4UwPRnbCJY6sk8T3/yHJ8=
-----END CERTIFICATE-----