Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/3LMtRmONGNLMLTZbv-22SKS_G_A.roa
File:                     3LMtRmONGNLMLTZbv-22SKS_G_A.roa (raw, json)
Hash identifier:          pio5aJGvlnIF4jwmfbABDVK+nPuVznK9IHAqeg47uOI=
Subject key identifier:   DC:B3:2D:46:63:8D:18:D2:CC:2D:36:5B:BF:ED:B6:48:A4:BF:1B:F0
Certificate issuer:       /CN=961b9df745c32df27df33ebcfd536f19e13474fe
Certificate serial:       0194282322D4C5EE653C869D18A0495D480D
Authority key identifier: 96:1B:9D:F7:45:C3:2D:F2:7D:F3:3E:BC:FD:53:6F:19:E1:34:74:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lhud90XDLfJ98z68_VNvGeE0dP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/3LMtRmONGNLMLTZbv-22SKS_G_A.roa
Signing time:             Thu 02 Jan 2025 17:49:38 +0000
ROA not before:           Thu 02 Jan 2025 17:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        193.100.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/lhud90XDLfJ98z68_VNvGeE0dP4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/lhud90XDLfJ98z68_VNvGeE0dP4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lhud90XDLfJ98z68_VNvGeE0dP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:22:d4:c5:ee:65:3c:86:9d:18:a0:49:5d:48:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=961b9df745c32df27df33ebcfd536f19e13474fe
        Validity
            Not Before: Jan  2 17:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcb32d46638d18d2cc2d365bbfedb648a4bf1bf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:91:ee:27:ae:83:1e:47:7f:b1:95:c7:c5:a3:
                    91:25:ad:4a:a0:f8:b5:62:00:0f:66:54:f5:5a:54:
                    ab:86:7d:24:5b:29:f1:42:60:e6:e2:cc:29:2b:6b:
                    93:b7:aa:a2:ce:f1:ea:a3:3e:72:7d:93:7a:33:d1:
                    6f:ce:fc:dc:75:b0:2b:71:44:4e:8b:29:82:21:38:
                    2d:24:9d:32:d2:6a:b1:df:bb:00:4b:b8:32:4f:41:
                    bd:bf:ad:f3:65:1a:5b:58:c4:39:5d:ae:2d:3b:7d:
                    55:ef:7e:26:13:3e:f8:97:f3:b2:e3:34:bc:de:3a:
                    e5:78:1c:b2:31:63:e3:e7:3f:d4:28:e6:f8:b1:19:
                    24:13:bd:4b:01:98:3d:67:40:5c:41:a6:84:39:c7:
                    33:a6:18:b6:eb:9f:41:83:c2:71:9a:26:c0:d8:e2:
                    e6:f2:93:65:73:f1:76:d8:f8:42:48:79:4d:84:10:
                    c1:98:d0:7f:0d:83:ec:78:5c:ca:fa:a8:63:7f:17:
                    98:04:cf:69:90:ce:b3:ff:d4:ab:06:0f:36:bb:b8:
                    62:b9:75:97:75:60:73:e0:31:f9:32:02:0a:21:18:
                    7b:82:99:70:f8:9a:ed:14:ba:21:c8:d5:0a:8d:15:
                    97:02:9e:07:ec:9a:e0:72:49:d9:65:fe:1d:72:f9:
                    bd:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:B3:2D:46:63:8D:18:D2:CC:2D:36:5B:BF:ED:B6:48:A4:BF:1B:F0
            X509v3 Authority Key Identifier:
                keyid:96:1B:9D:F7:45:C3:2D:F2:7D:F3:3E:BC:FD:53:6F:19:E1:34:74:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lhud90XDLfJ98z68_VNvGeE0dP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/3LMtRmONGNLMLTZbv-22SKS_G_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/lhud90XDLfJ98z68_VNvGeE0dP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.100.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:6a:b4:98:44:87:4b:e1:c2:89:65:cb:60:1a:21:e0:15:33:
         ff:5c:65:69:d8:3d:ca:c0:51:e0:d9:8a:e5:8f:99:c4:bf:43:
         62:e5:6e:7d:97:58:c1:e3:65:7f:29:9e:9a:22:ea:e2:4f:15:
         8c:d6:5c:c3:3d:c7:25:e0:f0:39:65:fc:e4:e1:d5:0b:91:ec:
         bd:ca:7e:6b:a8:06:d9:97:67:da:28:f7:20:b1:f8:4d:a2:3e:
         51:67:84:d5:f2:c6:fa:d7:a7:25:f4:7b:22:23:85:43:00:fd:
         8a:8e:8b:ab:42:8d:73:92:9b:bb:fb:bc:0e:1d:22:02:3e:d0:
         f1:1c:58:04:74:50:80:d0:12:53:48:3a:71:6a:dd:e2:37:2d:
         90:bc:d9:d8:82:bd:f8:1b:37:fa:ec:4e:02:a4:7a:cd:9e:90:
         9b:fc:90:f6:6a:79:c8:5a:e0:88:44:97:60:cb:18:b8:dd:da:
         0f:23:05:ec:41:50:09:a5:75:48:c5:83:f7:95:69:16:10:b8:
         f7:84:56:96:4e:d8:22:88:c3:b2:f9:28:f3:e8:5f:54:bf:0c:
         db:63:e7:ad:e9:97:8a:71:a3:c2:cc:52:ee:89:f0:7e:ba:68:
         43:61:62:e2:65:2a:99:35:2f:e0:fc:e1:34:9a:b3:20:c6:e1:
         70:2e:35:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoIyLUxe5lPIadGKBJXUgNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MWI5ZGY3NDVjMzJkZjI3ZGYzM2ViY2ZkNTM2ZjE5ZTEz
NDc0ZmUwHhcNMjUwMTAyMTc0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2IzMmQ0NjYzOGQxOGQyY2MyZDM2NWJiZmVkYjY0OGE0YmYxYmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5HuJ66DHkd/sZXHxaORJa1KoPi1
YgAPZlT1WlSrhn0kWynxQmDm4swpK2uTt6qizvHqoz5yfZN6M9FvzvzcdbArcURO
iymCITgtJJ0y0mqx37sAS7gyT0G9v63zZRpbWMQ5Xa4tO31V734mEz74l/Oy4zS8
3jrleByyMWPj5z/UKOb4sRkkE71LAZg9Z0BcQaaEOcczphi2659Bg8JxmibA2OLm
8pNlc/F22PhCSHlNhBDBmNB/DYPseFzK+qhjfxeYBM9pkM6z/9SrBg82u7hiuXWX
dWBz4DH5MgIKIRh7gplw+JrtFLohyNUKjRWXAp4H7JrgcknZZf4dcvm9KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNyzLUZjjRjSzC02W7/ttkikvxvwMB8GA1UdIwQY
MBaAFJYbnfdFwy3yffM+vP1TbxnhNHT+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGh1ZDkwWERMZko5OHo2OF9WTnZHZUUwZFA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9lODQ5MjAtZjVjYi00NmQ3LWJjOTkt
ZmU1MzIxMGI1N2I2LzEvM0xNdFJtT05HTkxNTFRaYnYtMjJTS1NfR19BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9lODQ5MjAtZjVjYi00NmQ3LWJjOTktZmU1MzIxMGI1N2I2
LzEvbGh1ZDkwWERMZko5OHo2OF9WTnZHZUUwZFA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWRAMA0G
CSqGSIb3DQEBCwUAA4IBAQBtarSYRIdL4cKJZctgGiHgFTP/XGVp2D3KwFHg2Yrl
j5nEv0Ni5W59l1jB42V/KZ6aIuriTxWM1lzDPccl4PA5Zfzk4dULkey9yn5rqAbZ
l2faKPcgsfhNoj5RZ4TV8sb616cl9HsiI4VDAP2KjourQo1zkpu7+7wOHSICPtDx
HFgEdFCA0BJTSDpxat3iNy2QvNnYgr34Gzf67E4CpHrNnpCb/JD2annIWuCIRJdg
yxi43doPIwXsQVAJpXVIxYP3lWkWELj3hFaWTtgiiMOy+Sjz6F9UvwzbY+et6ZeK
caPCzFLuifB+umhDYWLiZSqZNS/g/OE0mrMgxuFwLjWy
-----END CERTIFICATE-----