Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/lbFlN7rLNKm_hwKwtb6Eg6VK60k.roa
File:                     lbFlN7rLNKm_hwKwtb6Eg6VK60k.roa (raw, json)
Hash identifier:          2IxGb0Eenv1MI4JvdshV9/YIhfnM2CCpzAUAqonswhI=
Subject key identifier:   95:B1:65:37:BA:CB:34:A9:BF:87:02:B0:B5:BE:84:83:A5:4A:EB:49
Certificate issuer:       /CN=70f68cded39e3ec54cee2233252ef3937ba9828d
Certificate serial:       019658E7386290CAC888F2ED612890ABA581
Authority key identifier: 70:F6:8C:DE:D3:9E:3E:C5:4C:EE:22:33:25:2E:F3:93:7B:A9:82:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPaM3tOePsVM7iIzJS7zk3upgo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/lbFlN7rLNKm_hwKwtb6Eg6VK60k.roa
Signing time:             Mon 21 Apr 2025 15:11:10 +0000
ROA not before:           Mon 21 Apr 2025 15:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211143
IP address blocks:        194.164.138.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cPaM3tOePsVM7iIzJS7zk3upgo0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cPaM3tOePsVM7iIzJS7zk3upgo0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPaM3tOePsVM7iIzJS7zk3upgo0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 20:38:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:58:e7:38:62:90:ca:c8:88:f2:ed:61:28:90:ab:a5:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f68cded39e3ec54cee2233252ef3937ba9828d
        Validity
            Not Before: Apr 21 15:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95b16537bacb34a9bf8702b0b5be8483a54aeb49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:11:6a:51:2d:71:cb:04:d8:41:b0:47:96:91:
                    ee:5b:58:12:4a:b1:78:69:78:8b:cd:d6:71:71:06:
                    71:12:04:5b:e1:76:86:74:aa:7d:ec:4b:fb:f4:d0:
                    ac:c7:12:4f:e3:13:41:fe:5f:04:bb:d7:b6:09:55:
                    d9:84:9a:62:0d:b8:a9:6d:73:fb:ba:5d:44:1b:2d:
                    9e:1d:e0:d1:22:59:48:cc:61:31:0e:d0:cb:85:9c:
                    ce:42:29:be:2d:49:4a:db:83:89:b9:f4:6d:d4:99:
                    31:8f:16:19:ad:10:3f:bc:e0:94:c1:69:74:14:ef:
                    39:9f:83:24:fe:4e:bd:49:4d:66:c7:de:85:cb:f6:
                    a3:e3:06:f8:e8:60:01:28:db:f0:ac:69:2d:2e:df:
                    9b:62:94:ae:56:52:1a:2e:aa:91:a2:a4:cb:0c:65:
                    aa:d1:1c:04:1d:8a:7c:e0:eb:38:66:23:6b:39:f6:
                    00:db:e6:f3:bc:5a:b3:2b:7b:39:05:2c:95:6e:88:
                    ab:4a:17:a7:85:d5:e7:d7:ce:29:d8:2e:e3:9b:ef:
                    32:f6:34:45:44:69:9b:46:5c:be:16:65:e9:5c:dc:
                    ec:71:a1:cd:44:7d:03:31:65:a4:52:e3:55:0c:ea:
                    01:89:e8:67:58:f7:ba:80:de:9b:dc:df:f5:f7:cd:
                    a5:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:B1:65:37:BA:CB:34:A9:BF:87:02:B0:B5:BE:84:83:A5:4A:EB:49
            X509v3 Authority Key Identifier:
                keyid:70:F6:8C:DE:D3:9E:3E:C5:4C:EE:22:33:25:2E:F3:93:7B:A9:82:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPaM3tOePsVM7iIzJS7zk3upgo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/lbFlN7rLNKm_hwKwtb6Eg6VK60k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cPaM3tOePsVM7iIzJS7zk3upgo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.164.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:7b:22:d9:48:2b:02:13:35:ea:f7:69:f4:14:e7:23:17:19:
         f2:54:6d:f1:51:80:d7:22:2e:56:a4:c7:54:7c:d6:d2:47:bc:
         f9:0a:1c:66:05:5f:74:de:9e:6e:84:42:c0:41:ae:59:05:7a:
         1c:19:0f:eb:c3:e3:e7:df:07:67:4c:c8:1b:19:ba:8f:8b:93:
         0e:a3:ad:36:2e:5c:51:05:a8:b7:b6:f9:1a:31:65:10:b2:6b:
         7e:a5:09:f8:2a:65:3f:df:2a:a2:13:07:85:eb:b0:13:51:18:
         3f:48:45:9e:0f:4c:25:85:b5:c4:f2:14:96:58:e9:c5:19:6f:
         fb:d4:2b:9d:c6:0c:28:a1:c6:30:bb:9a:a9:56:49:a6:24:b4:
         38:9d:77:b4:42:04:3c:0c:cf:98:64:da:13:92:ea:18:63:88:
         cb:48:4a:75:92:67:78:75:96:e9:b0:99:6d:0a:3a:cc:97:12:
         30:9a:7c:06:00:e4:af:43:7a:04:3c:bd:21:dc:d2:5f:5b:22:
         a3:e1:eb:64:83:da:62:67:0f:14:dd:50:4d:4c:4a:3d:10:44:
         75:26:31:25:78:39:99:03:14:b9:f2:ca:26:5f:6a:e9:fd:ed:
         cf:a0:a1:4f:cc:3c:cf:b7:85:26:65:00:84:ee:72:7b:57:71:
         88:02:b7:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZY5zhikMrIiPLtYSiQq6WBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjY4Y2RlZDM5ZTNlYzU0Y2VlMjIzMzI1MmVmMzkzN2Jh
OTgyOGQwHhcNMjUwNDIxMTUxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWIxNjUzN2JhY2IzNGE5YmY4NzAyYjBiNWJlODQ4M2E1NGFlYjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxFqUS1xywTYQbBHlpHuW1gSSrF4
aXiLzdZxcQZxEgRb4XaGdKp97Ev79NCsxxJP4xNB/l8Eu9e2CVXZhJpiDbipbXP7
ul1EGy2eHeDRIllIzGExDtDLhZzOQim+LUlK24OJufRt1JkxjxYZrRA/vOCUwWl0
FO85n4Mk/k69SU1mx96Fy/aj4wb46GABKNvwrGktLt+bYpSuVlIaLqqRoqTLDGWq
0RwEHYp84Os4ZiNrOfYA2+bzvFqzK3s5BSyVboirShenhdXn184p2C7jm+8y9jRF
RGmbRly+FmXpXNzscaHNRH0DMWWkUuNVDOoBiehnWPe6gN6b3N/1982lbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWxZTe6yzSpv4cCsLW+hIOlSutJMB8GA1UdIwQY
MBaAFHD2jN7Tnj7FTO4iMyUu85N7qYKNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BhTTN0T2VQc1ZNN2lJekpTN3prM3VwZ28wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9mMGNjNDEtYjNlNy00NmZmLWE5NzYt
MjlkZjRlMjYxMWYxLzEvbGJGbE43ckxOS21faHdLd3RiNkVnNlZLNjBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9mMGNjNDEtYjNlNy00NmZmLWE5NzYtMjlkZjRlMjYxMWYx
LzEvY1BhTTN0T2VQc1ZNN2lJekpTN3prM3VwZ28wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwqSKMA0G
CSqGSIb3DQEBCwUAA4IBAQAAeyLZSCsCEzXq92n0FOcjFxnyVG3xUYDXIi5WpMdU
fNbSR7z5ChxmBV903p5uhELAQa5ZBXocGQ/rw+Pn3wdnTMgbGbqPi5MOo602LlxR
Bai3tvkaMWUQsmt+pQn4KmU/3yqiEweF67ATURg/SEWeD0wlhbXE8hSWWOnFGW/7
1CudxgwoocYwu5qpVkmmJLQ4nXe0QgQ8DM+YZNoTkuoYY4jLSEp1kmd4dZbpsJlt
CjrMlxIwmnwGAOSvQ3oEPL0h3NJfWyKj4etkg9piZw8U3VBNTEo9EER1JjEleDmZ
AxS58somX2rp/e3PoKFPzDzPt4UmZQCE7nJ7V3GIArcK
-----END CERTIFICATE-----