Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/d57969-ea5f-4518-92e1-53a0680f9710/1/lFB-3tPNMg7_ita4wpHXyFs1Wtg.roa
File:                     lFB-3tPNMg7_ita4wpHXyFs1Wtg.roa (raw, json)
Hash identifier:          2vQA+DCbD+mwH0gGh6uSgSbBtdD3lkqqjcblNuRAAAw=
Subject key identifier:   94:50:7E:DE:D3:CD:32:0E:FF:8A:D6:B8:C2:91:D7:C8:5B:35:5A:D8
Certificate issuer:       /CN=3c8dfe109de831d32fd78a58cc5c1d149a4553d2
Certificate serial:       019421446FAA60C5BABFF31A08CE43EBF6D1
Authority key identifier: 3C:8D:FE:10:9D:E8:31:D3:2F:D7:8A:58:CC:5C:1D:14:9A:45:53:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PI3-EJ3oMdMv14pYzFwdFJpFU9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/d57969-ea5f-4518-92e1-53a0680f9710/1/lFB-3tPNMg7_ita4wpHXyFs1Wtg.roa
Signing time:             Wed 01 Jan 2025 09:48:40 +0000
ROA not before:           Wed 01 Jan 2025 09:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16279
IP address blocks:        193.178.176.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/d57969-ea5f-4518-92e1-53a0680f9710/1/PI3-EJ3oMdMv14pYzFwdFJpFU9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/d57969-ea5f-4518-92e1-53a0680f9710/1/PI3-EJ3oMdMv14pYzFwdFJpFU9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PI3-EJ3oMdMv14pYzFwdFJpFU9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 12:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:6f:aa:60:c5:ba:bf:f3:1a:08:ce:43:eb:f6:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c8dfe109de831d32fd78a58cc5c1d149a4553d2
        Validity
            Not Before: Jan  1 09:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94507eded3cd320eff8ad6b8c291d7c85b355ad8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d0:04:1a:84:a2:16:18:e1:d1:f8:4a:59:aa:
                    6c:f5:b3:4c:0c:c4:15:46:ed:8b:13:7d:b5:5d:3f:
                    08:41:dd:2f:42:c1:6a:ce:6e:32:66:e9:0b:94:c9:
                    a5:84:4c:0d:7b:50:ba:a1:99:fd:6d:c6:c3:fe:ea:
                    9f:c5:2f:1d:e8:a0:9a:d6:4e:7c:4e:1c:34:df:f0:
                    07:30:ea:61:42:99:45:fd:50:9c:51:03:81:17:7f:
                    67:cf:58:de:95:e0:97:3b:52:ed:23:d4:eb:3d:03:
                    1d:b8:a5:15:d5:bb:d7:b8:04:82:cf:1c:a5:e3:3c:
                    a1:8e:c5:8f:06:fa:a3:7f:2a:d3:2c:64:c8:d7:ac:
                    4e:24:8f:6e:42:34:1d:5b:52:c8:87:f7:38:94:f2:
                    7d:58:d7:29:0d:e3:cf:58:33:36:88:e5:57:02:95:
                    ce:18:de:ea:8c:0e:25:5a:f8:ad:39:ac:3b:ee:fc:
                    ef:6e:4d:65:4b:43:e7:7e:17:22:13:f1:75:40:4b:
                    53:90:42:c2:db:ce:50:2c:73:39:42:a3:32:cb:95:
                    0b:e1:03:27:60:05:88:78:a5:7d:f7:85:c6:77:8e:
                    92:4b:86:0f:da:9d:e5:0f:36:62:2e:42:fd:34:96:
                    fd:bc:f2:93:f9:e6:72:63:77:c4:96:53:78:26:db:
                    12:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:50:7E:DE:D3:CD:32:0E:FF:8A:D6:B8:C2:91:D7:C8:5B:35:5A:D8
            X509v3 Authority Key Identifier:
                keyid:3C:8D:FE:10:9D:E8:31:D3:2F:D7:8A:58:CC:5C:1D:14:9A:45:53:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PI3-EJ3oMdMv14pYzFwdFJpFU9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d57969-ea5f-4518-92e1-53a0680f9710/1/lFB-3tPNMg7_ita4wpHXyFs1Wtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d57969-ea5f-4518-92e1-53a0680f9710/1/PI3-EJ3oMdMv14pYzFwdFJpFU9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         53:d9:c5:2c:00:cb:24:71:32:92:81:d0:05:52:54:da:f1:82:
         b2:68:1f:3b:4f:51:a3:3a:f1:0b:16:28:4a:76:ac:be:47:a7:
         75:8b:ae:d3:20:f5:d4:5c:5f:fa:b4:8f:d3:5f:d1:a4:79:2c:
         0b:59:48:e2:c5:e4:0d:ce:27:32:76:5f:33:ea:38:07:41:f2:
         ea:6a:19:28:fe:b1:6c:a6:30:44:cc:9e:7c:81:81:bb:2c:64:
         c5:42:a9:e8:d2:ab:86:5b:07:1b:09:65:25:1a:a4:41:18:eb:
         59:5d:10:c6:7c:ed:b0:5f:13:48:2d:8f:43:10:13:f0:03:9e:
         32:75:d1:85:5c:e5:8b:f6:8b:5a:38:ef:70:fb:13:2c:40:1f:
         86:6c:5e:e0:78:73:ce:35:24:b4:ac:0f:cf:aa:bf:99:00:ec:
         2c:94:ff:18:80:a0:0c:6b:0c:ed:76:62:78:7c:6b:f9:b8:e0:
         37:e8:0e:64:ac:06:22:69:1f:9e:d9:8f:2f:83:54:3f:8d:2f:
         72:6e:5d:47:d4:87:ac:6f:f3:63:bf:ed:bf:4e:62:2f:ce:00:
         d1:0a:49:dc:eb:05:04:53:c8:cc:62:e2:6e:f0:d3:c5:12:ec:
         d1:bb:07:2a:0d:a1:f1:87:5a:0a:19:d5:e8:95:5d:80:eb:e6:
         e5:94:15:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRG+qYMW6v/MaCM5D6/bRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjOGRmZTEwOWRlODMxZDMyZmQ3OGE1OGNjNWMxZDE0OWE0
NTUzZDIwHhcNMjUwMTAxMDk0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDUwN2VkZWQzY2QzMjBlZmY4YWQ2YjhjMjkxZDdjODViMzU1YWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NAEGoSiFhjh0fhKWaps9bNMDMQV
Ru2LE321XT8IQd0vQsFqzm4yZukLlMmlhEwNe1C6oZn9bcbD/uqfxS8d6KCa1k58
Thw03/AHMOphQplF/VCcUQOBF39nz1jeleCXO1LtI9TrPQMduKUV1bvXuASCzxyl
4zyhjsWPBvqjfyrTLGTI16xOJI9uQjQdW1LIh/c4lPJ9WNcpDePPWDM2iOVXApXO
GN7qjA4lWvitOaw77vzvbk1lS0PnfhciE/F1QEtTkELC285QLHM5QqMyy5UL4QMn
YAWIeKV994XGd46SS4YP2p3lDzZiLkL9NJb9vPKT+eZyY3fEllN4JtsSGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRQft7TzTIO/4rWuMKR18hbNVrYMB8GA1UdIwQY
MBaAFDyN/hCd6DHTL9eKWMxcHRSaRVPSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEkzLUVKM29NZE12MTRwWXpGd2RGSnBGVTlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9kNTc5NjktZWE1Zi00NTE4LTkyZTEt
NTNhMDY4MGY5NzEwLzEvbEZCLTN0UE5NZzdfaXRhNHdwSFh5RnMxV3RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9kNTc5NjktZWE1Zi00NTE4LTkyZTEtNTNhMDY4MGY5NzEw
LzEvUEkzLUVKM29NZE12MTRwWXpGd2RGSnBGVTlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwbKwMA0G
CSqGSIb3DQEBCwUAA4IBAQBT2cUsAMskcTKSgdAFUlTa8YKyaB87T1GjOvELFihK
dqy+R6d1i67TIPXUXF/6tI/TX9GkeSwLWUjixeQNzicydl8z6jgHQfLqahko/rFs
pjBEzJ58gYG7LGTFQqno0quGWwcbCWUlGqRBGOtZXRDGfO2wXxNILY9DEBPwA54y
ddGFXOWL9otaOO9w+xMsQB+GbF7geHPONSS0rA/Pqr+ZAOwslP8YgKAMawztdmJ4
fGv5uOA36A5krAYiaR+e2Y8vg1Q/jS9ybl1H1Iesb/Njv+2/TmIvzgDRCknc6wUE
U8jMYuJu8NPFEuzRuwcqDaHxh1oKGdXolV2A6+bllBW4
-----END CERTIFICATE-----