Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/LfVA7yFSUE0qhq_HYTK38H6PAlY.roa
File:                     LfVA7yFSUE0qhq_HYTK38H6PAlY.roa (raw, json)
Hash identifier:          Kppg3VjpkBzGqtZq9DRkl+9W1VehTNUgM7T4eg/Jh/E=
Subject key identifier:   2D:F5:40:EF:21:52:50:4D:2A:86:AF:C7:61:32:B7:F0:7E:8F:02:56
Certificate issuer:       /CN=74e3c336972094b1a8c13d41816857d197a3aae9
Certificate serial:       0196F209DAF45A7167921D5CC74FD3399C2E
Authority key identifier: 74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/LfVA7yFSUE0qhq_HYTK38H6PAlY.roa
Signing time:             Wed 21 May 2025 08:50:54 +0000
ROA not before:           Wed 21 May 2025 08:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197501
IP address blocks:        94.247.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 00:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f2:09:da:f4:5a:71:67:92:1d:5c:c7:4f:d3:39:9c:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74e3c336972094b1a8c13d41816857d197a3aae9
        Validity
            Not Before: May 21 08:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2df540ef2152504d2a86afc76132b7f07e8f0256
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7a:3f:25:9d:84:a8:5a:cb:a0:db:b5:9b:7f:
                    01:e1:53:2c:d2:67:d5:e7:84:2a:82:c1:70:9c:d7:
                    71:b0:09:42:8e:4f:70:c7:43:77:4d:c6:7e:fd:e8:
                    40:3b:87:76:88:79:ec:b4:9e:60:6e:6c:dc:ae:e2:
                    c9:01:e2:3a:13:de:ac:d5:34:1d:82:a4:13:e0:ed:
                    71:c6:64:20:7b:47:bc:c4:de:20:2a:71:f6:6c:8f:
                    9b:fd:52:99:90:fe:e9:b1:6a:0c:87:bb:66:64:90:
                    8b:f6:08:48:1f:cd:9d:a8:8c:64:03:bf:4e:2a:c1:
                    4e:7f:45:12:9d:63:3d:1f:51:ab:73:2a:ff:ab:e1:
                    6c:c4:54:7f:ba:f0:71:f0:8f:5c:6f:2b:70:48:e6:
                    dc:5a:af:3e:8e:65:b4:dc:6f:7c:d6:b0:0e:3b:3a:
                    00:b7:cb:3f:8f:a8:0b:f4:be:20:31:99:41:e6:c1:
                    9e:85:e7:83:64:de:cd:6f:23:6f:34:36:23:83:45:
                    0e:d2:74:ff:52:99:d3:5b:25:95:a5:6f:24:1d:bf:
                    6b:8d:9b:30:60:f3:05:53:38:64:12:e5:a2:ff:16:
                    b1:8d:2d:90:d1:f0:43:92:a5:cf:cc:47:ec:92:c0:
                    68:cb:9c:7e:06:43:8f:b4:4a:3a:f5:7c:7c:b1:70:
                    00:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:F5:40:EF:21:52:50:4D:2A:86:AF:C7:61:32:B7:F0:7E:8F:02:56
            X509v3 Authority Key Identifier:
                keyid:74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/LfVA7yFSUE0qhq_HYTK38H6PAlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.247.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:b5:fd:b5:74:6d:46:16:19:64:75:55:cb:35:74:a2:bb:fd:
         4e:ce:e8:d6:8d:0f:a9:6c:1a:8e:7d:4f:cd:08:31:94:32:85:
         92:54:db:b2:a3:ef:5d:e8:81:5a:c1:9b:24:6c:5f:53:8f:3b:
         f6:e4:11:7c:10:ca:22:ef:a0:e7:05:b7:00:19:95:f4:b2:36:
         fc:02:e1:3f:25:61:3e:8b:40:55:fe:5b:a6:c3:70:98:71:50:
         42:24:36:d8:b0:81:3f:d8:37:e0:cc:ef:72:af:27:d4:54:72:
         b9:3d:5a:21:22:ee:9f:bc:33:a3:b7:7c:94:8c:21:96:72:1f:
         2e:06:64:54:2c:ca:92:dd:e5:2f:3b:d5:96:26:66:68:e9:68:
         2b:92:2d:02:12:34:ac:d2:7f:58:db:ac:9f:2d:1d:5a:66:9f:
         37:a5:b3:bd:b5:b3:4a:ae:84:f4:cc:38:ab:ba:c7:ec:6e:00:
         1f:13:96:3f:63:86:05:f3:23:df:01:4e:19:a8:7c:ed:87:ca:
         e2:b5:5e:0f:6b:a3:5e:b8:28:71:6e:08:64:2e:0b:5a:09:7a:
         df:3e:ba:b2:3d:bc:5a:5e:15:44:34:d7:39:ed:ac:b7:01:9e:
         35:7c:cc:f4:5d:db:cd:6c:5d:22:d0:22:41:e8:ea:b2:bd:c8:
         d1:0a:0e:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbyCdr0WnFnkh1cx0/TOZwuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZTNjMzM2OTcyMDk0YjFhOGMxM2Q0MTgxNjg1N2QxOTdh
M2FhZTkwHhcNMjUwNTIxMDg1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGY1NDBlZjIxNTI1MDRkMmE4NmFmYzc2MTMyYjdmMDdlOGYwMjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXo/JZ2EqFrLoNu1m38B4VMs0mfV
54QqgsFwnNdxsAlCjk9wx0N3TcZ+/ehAO4d2iHnstJ5gbmzcruLJAeI6E96s1TQd
gqQT4O1xxmQge0e8xN4gKnH2bI+b/VKZkP7psWoMh7tmZJCL9ghIH82dqIxkA79O
KsFOf0USnWM9H1Grcyr/q+FsxFR/uvBx8I9cbytwSObcWq8+jmW03G981rAOOzoA
t8s/j6gL9L4gMZlB5sGeheeDZN7NbyNvNDYjg0UO0nT/UpnTWyWVpW8kHb9rjZsw
YPMFUzhkEuWi/xaxjS2Q0fBDkqXPzEfsksBoy5x+BkOPtEo69Xx8sXAAhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC31QO8hUlBNKoavx2Eyt/B+jwJWMB8GA1UdIwQY
MBaAFHTjwzaXIJSxqME9QYFoV9GXo6rpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAt
YTZjNDllYjI4Mjg3LzEvTGZWQTd5RlNVRTBxaHFfSFlUSzM4SDZQQWxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAtYTZjNDllYjI4Mjg3
LzEvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvfiMA0G
CSqGSIb3DQEBCwUAA4IBAQANtf21dG1GFhlkdVXLNXSiu/1OzujWjQ+pbBqOfU/N
CDGUMoWSVNuyo+9d6IFawZskbF9Tjzv25BF8EMoi76DnBbcAGZX0sjb8AuE/JWE+
i0BV/lumw3CYcVBCJDbYsIE/2DfgzO9yryfUVHK5PVohIu6fvDOjt3yUjCGWch8u
BmRULMqS3eUvO9WWJmZo6Wgrki0CEjSs0n9Y26yfLR1aZp83pbO9tbNKroT0zDir
usfsbgAfE5Y/Y4YF8yPfAU4ZqHzth8ritV4Pa6NeuChxbghkLgtaCXrfPrqyPbxa
XhVENNc57ay3AZ41fMz0XdvNbF0i0CJB6OqyvcjRCg6U
-----END CERTIFICATE-----