Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/LhFRmWbupiZRrTcY1BMgZx0XNm0.roa
File:                     LhFRmWbupiZRrTcY1BMgZx0XNm0.roa (raw, json)
Hash identifier:          1sSu4Xw0ICcOgnrgocU5c3W/gRE/T8H+tT4ltd3ayqM=
Subject key identifier:   2E:11:51:99:66:EE:A6:26:51:AD:37:18:D4:13:20:67:1D:17:36:6D
Certificate issuer:       /CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Certificate serial:       0198773268A371D42FFC881398A422089631
Authority key identifier: DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/LhFRmWbupiZRrTcY1BMgZx0XNm0.roa
Signing time:             Mon 04 Aug 2025 22:27:28 +0000
ROA not before:           Mon 04 Aug 2025 22:27:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215384
IP address blocks:        212.108.122.0/24 maxlen: 24
                          2a14:640:8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:77:32:68:a3:71:d4:2f:fc:88:13:98:a4:22:08:96:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
        Validity
            Not Before: Aug  4 22:27:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e11519966eea62651ad3718d41320671d17366d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:53:a6:fa:72:ef:43:11:5b:d5:6a:11:5a:bb:
                    f0:d4:db:e8:2b:98:22:86:72:72:75:5d:ae:b3:f3:
                    ec:90:d1:fc:d7:a3:89:2b:39:1b:40:80:54:8c:b5:
                    46:ba:1e:e9:cc:21:62:d3:63:79:5f:61:28:d2:05:
                    6f:5d:1d:74:fe:de:9a:d6:e6:d0:fe:df:3c:49:bb:
                    48:cc:e6:c6:1b:2c:d2:cc:4f:90:f2:10:c4:91:a3:
                    57:ca:0c:5e:19:ff:95:31:39:83:d5:5d:49:d2:ca:
                    d0:fa:59:37:60:c3:bb:ed:88:bf:73:0e:84:34:b4:
                    f1:da:59:aa:ff:08:7d:00:46:1d:69:12:d1:5d:de:
                    cd:66:88:90:5b:f3:08:ee:20:63:ec:2a:bb:be:1f:
                    c1:8f:ef:a7:df:59:db:db:ac:85:fe:00:67:87:b3:
                    40:2b:c0:80:db:d8:2f:93:a9:7c:27:1d:9f:45:49:
                    ac:b1:66:8a:ca:72:72:51:23:81:9f:ad:f6:57:b5:
                    6a:a0:05:c7:b6:28:18:b3:d1:91:c4:60:b0:f8:6f:
                    33:3b:89:4c:d9:29:67:72:e1:a4:8d:a3:7a:99:55:
                    2e:4d:61:7a:22:19:4e:fe:0b:ca:90:e8:e5:bb:6a:
                    df:3a:e5:4c:8a:c1:ce:28:b4:f9:a4:c0:1a:2b:35:
                    ae:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:11:51:99:66:EE:A6:26:51:AD:37:18:D4:13:20:67:1D:17:36:6D
            X509v3 Authority Key Identifier:
                keyid:DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/LhFRmWbupiZRrTcY1BMgZx0XNm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.122.0/24
                IPv6:
                  2a14:640:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:4a:32:25:07:27:b8:3b:a2:42:64:d2:df:da:bc:13:7f:d3:
         f9:d5:cb:08:c4:62:fc:f3:0a:48:c8:c5:7c:50:7a:a8:c9:c8:
         37:81:8f:bb:63:b6:52:5a:ff:c9:44:46:9c:df:6d:79:68:3d:
         b0:5c:07:91:90:a0:62:16:a6:8b:64:75:71:86:e0:f8:c4:24:
         40:7f:e9:cd:8e:80:2b:77:1c:26:6a:05:18:49:65:b4:72:dd:
         1d:cc:d6:4a:ed:b7:d7:6a:a3:d2:29:c9:e1:d3:02:71:e6:d7:
         e4:7b:f5:13:17:0d:77:52:72:32:6b:5c:59:6b:fa:54:38:07:
         6f:d8:05:a4:fa:fd:28:c6:33:45:b0:76:95:45:d1:78:b1:2b:
         64:57:1b:52:5c:ff:51:ec:7e:0f:f4:8e:cd:5b:92:69:d2:70:
         52:e8:65:31:b0:96:c8:0f:ca:46:e4:34:4b:31:14:96:c8:37:
         00:46:7e:76:b5:9b:b7:01:cb:e6:b7:8c:54:e7:5d:0c:a6:f7:
         b4:1c:02:ec:44:12:d6:3a:b0:d1:37:f8:ba:c9:eb:7b:8c:ec:
         08:61:d8:44:4e:d2:39:30:73:3d:4f:35:0c:0a:39:e6:18:3c:
         cb:99:0a:67:1a:de:10:ae:90:52:c5:93:08:d2:78:c1:59:9c:
         55:d0:fb:8c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZh3MmijcdQv/IgTmKQiCJYxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmM2ZkYzRiZjMzYmQ4MGZlMTI4ZDc1Njg0M2Y2MGIzOWQ1
YmVlZTMwHhcNMjUwODA0MjIyNzI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTExNTE5OTY2ZWVhNjI2NTFhZDM3MThkNDEzMjA2NzFkMTczNjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1lOm+nLvQxFb1WoRWrvw1NvoK5gi
hnJydV2us/PskNH816OJKzkbQIBUjLVGuh7pzCFi02N5X2Eo0gVvXR10/t6a1ubQ
/t88SbtIzObGGyzSzE+Q8hDEkaNXygxeGf+VMTmD1V1J0srQ+lk3YMO77Yi/cw6E
NLTx2lmq/wh9AEYdaRLRXd7NZoiQW/MI7iBj7Cq7vh/Bj++n31nb26yF/gBnh7NA
K8CA29gvk6l8Jx2fRUmssWaKynJyUSOBn632V7VqoAXHtigYs9GRxGCw+G8zO4lM
2SlncuGkjaN6mVUuTWF6IhlO/gvKkOjlu2rfOuVMisHOKLT5pMAaKzWumwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC4RUZlm7qYmUa03GNQTIGcdFzZtMB8GA1UdIwQY
MBaAFN8/3EvzO9gP4SjXVoQ/YLOdW+7jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMt
YTQ3M2VjNTQxMGMzLzEvTGhGUm1XYnVwaVpSclRjWTFCTWdaeDBYTm0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMtYTQ3M2VjNTQxMGMz
LzEvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1Gx6MA8E
AgACMAkDBwAqFAZAAAgwDQYJKoZIhvcNAQELBQADggEBAJ5KMiUHJ7g7okJk0t/a
vBN/0/nVywjEYvzzCkjIxXxQeqjJyDeBj7tjtlJa/8lERpzfbXloPbBcB5GQoGIW
potkdXGG4PjEJEB/6c2OgCt3HCZqBRhJZbRy3R3M1krtt9dqo9IpyeHTAnHm1+R7
9RMXDXdScjJrXFlr+lQ4B2/YBaT6/SjGM0WwdpVF0XixK2RXG1Jc/1Hsfg/0js1b
kmnScFLoZTGwlsgPykbkNEsxFJbINwBGfna1m7cBy+a3jFTnXQym97QcAuxEEtY6
sNE3+LrJ63uM7Ahh2ERO0jkwcz1PNQwKOeYYPMuZCmca3hCukFLFkwjSeMFZnFXQ
+4w=
-----END CERTIFICATE-----