Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/7e7b8b-79e0-4f51-b866-67ad60d386dd/1/tI868MCQG893IS8cCKhA3Gnv9u4.roa
File:                     tI868MCQG893IS8cCKhA3Gnv9u4.roa (raw, json)
Hash identifier:          AVSP0s3nbiSWpz8l7ynDbY6/apcfYdcvmQMyPra2nQw=
Subject key identifier:   B4:8F:3A:F0:C0:90:1B:CF:77:21:2F:1C:08:A8:40:DC:69:EF:F6:EE
Certificate issuer:       /CN=6d85061361b19f212efe90c2d8cf3eee617f20e5
Certificate serial:       019424456E10FFC2D44A786906AD6F87A9E3
Authority key identifier: 6D:85:06:13:61:B1:9F:21:2E:FE:90:C2:D8:CF:3E:EE:61:7F:20:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bYUGE2GxnyEu_pDC2M8-7mF_IOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/7e7b8b-79e0-4f51-b866-67ad60d386dd/1/tI868MCQG893IS8cCKhA3Gnv9u4.roa
Signing time:             Wed 01 Jan 2025 23:48:37 +0000
ROA not before:           Wed 01 Jan 2025 23:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210612
IP address blocks:        103.68.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/7e7b8b-79e0-4f51-b866-67ad60d386dd/1/bYUGE2GxnyEu_pDC2M8-7mF_IOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/7e7b8b-79e0-4f51-b866-67ad60d386dd/1/bYUGE2GxnyEu_pDC2M8-7mF_IOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bYUGE2GxnyEu_pDC2M8-7mF_IOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 20:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:6e:10:ff:c2:d4:4a:78:69:06:ad:6f:87:a9:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d85061361b19f212efe90c2d8cf3eee617f20e5
        Validity
            Not Before: Jan  1 23:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b48f3af0c0901bcf77212f1c08a840dc69eff6ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:07:8f:93:50:12:9f:a6:08:f1:f6:5a:3d:cc:
                    85:d4:29:ae:a3:05:fc:b6:81:8f:cc:74:96:17:16:
                    ec:46:3b:93:3f:40:bb:4a:97:04:1c:09:be:72:24:
                    77:2d:1f:cf:ea:01:0d:59:08:47:3d:11:0b:42:f4:
                    d0:02:2d:bb:8a:36:69:3f:fe:3f:57:55:2c:35:1c:
                    27:28:11:d5:c4:94:12:d5:c7:10:75:87:c5:30:b0:
                    e4:23:af:c7:4c:e7:4c:35:84:e9:8b:ad:40:34:95:
                    85:90:62:6c:c5:f7:d7:36:39:fb:eb:c7:1b:2c:47:
                    13:bc:a0:8f:d0:b1:a8:96:d2:b4:4a:79:92:36:89:
                    86:9c:8c:0d:4f:bc:59:b5:04:49:2f:46:a3:4d:21:
                    93:23:79:4b:20:0c:18:98:7f:14:2b:46:a2:83:9c:
                    6f:87:27:d3:eb:ba:08:e1:20:20:d7:8f:23:20:d1:
                    a3:fe:91:6f:af:09:1c:e3:88:cb:4b:b7:37:04:d4:
                    8c:01:a9:cc:ae:b2:d7:3b:f2:fa:59:cb:58:c9:1a:
                    2f:4f:59:f3:8d:00:b1:91:3b:14:10:7c:ff:79:18:
                    21:57:8e:47:f2:28:46:f8:d6:33:60:b3:bd:05:a3:
                    66:31:f5:a6:91:dd:e0:be:80:47:8c:d1:e6:bd:7f:
                    80:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:8F:3A:F0:C0:90:1B:CF:77:21:2F:1C:08:A8:40:DC:69:EF:F6:EE
            X509v3 Authority Key Identifier:
                keyid:6D:85:06:13:61:B1:9F:21:2E:FE:90:C2:D8:CF:3E:EE:61:7F:20:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bYUGE2GxnyEu_pDC2M8-7mF_IOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/7e7b8b-79e0-4f51-b866-67ad60d386dd/1/tI868MCQG893IS8cCKhA3Gnv9u4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/7e7b8b-79e0-4f51-b866-67ad60d386dd/1/bYUGE2GxnyEu_pDC2M8-7mF_IOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.68.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:de:ed:d2:bd:93:79:92:ba:7b:78:ee:1c:f8:81:41:69:b9:
         f0:9d:a7:9a:cc:d9:0d:61:0f:2c:6c:2b:a5:e9:3f:e4:41:97:
         43:69:39:c1:8b:21:32:80:c4:6b:de:25:3b:30:e0:8a:a2:ee:
         50:b8:86:62:14:0c:4b:f4:63:e7:26:63:7f:d2:18:1a:f7:de:
         9c:4f:4a:59:4f:06:a9:0e:c8:64:af:99:83:1f:1a:d9:a6:80:
         42:3a:ae:4c:98:af:29:0e:fe:37:ae:62:5d:cc:0b:ff:99:f3:
         83:25:a1:3e:7e:7a:7f:4e:0a:f4:5b:25:0f:be:44:c8:03:ac:
         d9:05:ae:91:74:8c:16:df:67:30:aa:49:86:d9:54:0e:62:79:
         fb:4c:9d:82:82:cc:92:e6:ee:37:4b:98:4d:1d:08:71:e1:31:
         3a:2b:b4:32:48:a2:d3:c4:ca:40:52:06:a3:f6:87:94:de:d9:
         d5:83:24:dd:bb:09:1a:62:10:82:c5:a3:b4:42:56:ee:bb:9d:
         2a:7c:80:74:51:b4:5b:5f:a5:bc:50:29:53:8c:9d:9b:0b:47:
         be:03:cd:40:f9:55:8c:10:2c:e1:1e:f4:93:0a:91:bf:89:64:
         a7:1f:3e:8c:9a:8d:f9:e8:ea:8b:e2:4e:86:94:f2:39:1b:10:
         e3:5b:29:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRW4Q/8LUSnhpBq1vh6njMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkODUwNjEzNjFiMTlmMjEyZWZlOTBjMmQ4Y2YzZWVlNjE3
ZjIwZTUwHhcNMjUwMTAxMjM0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDhmM2FmMGMwOTAxYmNmNzcyMTJmMWMwOGE4NDBkYzY5ZWZmNmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgePk1ASn6YI8fZaPcyF1CmuowX8
toGPzHSWFxbsRjuTP0C7SpcEHAm+ciR3LR/P6gENWQhHPRELQvTQAi27ijZpP/4/
V1UsNRwnKBHVxJQS1ccQdYfFMLDkI6/HTOdMNYTpi61ANJWFkGJsxffXNjn768cb
LEcTvKCP0LGoltK0SnmSNomGnIwNT7xZtQRJL0ajTSGTI3lLIAwYmH8UK0aig5xv
hyfT67oI4SAg148jINGj/pFvrwkc44jLS7c3BNSMAanMrrLXO/L6WctYyRovT1nz
jQCxkTsUEHz/eRghV45H8ihG+NYzYLO9BaNmMfWmkd3gvoBHjNHmvX+AWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSPOvDAkBvPdyEvHAioQNxp7/buMB8GA1UdIwQY
MBaAFG2FBhNhsZ8hLv6QwtjPPu5hfyDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYllVR0UyR3hueUV1X3BEQzJNOC03bUZfSU9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC83ZTdiOGItNzllMC00ZjUxLWI4NjYt
NjdhZDYwZDM4NmRkLzEvdEk4NjhNQ1FHODkzSVM4Y0NLaEEzR252OXU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC83ZTdiOGItNzllMC00ZjUxLWI4NjYtNjdhZDYwZDM4NmRk
LzEvYllVR0UyR3hueUV1X3BEQzJNOC03bUZfSU9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ0QgMA0G
CSqGSIb3DQEBCwUAA4IBAQCA3u3SvZN5krp7eO4c+IFBabnwnaeazNkNYQ8sbCul
6T/kQZdDaTnBiyEygMRr3iU7MOCKou5QuIZiFAxL9GPnJmN/0hga996cT0pZTwap
Dshkr5mDHxrZpoBCOq5MmK8pDv43rmJdzAv/mfODJaE+fnp/Tgr0WyUPvkTIA6zZ
Ba6RdIwW32cwqkmG2VQOYnn7TJ2CgsyS5u43S5hNHQhx4TE6K7QySKLTxMpAUgaj
9oeU3tnVgyTduwkaYhCCxaO0Qlbuu50qfIB0UbRbX6W8UClTjJ2bC0e+A81A+VWM
ECzhHvSTCpG/iWSnHz6Mmo356OqL4k6GlPI5GxDjWymE
-----END CERTIFICATE-----