Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/04ab46-83f3-415b-883a-c7c326d7a364/1/tYll2xbaNFG_c4AGG6E_lCJk4vU.roa
File:                     tYll2xbaNFG_c4AGG6E_lCJk4vU.roa (raw, json)
Hash identifier:          k74WPr0EctFHJiQVpeDDnJj5kq++fWW/6iG3+sljF6s=
Subject key identifier:   B5:89:65:DB:16:DA:34:51:BF:73:80:06:1B:A1:3F:94:22:64:E2:F5
Certificate issuer:       /CN=a4932fa49564a576a6143e45f815668f200d7637
Certificate serial:       018CC349538BD689EA2277ABDE12D4F3F1F3
Authority key identifier: A4:93:2F:A4:95:64:A5:76:A6:14:3E:45:F8:15:66:8F:20:0D:76:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJMvpJVkpXamFD5F-BVmjyANdjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/04ab46-83f3-415b-883a-c7c326d7a364/1/tYll2xbaNFG_c4AGG6E_lCJk4vU.roa
Signing time:             Mon 01 Jan 2024 04:30:11 +0000
ROA not before:           Mon 01 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200366
IP address blocks:        103.76.166.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/04ab46-83f3-415b-883a-c7c326d7a364/1/pJMvpJVkpXamFD5F-BVmjyANdjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/04ab46-83f3-415b-883a-c7c326d7a364/1/pJMvpJVkpXamFD5F-BVmjyANdjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJMvpJVkpXamFD5F-BVmjyANdjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:53:8b:d6:89:ea:22:77:ab:de:12:d4:f3:f1:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4932fa49564a576a6143e45f815668f200d7637
        Validity
            Not Before: Jan  1 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b58965db16da3451bf7380061ba13f942264e2f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:78:be:f0:43:9e:48:10:10:45:09:09:8b:bb:
                    69:06:09:22:b7:ef:94:94:0d:5a:f7:0b:7b:64:42:
                    47:64:11:aa:33:10:34:f9:de:30:bb:8f:c9:c1:09:
                    16:d6:96:49:f0:c9:82:da:9b:2f:2f:f6:2a:7f:cd:
                    29:1f:d6:ed:40:5e:b2:68:f1:ed:7e:d5:c2:b1:1a:
                    59:f8:28:75:4b:11:d6:f8:b4:83:17:a0:65:9e:30:
                    0b:2e:11:59:b4:ba:8b:05:85:ab:44:40:af:34:bb:
                    30:21:84:80:a0:2a:59:e5:b4:e3:3c:7f:00:6e:8c:
                    be:61:f7:5c:c7:3f:d7:fe:81:c5:88:0c:68:a0:26:
                    a3:85:3e:02:aa:33:44:4a:80:dc:3b:7f:03:0b:8f:
                    9c:bc:a0:48:2e:fb:6d:c2:1c:19:00:26:db:5a:3c:
                    30:9f:29:25:36:03:f2:50:23:8e:4e:50:3f:85:6b:
                    31:ba:87:a0:48:ce:8d:21:a4:ec:36:a1:54:5e:fb:
                    f9:55:c4:08:d9:b6:25:15:75:24:1a:da:75:75:81:
                    1d:4d:ce:ec:1b:65:29:de:1d:46:e2:42:58:3f:6d:
                    a8:b1:aa:8c:a3:46:c3:7a:d7:58:af:4b:cb:6b:85:
                    33:4e:b1:a8:00:1d:e3:c5:a5:df:2a:fc:30:23:6c:
                    16:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:89:65:DB:16:DA:34:51:BF:73:80:06:1B:A1:3F:94:22:64:E2:F5
            X509v3 Authority Key Identifier:
                keyid:A4:93:2F:A4:95:64:A5:76:A6:14:3E:45:F8:15:66:8F:20:0D:76:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJMvpJVkpXamFD5F-BVmjyANdjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/04ab46-83f3-415b-883a-c7c326d7a364/1/tYll2xbaNFG_c4AGG6E_lCJk4vU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/04ab46-83f3-415b-883a-c7c326d7a364/1/pJMvpJVkpXamFD5F-BVmjyANdjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.76.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a7:8a:e0:37:a5:fc:5f:14:c8:1a:d7:67:d5:60:78:d2:2f:8c:
         fc:74:18:e7:e7:7c:06:5f:16:b1:cb:fb:54:14:3e:77:bd:df:
         01:cb:4d:af:d6:dd:da:54:ad:d5:bb:d0:e2:d4:18:4c:7e:99:
         61:0d:dc:94:37:b0:b1:f9:8d:78:f2:e6:6b:a3:5e:30:8e:78:
         ea:1c:3c:fe:25:d1:b4:3f:3d:41:6e:2f:d7:58:4e:b3:0f:32:
         55:67:84:37:55:f3:ed:29:16:53:91:ec:38:06:79:82:3b:6d:
         98:11:e5:c9:ae:ac:c7:54:88:ae:86:cc:9a:79:a8:bf:c0:cd:
         00:2d:f0:cf:95:a2:9a:77:46:da:70:0f:7c:85:a7:aa:89:31:
         4f:9d:73:9a:60:59:80:83:7b:d3:87:6a:f1:b0:04:4f:c1:fd:
         ad:0c:76:8b:ae:b8:67:28:cd:2e:95:41:32:e9:95:54:d9:b2:
         05:79:1a:f7:e2:b9:a2:9b:1e:0f:e5:cf:af:97:85:bd:04:7a:
         d0:28:62:86:37:b7:15:7e:e8:af:77:6b:3a:6f:63:5d:bf:b1:
         e8:ab:c4:2c:c5:f9:54:73:8f:11:4b:7c:1d:77:ab:1a:60:fb:
         42:55:f9:f2:81:40:6a:07:a6:6e:72:57:11:5e:fd:dc:ff:02:
         29:45:de:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVOL1onqIner3hLU8/HzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OTMyZmE0OTU2NGE1NzZhNjE0M2U0NWY4MTU2NjhmMjAw
ZDc2MzcwHhcNMjQwMTAxMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTg5NjVkYjE2ZGEzNDUxYmY3MzgwMDYxYmExM2Y5NDIyNjRlMmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3i+8EOeSBAQRQkJi7tpBgkit++U
lA1a9wt7ZEJHZBGqMxA0+d4wu4/JwQkW1pZJ8MmC2psvL/Yqf80pH9btQF6yaPHt
ftXCsRpZ+Ch1SxHW+LSDF6BlnjALLhFZtLqLBYWrRECvNLswIYSAoCpZ5bTjPH8A
boy+Yfdcxz/X/oHFiAxooCajhT4CqjNESoDcO38DC4+cvKBILvttwhwZACbbWjww
nyklNgPyUCOOTlA/hWsxuoegSM6NIaTsNqFUXvv5VcQI2bYlFXUkGtp1dYEdTc7s
G2Up3h1G4kJYP22osaqMo0bDetdYr0vLa4UzTrGoAB3jxaXfKvwwI2wWdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWJZdsW2jRRv3OABhuhP5QiZOL1MB8GA1UdIwQY
MBaAFKSTL6SVZKV2phQ+RfgVZo8gDXY3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEpNdnBKVmtwWGFtRkQ1Ri1CVm1qeUFOZGpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8wNGFiNDYtODNmMy00MTViLTg4M2Et
YzdjMzI2ZDdhMzY0LzEvdFlsbDJ4YmFORkdfYzRBR0c2RV9sQ0prNHZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8wNGFiNDYtODNmMy00MTViLTg4M2EtYzdjMzI2ZDdhMzY0
LzEvcEpNdnBKVmtwWGFtRkQ1Ri1CVm1qeUFOZGpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZ0ymMA0G
CSqGSIb3DQEBCwUAA4IBAQCniuA3pfxfFMga12fVYHjSL4z8dBjn53wGXxaxy/tU
FD53vd8By02v1t3aVK3Vu9Di1BhMfplhDdyUN7Cx+Y148uZro14wjnjqHDz+JdG0
Pz1Bbi/XWE6zDzJVZ4Q3VfPtKRZTkew4BnmCO22YEeXJrqzHVIiuhsyaeai/wM0A
LfDPlaKad0bacA98haeqiTFPnXOaYFmAg3vTh2rxsARPwf2tDHaLrrhnKM0ulUEy
6ZVU2bIFeRr34rmimx4P5c+vl4W9BHrQKGKGN7cVfuivd2s6b2Ndv7Hoq8QsxflU
c48RS3wdd6saYPtCVfnygUBqB6ZuclcRXv3c/wIpRd6n
-----END CERTIFICATE-----