Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/rZvHv5_4nt07SBoTokzm7g45z6g.roa
File:                     rZvHv5_4nt07SBoTokzm7g45z6g.roa (raw, json)
Hash identifier:          JYMW9qtY84K0bz/drAQyRptela4V6/gxOAkDjUTrdZE=
Subject key identifier:   AD:9B:C7:BF:9F:F8:9E:DD:3B:48:1A:13:A2:4C:E6:EE:0E:39:CF:A8
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018E316807CF5846386961136A2B208D5D42
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/rZvHv5_4nt07SBoTokzm7g45z6g.roa
Signing time:             Tue 12 Mar 2024 06:44:45 +0000
ROA not before:           Tue 12 Mar 2024 06:44:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212517
IP address blocks:        103.211.102.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:31:68:07:cf:58:46:38:69:61:13:6a:2b:20:8d:5d:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Mar 12 06:44:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad9bc7bf9ff89edd3b481a13a24ce6ee0e39cfa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d2:33:9a:73:28:00:31:bb:58:8a:9c:71:0e:
                    52:e5:f4:e1:42:17:fa:84:59:74:ee:d5:fb:9f:6d:
                    f2:f6:5a:25:28:8c:1a:47:e3:b8:15:25:eb:4c:09:
                    1e:0d:5b:c0:c2:04:09:39:ce:91:3f:47:2e:8d:81:
                    4e:10:97:ee:a8:08:da:68:fb:94:fd:ac:b7:17:8a:
                    f0:99:af:56:98:e9:00:26:42:32:fd:75:d9:90:09:
                    67:ae:21:d5:9c:c2:ac:ac:ed:07:29:f7:26:77:1c:
                    d0:54:52:de:f4:b5:85:c5:56:3d:13:1b:66:da:d1:
                    45:21:7b:bd:e5:b3:8a:c7:25:51:c4:8f:b2:38:32:
                    32:40:98:0a:f9:02:74:31:73:70:63:ae:89:7a:0b:
                    13:00:f7:24:56:78:06:32:99:63:08:80:ce:aa:4d:
                    86:db:4f:d2:2e:00:9f:52:41:18:e8:74:d2:62:2f:
                    b3:22:8c:e0:db:36:43:f1:96:ea:85:0e:3b:45:c9:
                    ce:1b:ed:19:40:de:58:86:40:e4:fb:fc:9b:11:9d:
                    46:a7:9d:13:8b:bb:79:f2:6a:d3:9e:8e:20:dd:91:
                    1c:e7:93:74:43:b4:fa:81:30:5b:12:81:5f:bc:27:
                    f5:a8:84:f9:3f:16:e5:f0:9b:49:ca:6e:34:2c:4d:
                    8b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:9B:C7:BF:9F:F8:9E:DD:3B:48:1A:13:A2:4C:E6:EE:0E:39:CF:A8
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/rZvHv5_4nt07SBoTokzm7g45z6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.211.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:59:a5:cd:38:33:9a:c7:76:8b:af:b7:9f:cb:57:78:3f:e8:
         0f:ad:32:16:bd:57:d6:14:ae:c7:4d:d9:8c:79:3b:b5:62:6a:
         5d:27:a2:7f:57:76:89:51:54:c9:f2:cc:6c:ca:eb:84:74:9d:
         c6:9a:38:ee:5c:de:72:4d:dd:cd:5f:22:0c:a3:4b:3a:73:62:
         af:40:6c:b5:5d:28:35:1f:1c:a9:9c:6e:0d:54:82:0b:12:5e:
         50:fc:1b:de:7e:50:33:44:03:0f:3d:83:4b:cd:60:f2:bf:71:
         a4:11:1d:eb:9e:07:42:7c:e5:62:d1:1d:86:86:9d:46:3a:e7:
         d3:3d:80:ad:f8:02:1d:ca:ea:d5:bb:c4:46:5d:d7:19:91:d7:
         fb:5b:ca:1b:d9:2f:8b:31:d0:14:4c:bb:44:a5:b4:47:31:0d:
         4b:02:55:c7:a3:f4:9a:51:e4:de:81:5a:12:61:53:19:84:51:
         06:62:7b:55:42:04:c4:31:9c:24:be:fa:36:96:76:48:50:0d:
         65:2b:99:0b:92:c7:f5:b5:ce:86:f9:71:65:f1:ee:c0:40:5d:
         c6:09:89:f8:b5:5e:48:23:db:f2:bf:d9:cc:90:04:e3:3c:d9:
         9e:f8:d7:10:f7:9c:80:97:cb:17:28:11:3a:d1:7f:de:e5:7c:
         9f:26:b0:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4xaAfPWEY4aWETaisgjV1CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMzEyMDY0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDliYzdiZjlmZjg5ZWRkM2I0ODFhMTNhMjRjZTZlZTBlMzljZmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9IzmnMoADG7WIqccQ5S5fThQhf6
hFl07tX7n23y9lolKIwaR+O4FSXrTAkeDVvAwgQJOc6RP0cujYFOEJfuqAjaaPuU
/ay3F4rwma9WmOkAJkIy/XXZkAlnriHVnMKsrO0HKfcmdxzQVFLe9LWFxVY9Extm
2tFFIXu95bOKxyVRxI+yODIyQJgK+QJ0MXNwY66JegsTAPckVngGMpljCIDOqk2G
20/SLgCfUkEY6HTSYi+zIozg2zZD8ZbqhQ47RcnOG+0ZQN5YhkDk+/ybEZ1Gp50T
i7t58mrTno4g3ZEc55N0Q7T6gTBbEoFfvCf1qIT5Pxbl8JtJym40LE2L1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK2bx7+f+J7dO0gaE6JM5u4OOc+oMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvclp2SHY1XzRudDA3U0JvVG9rem03ZzQ1ejZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZ9NmMA0G
CSqGSIb3DQEBCwUAA4IBAQByWaXNODOax3aLr7efy1d4P+gPrTIWvVfWFK7HTdmM
eTu1YmpdJ6J/V3aJUVTJ8sxsyuuEdJ3GmjjuXN5yTd3NXyIMo0s6c2KvQGy1XSg1
HxypnG4NVIILEl5Q/BveflAzRAMPPYNLzWDyv3GkER3rngdCfOVi0R2Ghp1GOufT
PYCt+AIdyurVu8RGXdcZkdf7W8ob2S+LMdAUTLtEpbRHMQ1LAlXHo/SaUeTegVoS
YVMZhFEGYntVQgTEMZwkvvo2lnZIUA1lK5kLksf1tc6G+XFl8e7AQF3GCYn4tV5I
I9vyv9nMkATjPNme+NcQ95yAl8sXKBE60X/e5XyfJrCw
-----END CERTIFICATE-----