Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/tWolCzJmGiFbDZpOFFwVI5908gQ.roa
File:                     tWolCzJmGiFbDZpOFFwVI5908gQ.roa (raw, json)
Hash identifier:          qsuC8zW2ANk8xiXxrpTIYSrBktcbq3QVhx3O446CWGM=
Subject key identifier:   B5:6A:25:0B:32:66:1A:21:5B:0D:9A:4E:14:5C:15:23:9F:74:F2:04
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018F7F58EEAB762D218FA1C4E77C14221247
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/tWolCzJmGiFbDZpOFFwVI5908gQ.roa
Signing time:             Thu 16 May 2024 03:01:25 +0000
ROA not before:           Thu 16 May 2024 03:01:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205175
IP address blocks:        103.100.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7f:58:ee:ab:76:2d:21:8f:a1:c4:e7:7c:14:22:12:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: May 16 03:01:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b56a250b32661a215b0d9a4e145c15239f74f204
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a4:78:0d:0f:14:60:cb:72:25:56:fc:30:3b:
                    9c:dd:34:a7:cf:d7:41:f5:ea:a4:26:15:9b:4f:37:
                    d0:12:c4:44:94:15:39:1b:5b:51:d6:3a:6c:0e:68:
                    12:ec:77:c3:22:af:da:e6:06:38:1e:93:0a:4d:14:
                    1f:67:d2:aa:4f:32:1c:4a:e7:21:11:de:ec:e3:68:
                    bc:08:83:2a:c9:48:37:cd:33:2d:b2:16:99:24:b2:
                    65:22:cd:01:2e:82:3e:5d:78:1f:75:55:67:89:ba:
                    53:5d:66:99:67:e6:ef:c9:be:12:15:28:d0:a8:13:
                    54:d3:d5:7c:a1:ba:76:4e:ff:8e:1f:f7:a6:b6:cc:
                    d5:46:de:cd:3b:19:c0:e0:f2:a0:53:0b:63:4d:10:
                    9a:a7:e3:41:a5:d2:71:1e:89:1b:17:74:9b:71:b6:
                    8e:31:92:b5:b4:f1:f9:75:5d:63:5f:ea:67:bd:64:
                    56:55:de:9a:14:71:ea:9d:4d:f9:af:9c:78:69:c8:
                    82:78:60:44:a6:b6:19:24:fc:73:f5:d6:39:e9:28:
                    e6:87:cf:be:ea:ee:14:10:d1:81:22:3a:f6:d4:5e:
                    9e:ae:b3:72:6f:12:93:dd:17:23:31:b8:8c:d1:fd:
                    e6:44:8d:ae:11:97:8c:aa:c9:40:07:d3:18:04:71:
                    af:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:6A:25:0B:32:66:1A:21:5B:0D:9A:4E:14:5C:15:23:9F:74:F2:04
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/tWolCzJmGiFbDZpOFFwVI5908gQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.100.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:9e:aa:79:8b:c5:8f:56:58:9c:ef:fc:f6:5e:9f:f7:02:75:
         23:d6:ba:6f:0f:86:c0:7e:56:12:9e:78:8f:23:1f:8f:d0:74:
         b8:5c:17:46:8e:60:ce:dd:13:38:78:f6:a1:e2:92:22:fd:ff:
         5c:41:24:cf:95:18:7f:68:b3:80:aa:ba:64:03:64:27:57:3f:
         aa:ba:50:70:cc:d2:f0:1e:e6:ec:b9:8e:f6:d3:22:b1:ee:a9:
         e9:eb:37:c9:d5:24:8c:4a:29:0a:e0:c5:11:81:db:e7:77:bf:
         58:00:ef:75:5d:e5:00:40:95:6f:ad:b5:23:9f:35:fa:20:75:
         34:50:57:9d:e0:89:77:18:4f:88:ff:f7:bf:89:3f:dc:b5:5c:
         07:26:8d:25:45:ee:ed:7d:f5:00:b1:1c:8a:d0:7f:38:8f:01:
         08:33:2a:11:87:6b:1a:7d:77:86:e9:c9:90:35:16:15:b6:c7:
         a8:27:14:17:02:c9:08:3e:e9:16:0f:46:8a:5c:9e:cd:90:87:
         38:c2:f5:b9:65:6f:17:6d:21:17:12:9b:85:ea:a7:7b:55:28:
         3f:f5:78:19:2c:54:9b:87:4e:14:fc:ad:44:86:72:82:f4:8f:
         da:89:98:01:15:55:06:b6:31:1b:c8:21:15:8e:d8:0a:02:42:
         ca:41:a6:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9/WO6rdi0hj6HE53wUIhJHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwNTE2MDMwMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTZhMjUwYjMyNjYxYTIxNWIwZDlhNGUxNDVjMTUyMzlmNzRmMjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKR4DQ8UYMtyJVb8MDuc3TSnz9dB
9eqkJhWbTzfQEsRElBU5G1tR1jpsDmgS7HfDIq/a5gY4HpMKTRQfZ9KqTzIcSuch
Ed7s42i8CIMqyUg3zTMtshaZJLJlIs0BLoI+XXgfdVVnibpTXWaZZ+bvyb4SFSjQ
qBNU09V8obp2Tv+OH/emtszVRt7NOxnA4PKgUwtjTRCap+NBpdJxHokbF3SbcbaO
MZK1tPH5dV1jX+pnvWRWVd6aFHHqnU35r5x4aciCeGBEprYZJPxz9dY56Sjmh8++
6u4UENGBIjr21F6errNybxKT3RcjMbiM0f3mRI2uEZeMqslAB9MYBHGvcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVqJQsyZhohWw2aThRcFSOfdPIEMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvdFdvbEN6Sm1HaUZiRFpwT0ZGd1ZJNTkwOGdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ2SpMA0G
CSqGSIb3DQEBCwUAA4IBAQBBnqp5i8WPVlic7/z2Xp/3AnUj1rpvD4bAflYSnniP
Ix+P0HS4XBdGjmDO3RM4ePah4pIi/f9cQSTPlRh/aLOAqrpkA2QnVz+qulBwzNLw
HubsuY720yKx7qnp6zfJ1SSMSikK4MURgdvnd79YAO91XeUAQJVvrbUjnzX6IHU0
UFed4Il3GE+I//e/iT/ctVwHJo0lRe7tffUAsRyK0H84jwEIMyoRh2safXeG6cmQ
NRYVtseoJxQXAskIPukWD0aKXJ7NkIc4wvW5ZW8XbSEXEpuF6qd7VSg/9XgZLFSb
h04U/K1EhnKC9I/aiZgBFVUGtjEbyCEVjtgKAkLKQabc
-----END CERTIFICATE-----