Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/kcXN-F7FKKYYQyo9MAgMeaZV5TU.roa
File:                     kcXN-F7FKKYYQyo9MAgMeaZV5TU.roa (raw, json)
Hash identifier:          M8/KUSlUqjylonC/025baU5p/LikhSk8QY+tbVtk55g=
Subject key identifier:   91:C5:CD:F8:5E:C5:28:A6:18:43:2A:3D:30:08:0C:79:A6:55:E5:35
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       01981DDAA88DCE47C02319AC7BCE02B98691
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/kcXN-F7FKKYYQyo9MAgMeaZV5TU.roa
Signing time:             Fri 18 Jul 2025 14:05:25 +0000
ROA not before:           Fri 18 Jul 2025 14:05:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        103.17.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1d:da:a8:8d:ce:47:c0:23:19:ac:7b:ce:02:b9:86:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Jul 18 14:05:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91c5cdf85ec528a618432a3d30080c79a655e535
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:eb:25:df:68:71:d3:93:3f:30:dd:50:96:51:
                    bd:de:3f:7f:87:2c:cc:36:7f:47:55:ac:4e:59:d9:
                    ac:49:da:7b:68:ab:5a:bc:a2:85:ee:7b:3b:33:70:
                    14:ee:a6:da:4d:65:36:db:0b:86:fe:1c:96:b1:c1:
                    65:bd:c5:72:27:29:0b:fe:f7:5e:3b:1a:16:22:cb:
                    61:d2:5b:4d:51:fd:d5:f3:c0:9a:4d:66:91:7d:b8:
                    c9:d6:69:86:50:2f:f8:86:b4:2a:c2:12:33:c0:10:
                    63:8d:91:da:79:53:da:6b:c1:b1:fe:e0:48:92:9f:
                    74:6f:50:75:89:a8:e1:de:a3:bf:4a:a8:ca:df:3d:
                    ab:b4:61:40:b1:ad:ce:d8:bc:fe:a5:3e:88:2a:fd:
                    b1:23:5b:4b:65:3b:5e:9a:7c:8c:62:d0:d3:93:9a:
                    2a:28:a7:9c:8e:21:48:49:78:48:ba:7a:42:1e:68:
                    3d:a4:7a:a5:84:1b:f3:2a:24:6f:16:27:42:89:2a:
                    2c:11:6c:36:3a:6e:de:24:19:ea:51:40:fe:a5:26:
                    4e:1f:8a:ef:97:fe:f8:0c:cb:d1:25:a6:cb:15:1a:
                    28:e1:be:59:cd:05:eb:6d:28:f6:f2:d7:7a:a4:ca:
                    a8:74:f4:3b:d9:ba:f8:c2:1f:ab:7c:71:5b:33:67:
                    26:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:C5:CD:F8:5E:C5:28:A6:18:43:2A:3D:30:08:0C:79:A6:55:E5:35
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/kcXN-F7FKKYYQyo9MAgMeaZV5TU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.17.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:06:7e:20:15:ed:c3:b4:41:0d:aa:ee:a9:bd:8e:4e:c0:09:
         74:e7:e9:51:89:c9:72:9c:47:47:7b:bd:96:ca:56:7d:a7:af:
         08:43:bf:c9:11:66:39:91:e9:1a:f4:78:2c:2e:8a:d8:1a:db:
         a4:25:7e:64:5c:8b:51:7b:de:94:3a:da:80:48:79:63:a2:bc:
         fe:11:79:3a:60:b2:ac:62:e8:71:5f:48:e0:5c:e1:11:1b:f7:
         e8:d5:87:5c:1b:93:59:cc:6b:f6:1b:8b:10:79:a5:69:9b:a8:
         fb:59:80:eb:0f:6c:23:ae:95:16:5b:95:68:53:26:b9:5b:81:
         28:e4:45:ce:fa:c8:f5:da:46:b8:92:49:b4:2a:40:38:a0:42:
         22:6c:b6:30:0d:c4:47:44:79:66:da:0b:65:68:a0:32:ef:00:
         2c:d3:20:90:a5:63:e8:21:47:b0:5f:cb:42:44:d8:8a:a1:64:
         e4:d2:0c:dc:00:21:0d:fb:57:d1:e5:01:71:0d:d1:38:6c:63:
         56:45:96:b3:9d:b4:67:4c:34:56:9a:71:a1:54:02:70:84:de:
         c8:d6:75:3f:95:72:84:f3:7f:a8:4d:98:af:7a:50:53:6b:f0:
         b2:93:82:9e:d0:59:6f:47:cc:c7:ba:83:a5:96:68:ab:44:bc:
         77:84:84:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgd2qiNzkfAIxmse84CuYaRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwNzE4MTQwNTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWM1Y2RmODVlYzUyOGE2MTg0MzJhM2QzMDA4MGM3OWE2NTVlNTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOsl32hx05M/MN1QllG93j9/hyzM
Nn9HVaxOWdmsSdp7aKtavKKF7ns7M3AU7qbaTWU22wuG/hyWscFlvcVyJykL/vde
OxoWIsth0ltNUf3V88CaTWaRfbjJ1mmGUC/4hrQqwhIzwBBjjZHaeVPaa8Gx/uBI
kp90b1B1iajh3qO/SqjK3z2rtGFAsa3O2Lz+pT6IKv2xI1tLZTtemnyMYtDTk5oq
KKecjiFISXhIunpCHmg9pHqlhBvzKiRvFidCiSosEWw2Om7eJBnqUUD+pSZOH4rv
l/74DMvRJabLFRoo4b5ZzQXrbSj28td6pMqodPQ72br4wh+rfHFbM2cmqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHFzfhexSimGEMqPTAIDHmmVeU1MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEva2NYTi1GN0ZLS1lZUXlvOU1BZ01lYVpWNVRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZxFhMA0G
CSqGSIb3DQEBCwUAA4IBAQAzBn4gFe3DtEENqu6pvY5OwAl05+lRiclynEdHe72W
ylZ9p68IQ7/JEWY5keka9HgsLorYGtukJX5kXItRe96UOtqASHljorz+EXk6YLKs
YuhxX0jgXOERG/fo1YdcG5NZzGv2G4sQeaVpm6j7WYDrD2wjrpUWW5VoUya5W4Eo
5EXO+sj12ka4kkm0KkA4oEIibLYwDcRHRHlm2gtlaKAy7wAs0yCQpWPoIUewX8tC
RNiKoWTk0gzcACEN+1fR5QFxDdE4bGNWRZaznbRnTDRWmnGhVAJwhN7I1nU/lXKE
83+oTZivelBTa/Cyk4Ke0FlvR8zHuoOllmirRLx3hIT9
-----END CERTIFICATE-----