Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/H3Qth0cf7gR81WfdxKbXnnxjI0w.roa
File:                     H3Qth0cf7gR81WfdxKbXnnxjI0w.roa (raw, json)
Hash identifier:          ZRxi0m0082wOG0W6QJ/cadztjnoHokMJzOLacuBOqlQ=
Subject key identifier:   1F:74:2D:87:47:1F:EE:04:7C:D5:67:DD:C4:A6:D7:9E:7C:63:23:4C
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018CF69443B8A15ED239946EF48009418D34
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/H3Qth0cf7gR81WfdxKbXnnxjI0w.roa
Signing time:             Thu 11 Jan 2024 03:32:40 +0000
ROA not before:           Thu 11 Jan 2024 03:32:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     149457
IP address blocks:        103.25.84.0/24 maxlen: 24
                          146.19.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f6:94:43:b8:a1:5e:d2:39:94:6e:f4:80:09:41:8d:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan 11 03:32:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f742d87471fee047cd567ddc4a6d79e7c63234c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b4:d6:5f:e7:e9:e7:2a:09:27:7b:98:7d:5d:
                    c5:10:68:6b:34:23:f1:07:55:c0:b6:2e:1d:66:24:
                    0d:31:cf:b9:4f:87:a5:fe:e0:a5:80:bc:59:e6:f6:
                    2b:85:ad:96:55:42:69:ae:b9:49:73:c1:ab:59:58:
                    ab:76:8b:08:87:0d:0f:dc:bf:3e:36:1a:d1:c1:53:
                    da:66:27:cb:2a:c8:c5:cb:13:57:67:04:3c:a3:da:
                    80:aa:d9:31:3b:8a:63:30:a4:53:39:bd:e3:80:de:
                    f0:5f:cc:19:69:0a:6e:ed:30:9e:8c:79:d5:01:30:
                    cf:da:71:cd:29:f6:3f:55:c5:17:52:2e:6f:02:c0:
                    6d:be:97:a7:aa:08:b0:cb:05:f5:2c:6a:87:36:46:
                    3c:18:1d:4d:6b:3d:76:ec:f1:b2:7b:b3:87:6b:85:
                    b2:dc:03:89:78:67:e4:65:e7:ea:24:51:8e:48:39:
                    20:fa:7c:a3:7d:48:6f:7b:5a:b5:4f:a0:ce:2a:ba:
                    6b:04:44:dc:3b:5d:5f:8f:a5:c5:f4:57:a4:66:d6:
                    1d:7f:8a:a3:58:c5:63:b0:d6:1f:c1:e5:ca:2d:81:
                    cf:78:72:d9:6f:92:23:2b:4e:c2:b4:34:e3:81:a3:
                    2b:dc:44:32:c1:b7:1a:38:5a:2d:a2:49:09:81:0f:
                    c8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:74:2D:87:47:1F:EE:04:7C:D5:67:DD:C4:A6:D7:9E:7C:63:23:4C
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/H3Qth0cf7gR81WfdxKbXnnxjI0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.25.84.0/24
                  146.19.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:8b:98:58:b0:68:9f:5c:1e:83:d4:1e:f8:20:0f:80:23:d1:
         1c:4d:93:5d:41:cb:82:75:75:99:f8:c3:46:ce:55:7d:5d:4c:
         0e:0c:9e:90:de:35:5b:95:5a:2f:39:77:9e:a5:fe:83:15:06:
         2d:6c:2e:95:ba:4d:f3:3d:15:02:ff:3b:b8:6a:66:c8:8a:3f:
         08:99:06:86:f2:5b:e2:b9:75:76:12:a0:40:d3:9c:e8:85:ca:
         b9:6d:d8:a3:df:e8:33:13:a2:c2:41:39:ff:bb:51:8c:e5:71:
         a8:44:20:ff:a3:6d:f7:c4:0f:38:6f:9c:43:c9:40:40:5e:dc:
         4c:60:44:de:44:b5:fb:ca:f3:4f:fa:8a:31:1d:53:f8:25:2f:
         a0:27:7f:04:9d:67:04:80:19:a5:be:d4:3e:3d:6b:51:80:5e:
         e6:14:d6:cd:93:2b:62:89:24:63:c4:91:b3:ca:5d:67:d5:68:
         57:89:2f:80:51:f9:b6:5c:9a:d2:ac:61:1d:3c:23:6b:ca:bf:
         58:68:9b:7e:c4:54:bd:18:3a:a5:72:08:91:bb:b9:8c:70:98:
         47:95:5f:d9:d2:1c:9b:22:65:ac:2b:38:b6:12:7e:78:3f:3a:
         98:72:b9:92:be:54:15:bd:35:75:1c:b3:2f:a8:fc:ac:df:40:
         43:d5:da:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYz2lEO4oV7SOZRu9IAJQY00MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTExMDMzMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjc0MmQ4NzQ3MWZlZTA0N2NkNTY3ZGRjNGE2ZDc5ZTdjNjMyMzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7TWX+fp5yoJJ3uYfV3FEGhrNCPx
B1XAti4dZiQNMc+5T4el/uClgLxZ5vYrha2WVUJprrlJc8GrWVirdosIhw0P3L8+
NhrRwVPaZifLKsjFyxNXZwQ8o9qAqtkxO4pjMKRTOb3jgN7wX8wZaQpu7TCejHnV
ATDP2nHNKfY/VcUXUi5vAsBtvpenqgiwywX1LGqHNkY8GB1Naz127PGye7OHa4Wy
3AOJeGfkZefqJFGOSDkg+nyjfUhve1q1T6DOKrprBETcO11fj6XF9FekZtYdf4qj
WMVjsNYfweXKLYHPeHLZb5IjK07CtDTjgaMr3EQywbcaOFotokkJgQ/IzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB90LYdHH+4EfNVn3cSm1558YyNMMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvSDNRdGgwY2Y3Z1I4MVdmZHhLYlhubnhqSTB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZxlUAwQA
khOHMA0GCSqGSIb3DQEBCwUAA4IBAQBai5hYsGifXB6D1B74IA+AI9EcTZNdQcuC
dXWZ+MNGzlV9XUwODJ6Q3jVblVovOXeepf6DFQYtbC6Vuk3zPRUC/zu4ambIij8I
mQaG8lviuXV2EqBA05zohcq5bdij3+gzE6LCQTn/u1GM5XGoRCD/o233xA84b5xD
yUBAXtxMYETeRLX7yvNP+ooxHVP4JS+gJ38EnWcEgBmlvtQ+PWtRgF7mFNbNkyti
iSRjxJGzyl1n1WhXiS+AUfm2XJrSrGEdPCNryr9YaJt+xFS9GDqlcgiRu7mMcJhH
lV/Z0hybImWsKzi2En54PzqYcrmSvlQVvTV1HLMvqPys30BD1dpE
-----END CERTIFICATE-----