Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/38op26Ug3xTUscX891usud_9BzU.roa
File:                     38op26Ug3xTUscX891usud_9BzU.roa (raw, json)
Hash identifier:          ogSXZZRo/rmFLLtLpbDS2WCTQGG5mp5q4uazkbb30pY=
Subject key identifier:   DF:CA:29:DB:A5:20:DF:14:D4:B1:C5:FC:F7:5B:AC:B9:DF:FD:07:35
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       018DAF57C7F126067DFA40BC00972DD98D47
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/38op26Ug3xTUscX891usud_9BzU.roa
Signing time:             Fri 16 Feb 2024 00:36:22 +0000
ROA not before:           Fri 16 Feb 2024 00:36:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40676
IP address blocks:        103.130.179.0/24 maxlen: 24
                          193.148.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:af:57:c7:f1:26:06:7d:fa:40:bc:00:97:2d:d9:8d:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Feb 16 00:36:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfca29dba520df14d4b1c5fcf75bacb9dffd0735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3c:11:c0:87:97:a7:28:06:4c:b9:70:44:62:
                    80:17:10:ae:2c:54:28:c6:3f:ba:76:60:a8:88:c2:
                    35:9e:58:be:45:e2:ca:b4:1e:92:6f:fc:8b:84:97:
                    db:1c:e3:9d:cf:be:d8:36:2f:f5:9b:78:66:dc:f8:
                    d3:0e:32:3a:c8:3d:58:08:41:08:5f:e6:aa:52:15:
                    2d:1e:3f:51:e9:3c:11:e0:3e:b0:ea:d8:10:a4:0d:
                    7e:43:51:e7:37:52:c1:39:c0:d5:54:b3:49:b1:30:
                    8c:30:6d:67:7d:5e:32:7f:18:6b:35:ba:c9:f5:5f:
                    fe:0b:34:f6:27:6d:ec:50:c9:1f:5b:77:b5:38:f5:
                    8b:0d:dd:5d:4a:00:2f:6a:db:2c:20:af:80:59:f8:
                    5a:bb:d6:e2:50:e4:04:15:30:22:e8:c8:03:6a:06:
                    a1:2d:cf:52:ef:e3:19:c7:70:b7:b1:bf:4a:80:16:
                    fb:01:49:28:7e:f9:b1:da:e8:e9:30:c7:97:17:60:
                    94:d8:ee:40:ce:53:65:3a:a1:53:e5:fa:38:e2:f8:
                    c4:d7:1d:c1:74:a9:94:54:68:62:0d:8c:09:70:54:
                    36:d2:4c:11:30:3a:08:7d:85:aa:57:16:57:20:f6:
                    03:2e:eb:2a:20:ce:17:5a:9c:59:c2:d4:06:2d:81:
                    ab:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:CA:29:DB:A5:20:DF:14:D4:B1:C5:FC:F7:5B:AC:B9:DF:FD:07:35
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/38op26Ug3xTUscX891usud_9BzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.130.179.0/24
                  193.148.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:9c:75:0c:e8:c5:f1:c2:f1:0c:06:72:e1:79:31:42:08:33:
         44:7f:93:c8:be:e4:f3:ec:bd:6d:b4:9c:c4:44:6f:da:dc:2a:
         77:25:ad:89:07:a5:38:e8:ac:5b:43:7f:73:42:68:cd:fc:f7:
         7e:37:f8:30:9e:74:36:bc:e7:e4:c5:15:be:2f:4d:44:5d:72:
         60:4f:d9:e6:32:dd:a9:52:24:1f:63:0e:f3:06:ed:0b:d9:3a:
         94:7a:36:da:14:76:35:35:63:fb:08:f7:4c:4d:07:87:27:d0:
         86:b3:56:f7:11:a4:8c:e1:d6:ea:11:f9:5a:c3:08:f7:3c:16:
         94:78:8b:82:06:42:18:45:5f:7e:16:b6:ad:f8:6d:04:e7:42:
         7d:8b:af:b6:dd:d0:16:52:06:a0:b0:68:ff:ea:7f:83:06:1a:
         cd:b3:e6:d3:36:21:92:fa:90:c5:4a:1a:6f:14:69:84:b6:72:
         12:d2:fe:2d:b7:d5:b5:06:10:fa:2b:c6:1a:49:12:6e:d0:57:
         fa:35:2e:6a:87:12:4c:29:4c:e5:8d:0f:89:ae:02:25:c1:b8:
         3d:0e:c4:fe:0c:cc:04:7c:11:fd:b2:00:5b:9b:2c:8a:36:a7:
         13:48:27:f9:73:51:7a:2e:8c:0c:cd:ca:a3:a6:66:e1:9b:73:
         68:7e:ba:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2vV8fxJgZ9+kC8AJct2Y1HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjQwMjE2MDAzNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmNhMjlkYmE1MjBkZjE0ZDRiMWM1ZmNmNzViYWNiOWRmZmQwNzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjwRwIeXpygGTLlwRGKAFxCuLFQo
xj+6dmCoiMI1nli+ReLKtB6Sb/yLhJfbHOOdz77YNi/1m3hm3PjTDjI6yD1YCEEI
X+aqUhUtHj9R6TwR4D6w6tgQpA1+Q1HnN1LBOcDVVLNJsTCMMG1nfV4yfxhrNbrJ
9V/+CzT2J23sUMkfW3e1OPWLDd1dSgAvatssIK+AWfhau9biUOQEFTAi6MgDagah
Lc9S7+MZx3C3sb9KgBb7AUkofvmx2ujpMMeXF2CU2O5AzlNlOqFT5fo44vjE1x3B
dKmUVGhiDYwJcFQ20kwRMDoIfYWqVxZXIPYDLusqIM4XWpxZwtQGLYGrXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN/KKdulIN8U1LHF/PdbrLnf/Qc1MB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvMzhvcDI2VWczeFRVc2NYODkxdXN1ZF85QnpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ4KzAwQA
wZRfMA0GCSqGSIb3DQEBCwUAA4IBAQBmnHUM6MXxwvEMBnLheTFCCDNEf5PIvuTz
7L1ttJzERG/a3Cp3Ja2JB6U46KxbQ39zQmjN/Pd+N/gwnnQ2vOfkxRW+L01EXXJg
T9nmMt2pUiQfYw7zBu0L2TqUejbaFHY1NWP7CPdMTQeHJ9CGs1b3EaSM4dbqEfla
wwj3PBaUeIuCBkIYRV9+Frat+G0E50J9i6+23dAWUgagsGj/6n+DBhrNs+bTNiGS
+pDFShpvFGmEtnIS0v4tt9W1BhD6K8YaSRJu0Ff6NS5qhxJMKUzljQ+JrgIlwbg9
DsT+DMwEfBH9sgBbmyyKNqcTSCf5c1F6LowMzcqjpmbhm3NofrrD
-----END CERTIFICATE-----