Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/qedyzo2Aki7iZBV6rwCV1N9a00c.roa
File:                     qedyzo2Aki7iZBV6rwCV1N9a00c.roa (raw, json)
Hash identifier:          QOFb2DLrQQ2grK7W2iUTw5mFL3oTinWGtybuUu2Td0M=
Subject key identifier:   A9:E7:72:CE:8D:80:92:2E:E2:64:15:7A:AF:00:95:D4:DF:5A:D3:47
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       01983BA3C3E3EF1308833D73F7AB495AF349
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/qedyzo2Aki7iZBV6rwCV1N9a00c.roa
Signing time:             Thu 24 Jul 2025 08:54:04 +0000
ROA not before:           Thu 24 Jul 2025 08:54:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61400
IP address blocks:        103.31.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 05:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3b:a3:c3:e3:ef:13:08:83:3d:73:f7:ab:49:5a:f3:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Jul 24 08:54:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9e772ce8d80922ee264157aaf0095d4df5ad347
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:44:86:b9:e1:8d:fd:d4:98:42:e6:5a:89:af:
                    00:93:80:c5:db:1c:1f:6a:85:be:2a:8c:55:e9:99:
                    c3:92:d5:b6:a1:88:d0:60:69:ec:04:26:a8:70:e6:
                    40:fd:46:6a:f6:f0:33:1f:82:0b:a3:84:28:be:6b:
                    e1:ac:57:f2:bb:67:12:63:f6:e3:b0:e2:68:dc:d8:
                    05:01:1b:1c:db:15:02:47:99:82:1c:14:b9:b6:e7:
                    c3:0f:cf:5a:f5:94:15:bf:c5:0f:aa:a7:ee:11:6f:
                    b7:83:ee:2e:3f:94:c8:18:df:bd:64:70:c4:6f:72:
                    0a:5a:45:bb:dc:7b:76:a5:99:b7:f1:e8:dc:75:ce:
                    9c:36:fb:f9:f7:63:3f:32:33:5a:57:ee:ed:ab:8d:
                    36:d0:15:f8:1a:af:4b:0e:9d:a6:ab:18:ed:87:02:
                    06:74:b6:b0:a4:fd:92:22:f0:5e:cb:38:2e:53:1b:
                    0f:2b:3f:71:72:3e:bf:a2:12:a4:83:2c:65:cf:54:
                    24:25:ee:4a:2c:c6:6c:2d:9b:43:96:45:e3:33:29:
                    ea:7c:26:11:b3:48:f0:1d:93:ad:ec:f0:8d:2e:bc:
                    3d:7e:fa:db:8e:b0:f6:a8:c2:d4:9a:89:5e:8c:e6:
                    90:60:86:57:1d:ee:d0:2d:ef:23:c2:b1:52:29:5d:
                    fd:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:E7:72:CE:8D:80:92:2E:E2:64:15:7A:AF:00:95:D4:DF:5A:D3:47
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/qedyzo2Aki7iZBV6rwCV1N9a00c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.31.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:6e:fa:e6:88:34:dd:41:b6:31:bb:04:e9:48:4c:2d:e8:9d:
         f0:e6:55:38:94:10:7d:c9:65:31:50:4b:04:c2:db:ac:55:fe:
         ff:3f:9a:c0:84:40:e5:25:22:f2:9c:69:5e:be:ec:3e:80:37:
         76:54:f0:02:82:5a:d7:a0:fd:e8:54:9d:db:18:16:44:b5:8d:
         cb:91:d3:fe:88:c1:0e:78:91:c3:87:7d:38:0c:7b:6c:af:e9:
         ba:4d:5e:2b:3d:09:cb:71:38:d6:3c:8d:d8:36:b8:bc:6b:64:
         5b:70:cc:c7:bf:61:15:91:d1:62:92:b2:8d:d7:20:98:3b:c7:
         8a:ba:3f:61:de:55:ea:8b:c3:4e:ee:3b:90:5b:45:46:69:74:
         dd:39:76:87:39:66:62:2c:d7:a9:93:96:ac:e2:8a:a8:a3:47:
         6b:65:cb:1e:10:3c:b7:aa:3f:26:8d:b0:26:14:d6:39:c1:10:
         72:30:b1:0b:76:81:9d:ce:9f:d8:dd:57:4c:2b:e8:a6:b9:62:
         e7:ec:4b:b7:c0:85:07:c4:6c:66:53:31:89:a9:4d:17:e4:7c:
         e0:5c:52:4d:68:a1:8f:d4:9c:8a:b9:67:95:04:53:e5:58:16:
         83:b5:a8:01:3f:a8:ae:86:84:b1:62:4d:1f:24:c0:ac:bd:db:
         92:64:84:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg7o8Pj7xMIgz1z96tJWvNJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjUwNzI0MDg1NDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWU3NzJjZThkODA5MjJlZTI2NDE1N2FhZjAwOTVkNGRmNWFkMzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0SGueGN/dSYQuZaia8Ak4DF2xwf
aoW+KoxV6ZnDktW2oYjQYGnsBCaocOZA/UZq9vAzH4ILo4QovmvhrFfyu2cSY/bj
sOJo3NgFARsc2xUCR5mCHBS5tufDD89a9ZQVv8UPqqfuEW+3g+4uP5TIGN+9ZHDE
b3IKWkW73Ht2pZm38ejcdc6cNvv592M/MjNaV+7tq4020BX4Gq9LDp2mqxjthwIG
dLawpP2SIvBeyzguUxsPKz9xcj6/ohKkgyxlz1QkJe5KLMZsLZtDlkXjMynqfCYR
s0jwHZOt7PCNLrw9fvrbjrD2qMLUmolejOaQYIZXHe7QLe8jwrFSKV39CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKnncs6NgJIu4mQVeq8AldTfWtNHMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvcWVkeXpvMkFraTdpWkJWNnJ3Q1YxTjlhMDBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZx9OMA0G
CSqGSIb3DQEBCwUAA4IBAQBIbvrmiDTdQbYxuwTpSEwt6J3w5lU4lBB9yWUxUEsE
wtusVf7/P5rAhEDlJSLynGlevuw+gDd2VPACglrXoP3oVJ3bGBZEtY3LkdP+iMEO
eJHDh304DHtsr+m6TV4rPQnLcTjWPI3YNri8a2RbcMzHv2EVkdFikrKN1yCYO8eK
uj9h3lXqi8NO7juQW0VGaXTdOXaHOWZiLNepk5as4oqoo0drZcseEDy3qj8mjbAm
FNY5wRByMLELdoGdzp/Y3VdMK+imuWLn7Eu3wIUHxGxmUzGJqU0X5HzgXFJNaKGP
1JyKuWeVBFPlWBaDtagBP6iuhoSxYk0fJMCsvduSZIQK
-----END CERTIFICATE-----