Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/090d42-b5f7-4cfe-bd6c-6178dbfff555/1/wduzAoCV3X_HT3SwkAkhVbUpjvk.roa
File:                     wduzAoCV3X_HT3SwkAkhVbUpjvk.roa (raw, json)
Hash identifier:          xcQexB5syiRJfDRPxaM63gktKvSVatGww4DJIDGRPJQ=
Subject key identifier:   C1:DB:B3:02:80:95:DD:7F:C7:4F:74:B0:90:09:21:55:B5:29:8E:F9
Certificate issuer:       /CN=7896a8c7e9ba09d2f1d44863670be213fc0ca210
Certificate serial:       01951A12024B81E04BDD68103406BE547FF4
Authority key identifier: 78:96:A8:C7:E9:BA:09:D2:F1:D4:48:63:67:0B:E2:13:FC:0C:A2:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eJaox-m6CdLx1EhjZwviE_wMohA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/090d42-b5f7-4cfe-bd6c-6178dbfff555/1/wduzAoCV3X_HT3SwkAkhVbUpjvk.roa
Signing time:             Tue 18 Feb 2025 17:19:02 +0000
ROA not before:           Tue 18 Feb 2025 17:19:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213719
IP address blocks:        103.143.173.0/24 maxlen: 24
                          2a14:e400::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/090d42-b5f7-4cfe-bd6c-6178dbfff555/1/eJaox-m6CdLx1EhjZwviE_wMohA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/090d42-b5f7-4cfe-bd6c-6178dbfff555/1/eJaox-m6CdLx1EhjZwviE_wMohA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eJaox-m6CdLx1EhjZwviE_wMohA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1a:12:02:4b:81:e0:4b:dd:68:10:34:06:be:54:7f:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7896a8c7e9ba09d2f1d44863670be213fc0ca210
        Validity
            Not Before: Feb 18 17:19:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1dbb3028095dd7fc74f74b090092155b5298ef9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f4:c7:52:e6:2e:25:c2:70:9c:68:b6:e0:5a:
                    9f:4e:4c:16:68:51:33:e1:65:27:20:68:37:93:1f:
                    58:81:0e:8b:fd:fa:af:31:4d:6f:0b:ab:f7:a1:1b:
                    66:8a:91:8a:8a:b4:2f:19:ef:79:7d:9d:eb:d2:0c:
                    dc:af:40:63:26:6b:4a:ee:e5:9c:6f:9a:28:fd:5f:
                    3c:ed:f7:7a:9c:51:48:b3:af:e5:3d:89:de:cd:91:
                    53:ca:61:31:2b:8c:bb:52:1b:b2:ca:81:62:04:e8:
                    90:1d:c4:cd:33:18:12:40:f6:88:68:ff:17:d1:d5:
                    1d:bc:11:7e:79:27:7d:62:f0:4d:d3:ed:7b:6d:53:
                    26:05:f4:cc:e8:6c:4b:17:bf:dc:4c:4a:2e:aa:de:
                    d3:08:68:13:07:4d:c2:6d:5a:4b:d4:dc:80:9d:9c:
                    d5:54:02:46:d4:b2:9f:f0:04:59:08:8b:83:51:4a:
                    b3:3e:b6:95:20:d6:7c:1d:52:59:c9:05:f0:56:9f:
                    f0:57:78:5b:96:21:89:bf:73:b3:9c:3b:1a:bf:36:
                    28:a5:a0:8c:0d:29:82:9d:61:10:aa:a0:30:a9:bd:
                    b6:24:89:a3:00:f7:08:af:da:fe:6a:b5:90:5c:22:
                    cc:fd:17:3e:d2:01:ec:88:1c:b7:a2:1f:b9:db:5e:
                    c9:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:DB:B3:02:80:95:DD:7F:C7:4F:74:B0:90:09:21:55:B5:29:8E:F9
            X509v3 Authority Key Identifier:
                keyid:78:96:A8:C7:E9:BA:09:D2:F1:D4:48:63:67:0B:E2:13:FC:0C:A2:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eJaox-m6CdLx1EhjZwviE_wMohA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/090d42-b5f7-4cfe-bd6c-6178dbfff555/1/wduzAoCV3X_HT3SwkAkhVbUpjvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/090d42-b5f7-4cfe-bd6c-6178dbfff555/1/eJaox-m6CdLx1EhjZwviE_wMohA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.143.173.0/24
                IPv6:
                  2a14:e400::/29

    Signature Algorithm: sha256WithRSAEncryption
         ce:cf:fd:55:73:11:1e:ea:06:45:37:78:cf:ab:63:df:f6:1e:
         61:2f:fa:82:38:eb:1f:7b:d1:ba:46:28:22:3c:7e:84:1a:03:
         01:8f:8d:eb:b9:ba:d3:d9:c9:53:72:38:1e:1b:49:fd:6b:36:
         71:30:b9:d8:38:bd:ca:69:aa:01:11:d9:39:54:9f:d6:6b:9a:
         51:40:e4:9d:c6:f8:a8:3f:c3:eb:55:97:f5:13:26:dd:a8:40:
         14:f7:32:5b:58:c4:7a:6c:c3:0a:20:ad:e5:08:c1:97:27:71:
         61:b3:c0:d1:64:60:81:88:f0:7c:08:d8:b9:01:2c:82:c3:90:
         ed:82:80:e2:93:88:47:dc:62:46:81:e5:4b:a4:60:fd:8d:2a:
         a8:f9:b0:80:33:88:93:75:11:cb:ee:d0:4f:0d:4a:fb:96:81:
         3f:de:e9:08:20:06:42:7c:1a:b6:03:4d:77:83:c2:a2:57:b4:
         ec:0b:2a:06:56:24:ac:4c:bc:07:fb:5c:7f:13:1d:f8:c7:b6:
         8b:b4:cb:9c:d7:f9:6b:1f:99:47:51:46:02:e7:47:00:44:e0:
         40:a0:7f:b9:b1:c2:4c:96:70:bb:27:dc:ef:34:94:96:fe:2e:
         a5:d8:6d:b7:4b:58:24:dd:aa:33:a9:ae:54:1d:80:9d:96:d5:
         55:60:b1:e1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZUaEgJLgeBL3WgQNAa+VH/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4OTZhOGM3ZTliYTA5ZDJmMWQ0NDg2MzY3MGJlMjEzZmMw
Y2EyMTAwHhcNMjUwMjE4MTcxOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWRiYjMwMjgwOTVkZDdmYzc0Zjc0YjA5MDA5MjE1NWI1Mjk4ZWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPTHUuYuJcJwnGi24FqfTkwWaFEz
4WUnIGg3kx9YgQ6L/fqvMU1vC6v3oRtmipGKirQvGe95fZ3r0gzcr0BjJmtK7uWc
b5oo/V887fd6nFFIs6/lPYnezZFTymExK4y7UhuyyoFiBOiQHcTNMxgSQPaIaP8X
0dUdvBF+eSd9YvBN0+17bVMmBfTM6GxLF7/cTEouqt7TCGgTB03CbVpL1NyAnZzV
VAJG1LKf8ARZCIuDUUqzPraVINZ8HVJZyQXwVp/wV3hbliGJv3OznDsavzYopaCM
DSmCnWEQqqAwqb22JImjAPcIr9r+arWQXCLM/Rc+0gHsiBy3oh+5217JBQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMHbswKAld1/x090sJAJIVW1KY75MB8GA1UdIwQY
MBaAFHiWqMfpugnS8dRIY2cL4hP8DKIQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUphb3gtbTZDZEx4MUVoalp3dmlFX3dNb2hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8wOTBkNDItYjVmNy00Y2ZlLWJkNmMt
NjE3OGRiZmZmNTU1LzEvd2R1ekFvQ1YzWF9IVDNTd2tBa2hWYlVwanZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8wOTBkNDItYjVmNy00Y2ZlLWJkNmMtNjE3OGRiZmZmNTU1
LzEvZUphb3gtbTZDZEx4MUVoalp3dmlFX3dNb2hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAZ4+tMA0E
AgACMAcDBQMqFOQAMA0GCSqGSIb3DQEBCwUAA4IBAQDOz/1VcxEe6gZFN3jPq2Pf
9h5hL/qCOOsfe9G6RigiPH6EGgMBj43rubrT2clTcjgeG0n9azZxMLnYOL3KaaoB
Edk5VJ/Wa5pRQOSdxvioP8PrVZf1EybdqEAU9zJbWMR6bMMKIK3lCMGXJ3Fhs8DR
ZGCBiPB8CNi5ASyCw5DtgoDik4hH3GJGgeVLpGD9jSqo+bCAM4iTdRHL7tBPDUr7
loE/3ukIIAZCfBq2A013g8KiV7TsCyoGViSsTLwH+1x/Ex34x7aLtMuc1/lrH5lH
UUYC50cAROBAoH+5scJMlnC7J9zvNJSW/i6l2G23S1gk3aozqa5UHYCdltVVYLHh
-----END CERTIFICATE-----