Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/LvOK8NNX9N0vTRMFrJFC1id72wg.roa
File:                     LvOK8NNX9N0vTRMFrJFC1id72wg.roa (raw, json)
Hash identifier:          dGRz165MXipBaFxiU68vMoc1BIO7mXJiBn9LTkiWu0M=
Subject key identifier:   2E:F3:8A:F0:D3:57:F4:DD:2F:4D:13:05:AC:91:42:D6:27:7B:DB:08
Certificate issuer:       /CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
Certificate serial:       018CC500A91DA1932EBA30108244F375D1C1
Authority key identifier: 9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/LvOK8NNX9N0vTRMFrJFC1id72wg.roa
Signing time:             Mon 01 Jan 2024 12:30:03 +0000
ROA not before:           Mon 01 Jan 2024 12:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59940
IP address blocks:        103.112.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 06:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:a9:1d:a1:93:2e:ba:30:10:82:44:f3:75:d1:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
        Validity
            Not Before: Jan  1 12:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ef38af0d357f4dd2f4d1305ac9142d6277bdb08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:46:df:51:a1:09:ea:61:49:44:a6:0a:0f:81:
                    ef:c4:3a:a9:76:66:99:d9:c2:92:a4:a8:5f:45:0b:
                    09:ec:5b:e5:0d:dd:bd:d2:e3:65:1f:24:dc:ea:d4:
                    0f:01:ab:a0:98:06:a2:e2:ba:ab:ac:07:92:15:cd:
                    c1:ce:af:03:15:2f:80:35:aa:32:37:fc:b8:a3:db:
                    05:79:ee:b0:b7:fc:ea:e2:af:47:d0:04:47:73:7d:
                    88:b2:ea:86:de:73:f4:cc:6f:cd:01:5b:0a:df:1d:
                    26:1b:f7:e8:91:c3:cf:8b:4f:ad:cf:28:f0:6c:bf:
                    a8:5d:e2:ae:0c:f2:2b:36:b1:66:80:b1:df:bc:83:
                    2e:b5:16:ef:8d:ff:53:43:5f:34:b7:35:ca:51:4a:
                    53:66:92:94:93:9e:91:dc:c2:ae:9e:ed:7a:19:56:
                    5c:13:24:6e:b4:85:a7:f0:8e:4c:a3:58:cc:20:e0:
                    f0:2c:8e:52:b8:32:6d:d6:35:5e:0d:e7:0c:7d:f0:
                    42:34:24:db:ca:b6:e1:cc:4e:47:c2:af:26:1b:33:
                    7e:e5:b1:2b:a7:ba:67:6d:7b:91:1c:80:16:1b:30:
                    06:c9:0d:3e:dc:01:b1:c4:73:bf:d5:ff:f2:57:fa:
                    c1:2a:21:2f:5d:b2:7f:09:a2:bb:a3:dd:96:ad:d5:
                    3d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:F3:8A:F0:D3:57:F4:DD:2F:4D:13:05:AC:91:42:D6:27:7B:DB:08
            X509v3 Authority Key Identifier:
                keyid:9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/LvOK8NNX9N0vTRMFrJFC1id72wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.112.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:ae:0a:1b:a3:97:23:8d:ea:62:76:97:c4:67:75:71:17:06:
         f4:7e:7b:84:c0:40:66:be:9a:fd:8d:dc:27:3a:1e:50:85:06:
         f3:3b:c0:63:c8:a1:6f:8c:e0:10:e5:09:8e:6f:f9:32:0e:83:
         2c:1d:9b:d9:a3:56:b6:17:48:fb:9b:33:a4:d0:2d:87:52:f2:
         c9:ca:49:0c:11:cc:08:1d:dc:0f:b9:5f:b5:f6:28:64:00:b5:
         48:0b:48:39:86:51:b5:c8:23:41:4a:66:d2:51:e9:fa:e2:bf:
         09:7d:bd:4d:fa:c8:b9:6b:c9:9c:47:ac:bc:26:36:64:81:d5:
         f7:7d:03:c3:66:16:bc:a1:ba:c9:1e:6c:09:cb:5e:3e:3b:4d:
         8d:fe:e7:f2:90:d5:1d:f1:84:1e:4e:6b:6e:35:76:88:5a:50:
         99:3c:33:4d:3e:1c:f3:66:50:16:f7:4f:66:15:75:49:45:47:
         9a:81:d2:b7:40:b1:47:5c:cc:59:9e:f1:f8:de:17:12:31:0a:
         0f:71:ca:7b:8d:c5:31:34:cd:b6:64:aa:be:11:a9:30:c9:62:
         b6:d3:20:aa:b4:1e:e2:e0:51:ee:0e:73:16:f0:06:ae:c4:aa:
         ac:fb:02:9d:bb:5b:71:28:22:c6:83:6e:bb:1a:48:a0:50:6c:
         77:f9:40:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAKkdoZMuujAQgkTzddHBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYjUwZTUzODZjODA5YTBmYWU2NTMwYWE1ZThkOTgyNTI1
MWRlZDAwHhcNMjQwMTAxMTIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWYzOGFmMGQzNTdmNGRkMmY0ZDEzMDVhYzkxNDJkNjI3N2JkYjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkbfUaEJ6mFJRKYKD4HvxDqpdmaZ
2cKSpKhfRQsJ7FvlDd290uNlHyTc6tQPAaugmAai4rqrrAeSFc3Bzq8DFS+ANaoy
N/y4o9sFee6wt/zq4q9H0ARHc32IsuqG3nP0zG/NAVsK3x0mG/fokcPPi0+tzyjw
bL+oXeKuDPIrNrFmgLHfvIMutRbvjf9TQ180tzXKUUpTZpKUk56R3MKunu16GVZc
EyRutIWn8I5Mo1jMIODwLI5SuDJt1jVeDecMffBCNCTbyrbhzE5Hwq8mGzN+5bEr
p7pnbXuRHIAWGzAGyQ0+3AGxxHO/1f/yV/rBKiEvXbJ/CaK7o92WrdU9GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7zivDTV/TdL00TBayRQtYne9sIMB8GA1UdIwQY
MBaAFJ61DlOGyAmg+uZTCqXo2YJSUd7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUt
MWNhZGE2ZThiMWE5LzEvTHZPSzhOTlg5TjB2VFJNRnJKRkMxaWQ3MndnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUtMWNhZGE2ZThiMWE5
LzEvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ3CqMA0G
CSqGSIb3DQEBCwUAA4IBAQDQrgobo5cjjepidpfEZ3VxFwb0fnuEwEBmvpr9jdwn
Oh5QhQbzO8BjyKFvjOAQ5QmOb/kyDoMsHZvZo1a2F0j7mzOk0C2HUvLJykkMEcwI
HdwPuV+19ihkALVIC0g5hlG1yCNBSmbSUen64r8Jfb1N+si5a8mcR6y8JjZkgdX3
fQPDZha8obrJHmwJy14+O02N/ufykNUd8YQeTmtuNXaIWlCZPDNNPhzzZlAW909m
FXVJRUeagdK3QLFHXMxZnvH43hcSMQoPccp7jcUxNM22ZKq+EakwyWK20yCqtB7i
4FHuDnMW8AauxKqs+wKdu1txKCLGg267GkigUGx3+UCE
-----END CERTIFICATE-----