Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/X_28B36q2XbterSDmv_z2UMD-n4.roa
File:                     X_28B36q2XbterSDmv_z2UMD-n4.roa (raw, json)
Hash identifier:          zfIBMGo14Wp/SaUmAcm1f5PHLwec4iix1goaeGgOOgs=
Subject key identifier:   5F:FD:BC:07:7E:AA:D9:76:ED:7A:B4:83:9A:FF:F3:D9:43:03:FA:7E
Certificate issuer:       /CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
Certificate serial:       0191124828FB54F8E9D8AF15CECE7BDC7958
Authority key identifier: 9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/X_28B36q2XbterSDmv_z2UMD-n4.roa
Signing time:             Fri 02 Aug 2024 08:50:04 +0000
ROA not before:           Fri 02 Aug 2024 08:50:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51847
IP address blocks:        103.76.85.0/24 maxlen: 24
                          116.206.92.0/24 maxlen: 24
                          116.206.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 18:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:12:48:28:fb:54:f8:e9:d8:af:15:ce:ce:7b:dc:79:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
        Validity
            Not Before: Aug  2 08:50:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ffdbc077eaad976ed7ab4839afff3d94303fa7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:25:78:5a:c7:cf:2a:6b:90:10:e2:c0:f4:da:
                    91:24:f8:ed:23:9d:43:91:85:db:18:f1:5e:17:6a:
                    20:44:5c:26:7c:b8:c3:c7:57:d8:c6:c4:91:43:ca:
                    c9:12:40:97:b3:71:1c:0a:46:ba:4d:f9:39:d6:42:
                    45:c8:89:cc:ce:f3:cf:d9:2a:81:bd:0d:b9:0b:61:
                    13:b7:e2:6c:18:77:54:c4:74:6c:24:71:81:c8:f6:
                    e6:62:23:21:e7:88:24:8f:0f:58:d5:fe:f8:7e:7d:
                    a6:c7:82:4c:ef:88:58:00:ec:65:22:8b:6b:be:00:
                    4a:63:e9:54:73:1b:6c:1e:97:f0:13:ea:32:9b:d4:
                    2c:78:fe:24:39:d8:cf:b8:a8:4c:4a:03:73:6e:dd:
                    dd:be:c3:1e:37:f3:9f:0e:73:12:84:c9:13:8a:0f:
                    81:e0:80:ac:51:16:d1:66:f9:89:71:ed:6c:9b:4e:
                    2e:f8:1c:1c:d4:a4:7f:56:09:af:87:64:d7:b9:a3:
                    0e:e1:00:9f:32:eb:dc:66:ec:08:e7:78:24:77:b8:
                    22:e6:61:f9:8d:24:dd:72:19:c1:7a:63:cf:9e:4d:
                    2c:e5:33:37:36:a7:3c:a8:a9:09:02:b9:dd:70:e2:
                    18:2c:9f:a0:98:e7:1a:ec:f9:19:50:92:22:be:b3:
                    14:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:FD:BC:07:7E:AA:D9:76:ED:7A:B4:83:9A:FF:F3:D9:43:03:FA:7E
            X509v3 Authority Key Identifier:
                keyid:9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/X_28B36q2XbterSDmv_z2UMD-n4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.76.85.0/24
                  116.206.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5a:0a:d1:94:ac:8f:7c:8a:b1:b6:af:5c:68:77:1f:21:5c:f0:
         0f:dc:59:40:de:82:a0:b8:22:e3:6e:77:46:e3:6f:17:20:f4:
         3c:aa:f0:81:c6:d3:93:cd:12:fe:e2:ba:9c:49:43:88:b4:3f:
         be:a6:af:ab:1e:d0:5d:3a:76:39:f6:36:f7:6c:1c:db:8d:66:
         6f:c0:4f:dd:6c:98:dc:76:27:e4:dc:ab:5f:3c:89:71:54:64:
         e5:9b:7a:ed:be:c8:ff:46:31:90:44:89:a9:24:1a:97:66:c9:
         1e:30:ea:38:64:75:3e:eb:01:1e:d6:0d:65:1c:25:72:92:df:
         eb:64:aa:02:49:cb:f7:76:b7:06:b6:21:c4:5d:1a:63:71:49:
         ea:4c:17:76:99:b7:38:52:17:d7:81:f4:54:0c:51:31:25:dc:
         5f:5f:fc:7e:61:43:f8:14:c6:8a:4b:34:f4:49:cc:0b:fb:5c:
         a6:41:a2:51:21:24:78:a4:57:81:57:09:13:e7:b2:7a:49:e6:
         05:07:f7:57:6e:f1:45:09:36:7e:b9:99:92:9c:18:a5:26:ce:
         c2:c0:c1:3b:c2:30:aa:ef:5e:85:90:d0:2b:4c:a9:2e:65:97:
         37:ae:92:c9:d3:3b:18:8b:d8:03:04:c3:4a:5b:6a:f4:08:fd:
         03:bf:a0:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZESSCj7VPjp2K8Vzs573HlYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMzEyZTkyOTdiYzFkMjdlYmViNDc2ZGVhMGVlMTVkZDc1
NjU0MmQwHhcNMjQwODAyMDg1MDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmZkYmMwNzdlYWFkOTc2ZWQ3YWI0ODM5YWZmZjNkOTQzMDNmYTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiV4WsfPKmuQEOLA9NqRJPjtI51D
kYXbGPFeF2ogRFwmfLjDx1fYxsSRQ8rJEkCXs3EcCka6Tfk51kJFyInMzvPP2SqB
vQ25C2ETt+JsGHdUxHRsJHGByPbmYiMh54gkjw9Y1f74fn2mx4JM74hYAOxlIotr
vgBKY+lUcxtsHpfwE+oym9QseP4kOdjPuKhMSgNzbt3dvsMeN/OfDnMShMkTig+B
4ICsURbRZvmJce1sm04u+Bwc1KR/Vgmvh2TXuaMO4QCfMuvcZuwI53gkd7gi5mH5
jSTdchnBemPPnk0s5TM3Nqc8qKkJArndcOIYLJ+gmOca7PkZUJIivrMU5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF/9vAd+qtl27Xq0g5r/89lDA/p+MB8GA1UdIwQY
MBaAFJ8xLpKXvB0n6+tHbeoO4V3XVlQtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnpFdWtwZThIU2ZyNjBkdDZnN2hYZGRXVkMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9kZDVhMjgtZGY5ZC00NjI3LTgwOWQt
YmQ1ZDNmMDBmYmIyLzEvWF8yOEIzNnEyWGJ0ZXJTRG12X3oyVU1ELW40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9kZDVhMjgtZGY5ZC00NjI3LTgwOWQtYmQ1ZDNmMDBmYmIy
LzEvbnpFdWtwZThIU2ZyNjBkdDZnN2hYZGRXVkMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ0xVAwQB
dM5cMA0GCSqGSIb3DQEBCwUAA4IBAQBaCtGUrI98irG2r1xodx8hXPAP3FlA3oKg
uCLjbndG428XIPQ8qvCBxtOTzRL+4rqcSUOItD++pq+rHtBdOnY59jb3bBzbjWZv
wE/dbJjcdifk3KtfPIlxVGTlm3rtvsj/RjGQRImpJBqXZskeMOo4ZHU+6wEe1g1l
HCVykt/rZKoCScv3drcGtiHEXRpjcUnqTBd2mbc4UhfXgfRUDFExJdxfX/x+YUP4
FMaKSzT0ScwL+1ymQaJRISR4pFeBVwkT57J6SeYFB/dXbvFFCTZ+uZmSnBilJs7C
wME7wjCq716FkNArTKkuZZc3rpLJ0zsYi9gDBMNKW2r0CP0Dv6Ax
-----END CERTIFICATE-----