Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/aMmHMduYZ-B1Ova9u_loL6K-R1Y.roa
File:                     aMmHMduYZ-B1Ova9u_loL6K-R1Y.roa (raw, json)
Hash identifier:          tYeILDESij/TXhHueinvIf50j/kOPZ2I0HdHb2la9F0=
Subject key identifier:   68:C9:87:31:DB:98:67:E0:75:3A:F6:BD:BB:F9:68:2F:A2:BE:47:56
Certificate issuer:       /CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
Certificate serial:       018F05920CFD09BC36908D5ACD64718A14D0
Authority key identifier: 9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/aMmHMduYZ-B1Ova9u_loL6K-R1Y.roa
Signing time:             Mon 22 Apr 2024 11:30:08 +0000
ROA not before:           Mon 22 Apr 2024 11:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213220
IP address blocks:        103.76.86.0/24 maxlen: 24
                          203.189.232.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:92:0c:fd:09:bc:36:90:8d:5a:cd:64:71:8a:14:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
        Validity
            Not Before: Apr 22 11:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68c98731db9867e0753af6bdbbf9682fa2be4756
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:5f:6e:cb:d4:d4:d0:19:0c:8f:83:10:1d:85:
                    1e:95:e7:52:ab:66:7a:6c:36:fa:f8:61:e0:bd:53:
                    6b:e0:30:84:83:1c:bc:72:f6:18:83:3a:7b:76:8a:
                    08:20:70:94:b8:82:44:ee:7a:9d:ea:b4:76:7e:07:
                    0d:5f:23:d1:42:a3:13:f7:53:ea:4c:8b:e7:32:61:
                    57:89:b8:d3:8d:29:38:d4:11:88:40:39:e8:a2:50:
                    89:69:c5:2c:16:81:81:3b:8b:45:fc:79:e3:ca:a6:
                    d2:2d:4c:2b:ba:7a:f7:87:7b:32:1c:63:d3:5f:37:
                    90:03:63:af:b7:27:f3:23:db:1e:48:fb:25:e4:1e:
                    25:e1:6b:64:6d:f8:45:4f:44:73:aa:b7:bb:9f:9d:
                    62:fa:dd:76:3a:db:51:6f:cf:8d:87:bc:01:6c:b4:
                    81:25:ba:52:f8:a1:66:c3:11:46:5c:fe:dc:f9:6c:
                    54:4d:38:02:fe:84:f3:a3:af:97:ba:0d:06:89:3e:
                    92:83:a9:5c:75:ce:e8:64:09:72:8e:39:d6:99:90:
                    09:d2:d5:8a:ee:fb:fd:dc:16:f8:ed:cb:5c:db:6c:
                    66:5b:e6:ee:9c:e5:c6:05:cf:d5:ac:1c:2a:5f:96:
                    d9:06:99:fe:32:77:91:92:69:2c:e7:06:ff:03:36:
                    2c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:C9:87:31:DB:98:67:E0:75:3A:F6:BD:BB:F9:68:2F:A2:BE:47:56
            X509v3 Authority Key Identifier:
                keyid:9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/aMmHMduYZ-B1Ova9u_loL6K-R1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.76.86.0/24
                  203.189.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:60:8e:8d:e0:8a:49:e6:a4:69:89:43:89:57:04:34:fa:d0:
         15:85:6e:11:56:7f:6f:6e:e5:68:96:c6:90:37:c6:1b:87:c0:
         da:7d:9c:f1:21:6d:f0:26:b0:77:f8:4e:e1:d5:d2:d3:18:3e:
         0b:1c:e6:95:d4:05:0c:12:91:bb:0f:41:3e:70:71:5c:3e:3d:
         35:09:40:51:2f:db:b1:cc:f4:d2:02:1e:f9:aa:c8:a5:9d:4b:
         7c:b4:74:89:09:8c:d9:98:da:14:06:e4:33:47:6a:50:96:9f:
         27:f9:07:91:d1:8a:da:ae:cf:70:56:35:24:83:7f:38:c5:ee:
         27:40:4a:de:2a:85:5f:fc:b6:b7:ca:44:1f:6b:95:2e:43:1c:
         e9:65:55:37:38:11:0d:16:1a:52:01:f4:ef:74:4b:ec:a0:2a:
         0e:c9:a7:8c:81:5b:35:e5:70:fc:5d:ef:fe:ec:52:4c:c8:d4:
         4a:80:18:a2:2e:9a:a9:b5:78:95:41:cd:a4:dc:17:ff:76:dd:
         47:1b:02:0c:6a:4b:dc:fe:5e:40:71:48:17:ea:5a:f6:d9:89:
         c6:ca:9c:01:fe:24:50:a4:db:99:07:02:e8:33:50:56:a4:22:
         b6:c9:c7:0a:26:3b:25:53:e0:a1:80:66:f8:8f:35:6d:ac:9f:
         86:86:d5:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8Fkgz9Cbw2kI1azWRxihTQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMzEyZTkyOTdiYzFkMjdlYmViNDc2ZGVhMGVlMTVkZDc1
NjU0MmQwHhcNMjQwNDIyMTEzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGM5ODczMWRiOTg2N2UwNzUzYWY2YmRiYmY5NjgyZmEyYmU0NzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiF9uy9TU0BkMj4MQHYUeledSq2Z6
bDb6+GHgvVNr4DCEgxy8cvYYgzp7dooIIHCUuIJE7nqd6rR2fgcNXyPRQqMT91Pq
TIvnMmFXibjTjSk41BGIQDnoolCJacUsFoGBO4tF/HnjyqbSLUwrunr3h3syHGPT
XzeQA2OvtyfzI9seSPsl5B4l4WtkbfhFT0Rzqre7n51i+t12OttRb8+Nh7wBbLSB
JbpS+KFmwxFGXP7c+WxUTTgC/oTzo6+Xug0GiT6Sg6lcdc7oZAlyjjnWmZAJ0tWK
7vv93Bb47ctc22xmW+bunOXGBc/VrBwqX5bZBpn+MneRkmks5wb/AzYswQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGjJhzHbmGfgdTr2vbv5aC+ivkdWMB8GA1UdIwQY
MBaAFJ8xLpKXvB0n6+tHbeoO4V3XVlQtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnpFdWtwZThIU2ZyNjBkdDZnN2hYZGRXVkMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9kZDVhMjgtZGY5ZC00NjI3LTgwOWQt
YmQ1ZDNmMDBmYmIyLzEvYU1tSE1kdVlaLUIxT3ZhOXVfbG9MNkstUjFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9kZDVhMjgtZGY5ZC00NjI3LTgwOWQtYmQ1ZDNmMDBmYmIy
LzEvbnpFdWtwZThIU2ZyNjBkdDZnN2hYZGRXVkMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ0xWAwQB
y73oMA0GCSqGSIb3DQEBCwUAA4IBAQAwYI6N4IpJ5qRpiUOJVwQ0+tAVhW4RVn9v
buVolsaQN8Ybh8DafZzxIW3wJrB3+E7h1dLTGD4LHOaV1AUMEpG7D0E+cHFcPj01
CUBRL9uxzPTSAh75qsilnUt8tHSJCYzZmNoUBuQzR2pQlp8n+QeR0Yrars9wVjUk
g384xe4nQEreKoVf/La3ykQfa5UuQxzpZVU3OBENFhpSAfTvdEvsoCoOyaeMgVs1
5XD8Xe/+7FJMyNRKgBiiLpqptXiVQc2k3Bf/dt1HGwIMakvc/l5AcUgX6lr22YnG
ypwB/iRQpNuZBwLoM1BWpCK2yccKJjslU+ChgGb4jzVtrJ+GhtVJ
-----END CERTIFICATE-----