Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/jDRBJTXqU-l0mlBW0i631wxPZt0.roa
File:                     jDRBJTXqU-l0mlBW0i631wxPZt0.roa (raw, json)
Hash identifier:          iDEkyKeMVMFwrMXDKR4bsKp+geBFSFoieBkCq1waIkE=
Subject key identifier:   8C:34:41:25:35:EA:53:E9:74:9A:50:56:D2:2E:B7:D7:0C:4F:66:DD
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       019424B39A40D80442C591AF269377487AC1
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/jDRBJTXqU-l0mlBW0i631wxPZt0.roa
Signing time:             Thu 02 Jan 2025 01:48:57 +0000
ROA not before:           Thu 02 Jan 2025 01:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        103.100.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:9a:40:d8:04:42:c5:91:af:26:93:77:48:7a:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  2 01:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c34412535ea53e9749a5056d22eb7d70c4f66dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:bb:9a:f3:fc:55:af:90:cb:45:18:2d:90:14:
                    a9:d6:2e:30:5b:8c:d0:d9:77:27:61:14:5e:c4:07:
                    03:f5:37:54:d8:77:40:d9:c7:8f:c3:aa:ae:76:94:
                    b2:f1:93:f4:b1:2a:15:bb:5b:97:c0:60:7b:ff:29:
                    66:df:56:4f:51:a9:56:4a:97:79:d4:9f:c1:6f:e0:
                    8b:85:83:05:59:b2:a6:6e:0e:b7:5a:11:5d:ef:c0:
                    ac:5c:41:b7:04:70:a1:62:63:b9:9e:e3:7f:4d:6d:
                    fd:31:55:d2:a8:ea:44:e2:29:ea:22:16:d2:98:c7:
                    ac:e9:79:2f:05:0a:c3:3a:a9:25:b8:ef:18:51:66:
                    c7:5e:fc:82:a8:3d:93:c2:74:ca:a6:8d:c0:14:91:
                    10:02:f7:91:b8:6c:54:2f:1e:3b:c5:b9:c6:1f:e7:
                    a2:6a:1b:f1:83:b3:ab:85:d0:7f:22:b6:fe:23:dc:
                    de:a2:fb:b8:6b:54:a2:b1:5d:ac:81:93:b5:2e:92:
                    9d:70:b2:20:c9:b9:9e:82:c0:b9:92:8f:d9:77:fd:
                    81:bc:75:75:49:7e:f9:77:8b:45:35:da:7f:fd:4c:
                    29:c4:17:46:a8:b4:d7:29:4a:a9:84:ab:93:a0:a1:
                    05:c3:e8:d4:b6:10:be:33:fc:e8:70:61:34:ec:26:
                    85:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:34:41:25:35:EA:53:E9:74:9A:50:56:D2:2E:B7:D7:0C:4F:66:DD
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/jDRBJTXqU-l0mlBW0i631wxPZt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.100.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:d7:9e:44:37:69:6a:44:3c:c1:c1:1a:8c:1b:0e:9d:81:01:
         b6:93:40:22:44:37:64:7f:0d:ea:54:71:bf:72:21:ff:be:81:
         36:77:33:05:9e:b5:7a:ae:ae:a5:44:7b:22:83:f8:34:95:0d:
         c2:d6:f4:b8:15:2a:ed:38:ed:05:71:99:5f:d4:4a:8e:c0:dd:
         d7:0e:d7:4a:77:81:1c:9a:d1:af:40:dc:70:7c:16:37:78:d7:
         6e:ec:c3:46:80:5f:dd:f9:70:ec:0f:7b:72:4d:ea:c2:d3:d6:
         15:a3:9f:12:96:51:18:71:df:49:73:37:77:2f:59:bd:5c:9c:
         04:78:f1:8a:b7:ab:c7:84:a5:2d:6d:3e:fe:8e:86:60:b6:65:
         17:f1:08:20:06:33:7d:b4:53:a9:fe:a8:17:42:cd:b0:7c:00:
         2e:e1:3a:dc:f0:67:e3:45:54:fd:43:2f:53:88:d7:2c:f3:af:
         2e:0b:73:14:13:e9:98:cb:00:c6:b4:0c:d1:60:f7:5e:21:16:
         ee:1f:60:19:8e:90:b5:8e:f3:a1:fc:54:5a:68:c1:61:97:11:
         88:b1:d9:dd:3a:6b:33:b4:d5:9c:3f:7c:16:c9:e9:20:ab:53:
         c9:24:83:46:24:5b:c6:54:eb:ca:8b:7e:80:55:dc:5c:a1:61:
         01:17:38:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks5pA2ARCxZGvJpN3SHrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjUwMTAyMDE0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzM0NDEyNTM1ZWE1M2U5NzQ5YTUwNTZkMjJlYjdkNzBjNGY2NmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurua8/xVr5DLRRgtkBSp1i4wW4zQ
2XcnYRRexAcD9TdU2HdA2cePw6qudpSy8ZP0sSoVu1uXwGB7/ylm31ZPUalWSpd5
1J/Bb+CLhYMFWbKmbg63WhFd78CsXEG3BHChYmO5nuN/TW39MVXSqOpE4inqIhbS
mMes6XkvBQrDOqkluO8YUWbHXvyCqD2TwnTKpo3AFJEQAveRuGxULx47xbnGH+ei
ahvxg7OrhdB/Irb+I9zeovu4a1SisV2sgZO1LpKdcLIgybmegsC5ko/Zd/2BvHV1
SX75d4tFNdp//UwpxBdGqLTXKUqphKuToKEFw+jUthC+M/zocGE07CaF8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIw0QSU16lPpdJpQVtIut9cMT2bdMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvakRSQkpUWHFVLWwwbWxCVzBpNjMxd3hQWnQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ2SrMA0G
CSqGSIb3DQEBCwUAA4IBAQBy155EN2lqRDzBwRqMGw6dgQG2k0AiRDdkfw3qVHG/
ciH/voE2dzMFnrV6rq6lRHsig/g0lQ3C1vS4FSrtOO0FcZlf1EqOwN3XDtdKd4Ec
mtGvQNxwfBY3eNdu7MNGgF/d+XDsD3tyTerC09YVo58SllEYcd9Jczd3L1m9XJwE
ePGKt6vHhKUtbT7+joZgtmUX8QggBjN9tFOp/qgXQs2wfAAu4Trc8GfjRVT9Qy9T
iNcs868uC3MUE+mYywDGtAzRYPdeIRbuH2AZjpC1jvOh/FRaaMFhlxGIsdndOmsz
tNWcP3wWyekgq1PJJINGJFvGVOvKi36AVdxcoWEBFzj4
-----END CERTIFICATE-----