Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/kyO2s_uouWdsc4JSIxsuYqwLmg4.roa
File:                     kyO2s_uouWdsc4JSIxsuYqwLmg4.roa (raw, json)
Hash identifier:          c9bnx79wrEQGDmctrXb3b6jgPOuJuHQshYulATn8NYs=
Subject key identifier:   93:23:B6:B3:FB:A8:B9:67:6C:73:82:52:23:1B:2E:62:AC:0B:9A:0E
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       019424B3A4BD0BE9BF1425789807D6BC84D9
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/kyO2s_uouWdsc4JSIxsuYqwLmg4.roa
Signing time:             Thu 02 Jan 2025 01:49:00 +0000
ROA not before:           Thu 02 Jan 2025 01:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205175
IP address blocks:        103.100.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:a4:bd:0b:e9:bf:14:25:78:98:07:d6:bc:84:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  2 01:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9323b6b3fba8b9676c738252231b2e62ac0b9a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:17:7a:7d:3d:1f:a9:3d:a5:63:65:56:79:9b:
                    9a:8e:b3:ca:7a:4a:3e:34:47:eb:7c:cf:e4:e5:d8:
                    fd:b7:3b:8c:d8:1b:e4:bc:73:32:08:41:54:4f:06:
                    57:90:fd:14:e1:37:5a:e7:ee:c9:af:69:83:8b:fa:
                    5c:0a:90:56:1d:3a:0b:50:0e:78:4a:74:6d:9c:9a:
                    ad:3a:2b:a5:19:5d:77:71:c7:7b:f4:db:8b:c9:af:
                    2c:3e:36:44:bc:54:55:cb:c8:ca:ae:c7:2b:92:f8:
                    d1:46:c2:48:88:7b:17:c5:a5:e1:60:e3:32:60:5c:
                    17:10:a0:86:69:a4:70:4b:fd:21:30:2a:e4:bf:16:
                    3f:f6:9a:57:1f:e8:54:73:89:9e:b2:1a:25:c9:2f:
                    7c:f4:36:0b:10:84:1e:08:3e:46:46:a9:75:62:01:
                    96:11:66:90:e5:39:5b:ed:73:6f:91:ed:4c:16:19:
                    b1:17:d4:00:42:df:e6:0a:be:f7:f2:e5:df:10:d9:
                    82:54:0e:b5:86:cb:e0:2a:53:e5:75:e9:49:2b:04:
                    08:72:1f:18:1d:34:72:7d:c0:3f:4f:e2:89:d6:be:
                    bc:be:8f:86:aa:0e:0b:b7:93:10:4f:0b:66:ac:10:
                    52:5f:6f:99:b4:ce:12:b7:67:9a:5f:5a:95:03:d3:
                    23:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:23:B6:B3:FB:A8:B9:67:6C:73:82:52:23:1B:2E:62:AC:0B:9A:0E
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/kyO2s_uouWdsc4JSIxsuYqwLmg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.100.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:ff:98:04:35:3f:4a:d6:38:cd:49:09:39:22:10:d2:e5:84:
         9a:dc:14:2e:1c:75:ce:fc:65:b5:c4:8b:0e:fe:1d:9c:d6:e4:
         11:34:ea:67:b1:30:76:3b:23:a9:06:a0:80:13:16:b0:1e:f1:
         69:31:60:03:23:ce:35:b4:f8:a8:60:45:4d:f4:be:04:89:ce:
         6e:2f:82:d7:df:26:eb:66:be:33:d0:9c:82:d8:a9:f5:5a:b8:
         66:f0:09:50:f4:b1:3b:4e:bb:d3:30:96:c0:50:e8:0f:1a:62:
         b4:b6:d0:e9:6c:eb:c8:00:42:87:44:da:96:9d:74:d0:74:37:
         5c:34:05:df:1b:7b:41:9c:d0:1f:f9:e1:ba:19:34:bd:b2:98:
         64:b6:f8:24:c8:a0:59:b8:6f:3d:94:ff:dd:cb:0b:e2:6e:4d:
         28:b3:51:db:bc:98:8d:cf:f5:55:bd:b2:53:d6:0c:61:d5:e9:
         69:42:fc:2b:6e:5e:bf:4e:78:22:01:18:a9:a9:6c:fa:e5:20:
         83:fa:99:a8:df:15:c7:78:88:18:dc:e8:c8:10:06:b5:9e:d3:
         e5:ed:14:02:0b:87:36:08:35:2a:e2:46:a0:fa:21:9e:d9:83:
         f4:db:9b:22:3c:50:3a:fb:97:8c:c6:12:4b:2b:4c:c0:71:6b:
         5d:e3:c2:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks6S9C+m/FCV4mAfWvITZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjUwMTAyMDE0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzIzYjZiM2ZiYThiOTY3NmM3MzgyNTIyMzFiMmU2MmFjMGI5YTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBd6fT0fqT2lY2VWeZuajrPKeko+
NEfrfM/k5dj9tzuM2BvkvHMyCEFUTwZXkP0U4Tda5+7Jr2mDi/pcCpBWHToLUA54
SnRtnJqtOiulGV13ccd79NuLya8sPjZEvFRVy8jKrscrkvjRRsJIiHsXxaXhYOMy
YFwXEKCGaaRwS/0hMCrkvxY/9ppXH+hUc4mesholyS989DYLEIQeCD5GRql1YgGW
EWaQ5Tlb7XNvke1MFhmxF9QAQt/mCr738uXfENmCVA61hsvgKlPldelJKwQIch8Y
HTRyfcA/T+KJ1r68vo+Gqg4Lt5MQTwtmrBBSX2+ZtM4St2eaX1qVA9MjqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJMjtrP7qLlnbHOCUiMbLmKsC5oOMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEva3lPMnNfdW91V2RzYzRKU0l4c3VZcXdMbWc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ2SpMA0G
CSqGSIb3DQEBCwUAA4IBAQAC/5gENT9K1jjNSQk5IhDS5YSa3BQuHHXO/GW1xIsO
/h2c1uQRNOpnsTB2OyOpBqCAExawHvFpMWADI841tPioYEVN9L4Eic5uL4LX3ybr
Zr4z0JyC2Kn1Wrhm8AlQ9LE7TrvTMJbAUOgPGmK0ttDpbOvIAEKHRNqWnXTQdDdc
NAXfG3tBnNAf+eG6GTS9sphktvgkyKBZuG89lP/dywvibk0os1HbvJiNz/VVvbJT
1gxh1elpQvwrbl6/TngiARipqWz65SCD+pmo3xXHeIgY3OjIEAa1ntPl7RQCC4c2
CDUq4kag+iGe2YP025siPFA6+5eMxhJLK0zAcWtd48IZ
-----END CERTIFICATE-----