Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/nlWr11m2o9h4NC-tzohScSJdOxg.roa
File:                     nlWr11m2o9h4NC-tzohScSJdOxg.roa (raw, json)
Hash identifier:          A3Wa8TFObznb1XsDpDHOQf+qyyepDtcekiYNrboghKo=
Subject key identifier:   9E:55:AB:D7:59:B6:A3:D8:78:34:2F:AD:CE:88:52:71:22:5D:3B:18
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       019424B3A3404CB6A811E003BAA17F33AAFB
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/nlWr11m2o9h4NC-tzohScSJdOxg.roa
Signing time:             Thu 02 Jan 2025 01:48:59 +0000
ROA not before:           Thu 02 Jan 2025 01:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     151804
IP address blocks:        103.100.170.0/24 maxlen: 24
                          185.235.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:a3:40:4c:b6:a8:11:e0:03:ba:a1:7f:33:aa:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  2 01:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e55abd759b6a3d878342fadce885271225d3b18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:1b:98:0c:a5:79:bf:46:54:5c:d1:44:fe:a6:
                    7d:ba:39:bf:f2:c5:94:a5:b6:33:4d:0c:14:87:0f:
                    96:29:79:54:c5:ca:25:8d:d4:55:cd:b0:0a:35:0b:
                    3b:50:31:fe:9b:76:84:d9:14:aa:84:9f:46:50:8f:
                    e4:13:64:cb:60:4b:3c:b5:94:3b:ce:86:4e:56:83:
                    73:3d:57:51:cb:35:13:fc:49:3b:f7:c7:1f:dc:21:
                    d6:78:8a:7b:67:c7:8e:f7:0b:56:1f:e3:a8:55:90:
                    da:4c:b0:9c:12:c3:9c:13:74:56:cc:49:88:48:70:
                    5f:d3:fa:a7:ed:3a:2e:79:02:58:67:c2:f1:36:af:
                    d1:58:e5:a7:e5:48:1d:24:44:47:04:47:9e:cc:c7:
                    59:2e:48:d6:00:2b:19:d9:a8:07:63:f1:6b:d4:2e:
                    da:b9:0f:9b:2b:f5:60:8a:94:80:8d:91:54:82:ca:
                    8f:e5:b4:5d:a2:5d:0e:4c:55:90:82:8a:88:1e:e5:
                    7b:0f:c2:09:d3:e1:a6:83:af:c6:d0:f8:ed:85:f6:
                    0f:36:ca:5d:bc:d5:f2:8c:45:e8:86:5b:31:b4:b3:
                    5a:2a:91:09:31:a1:2d:64:1b:6f:d3:96:91:64:81:
                    a3:85:89:34:c7:72:45:40:93:84:3a:9f:c7:05:ab:
                    5a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:55:AB:D7:59:B6:A3:D8:78:34:2F:AD:CE:88:52:71:22:5D:3B:18
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/nlWr11m2o9h4NC-tzohScSJdOxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.100.170.0/24
                  185.235.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:85:d0:c7:9c:1c:c3:54:33:73:8e:bb:0e:ea:1e:fd:20:06:
         a2:c5:f2:bf:a7:05:03:59:c1:1e:fa:89:fb:55:3a:5b:9d:f2:
         20:47:2f:a7:e8:11:f1:41:5b:14:57:16:62:4b:aa:02:dc:49:
         0a:bb:f6:04:a8:95:61:c3:7b:33:bb:3f:a7:9f:9d:c2:2b:dd:
         c3:1d:1f:40:ec:8f:26:7d:98:be:fa:c0:b0:7a:f0:51:d6:8d:
         6c:27:4d:8d:33:d8:ee:bb:9c:2e:d0:df:9d:fe:fc:ed:79:28:
         50:55:cc:36:b2:e7:66:62:b3:23:09:62:94:99:68:7d:95:dd:
         6e:4c:8d:26:28:37:a1:21:99:f9:4c:b7:8e:9c:1d:d1:fc:8b:
         11:00:f7:a7:05:da:f5:0e:47:f4:d5:79:34:a4:6d:38:a8:a4:
         81:8f:68:97:2e:97:45:d9:9c:1d:10:3e:42:1b:ea:a8:12:d4:
         10:66:90:c1:62:80:df:6d:c3:af:48:08:f7:36:71:4c:8b:01:
         bf:e4:f2:fb:0b:09:b3:9a:18:3f:e8:32:eb:a0:c0:2e:c5:f1:
         ab:24:80:8c:8f:25:e5:26:04:1e:2e:1b:d7:a5:ed:47:71:4e:
         bc:af:41:05:98:51:ab:15:dd:5d:60:19:b9:74:62:a8:08:00:
         8a:57:34:c9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQks6NATLaoEeADuqF/M6r7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjUwMTAyMDE0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTU1YWJkNzU5YjZhM2Q4NzgzNDJmYWRjZTg4NTI3MTIyNWQzYjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6BuYDKV5v0ZUXNFE/qZ9ujm/8sWU
pbYzTQwUhw+WKXlUxcoljdRVzbAKNQs7UDH+m3aE2RSqhJ9GUI/kE2TLYEs8tZQ7
zoZOVoNzPVdRyzUT/Ek798cf3CHWeIp7Z8eO9wtWH+OoVZDaTLCcEsOcE3RWzEmI
SHBf0/qn7ToueQJYZ8LxNq/RWOWn5UgdJERHBEeezMdZLkjWACsZ2agHY/Fr1C7a
uQ+bK/VgipSAjZFUgsqP5bRdol0OTFWQgoqIHuV7D8IJ0+Gmg6/G0PjthfYPNspd
vNXyjEXohlsxtLNaKpEJMaEtZBtv05aRZIGjhYk0x3JFQJOEOp/HBataeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ5Vq9dZtqPYeDQvrc6IUnEiXTsYMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvbmxXcjExbTJvOWg0TkMtdHpvaFNjU0pkT3hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ2SqAwQA
ueunMA0GCSqGSIb3DQEBCwUAA4IBAQBbhdDHnBzDVDNzjrsO6h79IAaixfK/pwUD
WcEe+on7VTpbnfIgRy+n6BHxQVsUVxZiS6oC3EkKu/YEqJVhw3szuz+nn53CK93D
HR9A7I8mfZi++sCwevBR1o1sJ02NM9juu5wu0N+d/vzteShQVcw2sudmYrMjCWKU
mWh9ld1uTI0mKDehIZn5TLeOnB3R/IsRAPenBdr1Dkf01Xk0pG04qKSBj2iXLpdF
2ZwdED5CG+qoEtQQZpDBYoDfbcOvSAj3NnFMiwG/5PL7Cwmzmhg/6DLroMAuxfGr
JICMjyXlJgQeLhvXpe1HcU68r0EFmFGrFd1dYBm5dGKoCACKVzTJ
-----END CERTIFICATE-----