Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/zEMuIsJ-7VXj202Mqp-6ZqanhQ8.roa
File:                     zEMuIsJ-7VXj202Mqp-6ZqanhQ8.roa (raw, json)
Hash identifier:          bfbMQS+WLHYR1Zum5Fym3iT+ET8S+6xl39D7rwAgmCo=
Subject key identifier:   CC:43:2E:22:C2:7E:ED:55:E3:DB:4D:8C:AA:9F:BA:66:A6:A7:85:0F
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018FEC43594F52810AE2BF9026DCFD8663A8
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/zEMuIsJ-7VXj202Mqp-6ZqanhQ8.roa
Signing time:             Thu 06 Jun 2024 06:36:27 +0000
ROA not before:           Thu 06 Jun 2024 06:36:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151804
IP address blocks:        103.100.170.0/24 maxlen: 24
                          185.235.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ec:43:59:4f:52:81:0a:e2:bf:90:26:dc:fd:86:63:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jun  6 06:36:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc432e22c27eed55e3db4d8caa9fba66a6a7850f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:7c:6d:e1:32:53:76:40:88:79:2d:b7:80:a2:
                    d3:87:76:73:eb:ec:71:dd:b6:8b:ff:3b:4f:47:d0:
                    62:8f:d9:d2:a4:9d:09:fe:7c:1f:e6:c2:37:95:ed:
                    47:95:3d:a0:29:21:2f:4d:4a:89:34:9e:d8:c8:06:
                    e5:7c:fb:a0:57:75:2f:f1:fb:6c:80:67:e0:dd:27:
                    f2:85:ce:42:f7:9a:49:13:b5:1b:a0:f7:fc:ce:c6:
                    29:e7:58:17:82:b8:fc:74:90:1e:a4:52:e6:38:bf:
                    2e:2e:2a:b8:06:91:2a:a7:65:e4:0a:77:2f:13:9d:
                    a1:cb:5a:e1:71:c4:5a:9b:b4:61:cc:9a:09:15:39:
                    84:88:44:2e:48:72:31:f1:68:c3:6a:90:ec:58:56:
                    e4:3d:f8:03:24:e9:77:48:ff:f5:33:6c:65:00:bc:
                    bf:ef:88:69:80:d4:3e:94:48:58:89:39:1d:1e:8a:
                    2d:d9:69:df:67:32:66:f6:06:17:17:aa:77:8b:71:
                    81:8c:ad:f2:c4:40:1a:5d:46:14:11:c5:5a:35:db:
                    f0:27:50:85:9d:2a:60:34:e2:de:aa:b7:27:9e:f9:
                    16:b4:da:ba:d0:cb:37:a1:24:73:f5:69:51:b7:f6:
                    00:49:3d:37:65:8f:87:de:69:80:ad:df:37:7f:45:
                    0b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:43:2E:22:C2:7E:ED:55:E3:DB:4D:8C:AA:9F:BA:66:A6:A7:85:0F
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/zEMuIsJ-7VXj202Mqp-6ZqanhQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.100.170.0/24
                  185.235.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:b2:65:9f:19:f6:53:25:25:f4:6a:79:a2:1e:f1:fe:24:1d:
         39:f4:f3:8f:17:fe:72:38:5a:e5:f9:01:3a:b0:5f:3e:23:db:
         39:d7:f7:b8:7a:f4:45:3e:59:92:45:bd:e8:ba:cb:c8:2c:4f:
         c7:8b:8b:73:d2:d9:7c:18:43:60:70:29:c7:fe:af:5a:39:db:
         04:43:4d:36:82:d3:b5:4d:47:e8:84:9a:1f:9b:1b:d4:da:cb:
         44:45:9c:7f:dd:04:21:e2:67:16:74:70:11:e3:c3:ed:0e:36:
         da:f0:06:7f:dc:62:85:fc:76:86:d9:a3:f1:d2:a5:52:14:7e:
         9f:1e:27:ed:78:ff:4c:b1:d6:2f:9b:c2:cc:d7:bd:6a:2f:9c:
         44:b3:40:36:1a:9f:47:de:02:2c:2f:77:c6:a9:aa:20:33:a9:
         70:97:89:3f:91:72:37:01:3a:b6:df:56:03:89:ee:1d:ce:03:
         0b:f6:93:5a:a3:26:bb:94:b0:6e:85:4d:61:04:e4:bf:bb:45:
         34:69:9e:e2:f1:5b:10:77:c4:65:9d:86:d1:f9:e7:13:09:c3:
         a5:7d:0c:35:bd:ba:ff:63:56:29:23:b9:23:97:04:da:9b:75:
         b6:55:5f:a3:94:10:0f:c9:51:e6:13:ae:70:b0:ac:86:dd:64:
         f7:c8:42:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY/sQ1lPUoEK4r+QJtz9hmOoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwNjA2MDYzNjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzQzMmUyMmMyN2VlZDU1ZTNkYjRkOGNhYTlmYmE2NmE2YTc4NTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3xt4TJTdkCIeS23gKLTh3Zz6+xx
3baL/ztPR9Bij9nSpJ0J/nwf5sI3le1HlT2gKSEvTUqJNJ7YyAblfPugV3Uv8fts
gGfg3Sfyhc5C95pJE7UboPf8zsYp51gXgrj8dJAepFLmOL8uLiq4BpEqp2XkCncv
E52hy1rhccRam7RhzJoJFTmEiEQuSHIx8WjDapDsWFbkPfgDJOl3SP/1M2xlALy/
74hpgNQ+lEhYiTkdHoot2WnfZzJm9gYXF6p3i3GBjK3yxEAaXUYUEcVaNdvwJ1CF
nSpgNOLeqrcnnvkWtNq60Ms3oSRz9WlRt/YAST03ZY+H3mmArd83f0UL2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMxDLiLCfu1V49tNjKqfumamp4UPMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvekVNdUlzSi03VlhqMjAyTXFwLTZacWFuaFE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ2SqAwQA
ueunMA0GCSqGSIb3DQEBCwUAA4IBAQCwsmWfGfZTJSX0anmiHvH+JB059POPF/5y
OFrl+QE6sF8+I9s51/e4evRFPlmSRb3ousvILE/Hi4tz0tl8GENgcCnH/q9aOdsE
Q002gtO1TUfohJofmxvU2stERZx/3QQh4mcWdHAR48PtDjba8AZ/3GKF/HaG2aPx
0qVSFH6fHifteP9MsdYvm8LM171qL5xEs0A2Gp9H3gIsL3fGqaogM6lwl4k/kXI3
ATq231YDie4dzgML9pNaoya7lLBuhU1hBOS/u0U0aZ7i8VsQd8RlnYbR+ecTCcOl
fQw1vbr/Y1YpI7kjlwTam3W2VV+jlBAPyVHmE65wsKyG3WT3yEJr
-----END CERTIFICATE-----