Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/B5L78kMZjfF6xEU-mfkn1kerOoU.roa
File:                     B5L78kMZjfF6xEU-mfkn1kerOoU.roa (raw, json)
Hash identifier:          kmrRbd4yFRphLjSRWx1wU1He+wZW/sqsoQpW9c9IBwg=
Subject key identifier:   07:92:FB:F2:43:19:8D:F1:7A:C4:45:3E:99:F9:27:D6:47:AB:3A:85
Certificate issuer:       /CN=3ad734cf90c773428806b968209515b914831a9d
Certificate serial:       019251E92CF78A5574C63F55E4224A78EDAE
Authority key identifier: 3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/B5L78kMZjfF6xEU-mfkn1kerOoU.roa
Signing time:             Thu 03 Oct 2024 10:24:48 +0000
ROA not before:           Thu 03 Oct 2024 10:24:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214140
IP address blocks:        103.69.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:e9:2c:f7:8a:55:74:c6:3f:55:e4:22:4a:78:ed:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad734cf90c773428806b968209515b914831a9d
        Validity
            Not Before: Oct  3 10:24:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0792fbf243198df17ac4453e99f927d647ab3a85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:97:53:ff:56:51:6c:37:bb:f8:1a:8b:c5:4a:
                    9c:f3:9b:0e:c1:f2:9b:1f:98:bd:cd:ce:9d:9f:ac:
                    d1:51:38:3b:3d:cd:60:ea:65:31:4a:3d:b8:06:55:
                    4d:e7:05:86:28:7a:e1:89:0f:a7:e5:0e:e1:db:a7:
                    68:ea:85:d8:e3:f3:ca:90:71:43:17:9a:0e:3e:8b:
                    7b:a1:39:c2:73:e4:c6:3e:c6:e4:ae:62:6c:2a:b3:
                    48:6d:fe:1d:48:de:c0:29:20:bf:85:cf:20:43:f0:
                    ea:f7:86:97:3b:af:b7:bc:13:f8:eb:f7:c0:34:5d:
                    4f:85:0b:53:2b:86:85:67:87:6e:5b:d8:b9:8a:5b:
                    14:a7:ae:b7:9b:e8:44:86:36:29:0d:9f:5d:30:39:
                    e8:84:28:aa:ec:a8:d8:4b:23:c8:ca:e7:fe:76:93:
                    24:5b:b8:31:02:c3:41:49:1a:dd:3a:38:0f:3f:15:
                    6f:73:22:0c:f9:b9:74:1d:85:fe:ab:fe:78:b5:15:
                    0e:8c:8a:71:13:03:15:07:e0:4e:25:51:44:0f:1a:
                    b6:2d:1f:31:c0:ad:55:8e:db:5c:b0:d1:33:51:96:
                    d7:fd:84:2c:0a:7a:60:8a:cb:4b:af:1b:04:a7:b9:
                    43:d6:e6:1e:fc:2f:5f:59:c9:04:6c:8b:12:54:5c:
                    ea:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:92:FB:F2:43:19:8D:F1:7A:C4:45:3E:99:F9:27:D6:47:AB:3A:85
            X509v3 Authority Key Identifier:
                keyid:3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/B5L78kMZjfF6xEU-mfkn1kerOoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.69.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:be:f5:05:ab:fe:27:02:86:e1:04:5f:4b:13:4e:f1:69:09:
         ad:4a:d4:d8:ca:5c:a1:d6:46:84:56:5a:22:58:fb:f1:58:35:
         28:63:32:44:86:e8:36:77:39:60:af:88:a8:8b:2d:4a:38:05:
         ac:52:98:61:c1:22:c1:53:5d:66:ad:43:cb:79:b7:ec:05:aa:
         df:a8:de:08:2f:56:2c:9f:6d:2f:37:49:92:fa:01:53:92:ca:
         56:ff:e2:9c:a1:d3:03:28:2e:cb:c6:73:13:c9:81:22:06:cf:
         95:33:18:2e:b5:70:88:3b:b1:99:eb:44:bc:2d:86:f0:93:ed:
         df:6f:43:1a:84:e2:4c:b0:70:d8:97:fe:63:f4:05:90:5a:c3:
         21:a6:3b:e5:96:68:65:2a:36:24:f5:ea:46:0e:cf:01:d8:88:
         01:e4:ce:36:c0:a4:0d:de:0e:78:96:18:18:a4:82:b1:e5:25:
         a4:e9:76:64:53:34:5b:19:8f:fa:f0:31:fc:45:70:2c:e7:65:
         5c:77:76:26:3d:97:0e:68:66:4a:fd:bf:98:67:de:e2:4c:55:
         db:a7:d0:ef:ab:f5:ed:a0:54:2c:04:5a:14:b7:8e:1f:c0:fa:
         91:c6:18:fa:92:29:9e:76:d2:0a:3b:c6:12:22:0a:82:4b:1a:
         85:42:2e:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJR6Sz3ilV0xj9V5CJKeO2uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDczNGNmOTBjNzczNDI4ODA2Yjk2ODIwOTUxNWI5MTQ4
MzFhOWQwHhcNMjQxMDAzMTAyNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzkyZmJmMjQzMTk4ZGYxN2FjNDQ1M2U5OWY5MjdkNjQ3YWIzYTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpdT/1ZRbDe7+BqLxUqc85sOwfKb
H5i9zc6dn6zRUTg7Pc1g6mUxSj24BlVN5wWGKHrhiQ+n5Q7h26do6oXY4/PKkHFD
F5oOPot7oTnCc+TGPsbkrmJsKrNIbf4dSN7AKSC/hc8gQ/Dq94aXO6+3vBP46/fA
NF1PhQtTK4aFZ4duW9i5ilsUp663m+hEhjYpDZ9dMDnohCiq7KjYSyPIyuf+dpMk
W7gxAsNBSRrdOjgPPxVvcyIM+bl0HYX+q/54tRUOjIpxEwMVB+BOJVFEDxq2LR8x
wK1VjttcsNEzUZbX/YQsCnpgistLrxsEp7lD1uYe/C9fWckEbIsSVFzqiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAeS+/JDGY3xesRFPpn5J9ZHqzqFMB8GA1UdIwQY
MBaAFDrXNM+Qx3NCiAa5aCCVFbkUgxqdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMt
NzZhMWQ0ZDgzMTk3LzEvQjVMNzhrTVpqZkY2eEVVLW1ma24xa2VyT29VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMtNzZhMWQ0ZDgzMTk3
LzEvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ0XjMA0G
CSqGSIb3DQEBCwUAA4IBAQAyvvUFq/4nAobhBF9LE07xaQmtStTYylyh1kaEVloi
WPvxWDUoYzJEhug2dzlgr4ioiy1KOAWsUphhwSLBU11mrUPLebfsBarfqN4IL1Ys
n20vN0mS+gFTkspW/+KcodMDKC7LxnMTyYEiBs+VMxgutXCIO7GZ60S8LYbwk+3f
b0MahOJMsHDYl/5j9AWQWsMhpjvllmhlKjYk9epGDs8B2IgB5M42wKQN3g54lhgY
pIKx5SWk6XZkUzRbGY/68DH8RXAs52Vcd3YmPZcOaGZK/b+YZ97iTFXbp9Dvq/Xt
oFQsBFoUt44fwPqRxhj6kimedtIKO8YSIgqCSxqFQi73
-----END CERTIFICATE-----