Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/eFAtBNJzls8AgaaXT8fjcCX17mA.roa
File:                     eFAtBNJzls8AgaaXT8fjcCX17mA.roa (raw, json)
Hash identifier:          GPQ9iMR4UR3PGXp7FlfdeNJSrFumQ8WzN02VnHoIJ84=
Subject key identifier:   78:50:2D:04:D2:73:96:CF:00:81:A6:97:4F:C7:E3:70:25:F5:EE:60
Certificate issuer:       /CN=3ad734cf90c773428806b968209515b914831a9d
Certificate serial:       019421442E6D9E91A4333AC712B29049CD17
Authority key identifier: 3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/eFAtBNJzls8AgaaXT8fjcCX17mA.roa
Signing time:             Wed 01 Jan 2025 09:48:23 +0000
ROA not before:           Wed 01 Jan 2025 09:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215189
IP address blocks:        103.69.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 04:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:2e:6d:9e:91:a4:33:3a:c7:12:b2:90:49:cd:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad734cf90c773428806b968209515b914831a9d
        Validity
            Not Before: Jan  1 09:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78502d04d27396cf0081a6974fc7e37025f5ee60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:14:73:b8:10:6f:1e:b5:61:a9:78:71:4a:cd:
                    1c:4d:b6:53:96:a3:a7:57:d7:e8:14:4e:c5:45:12:
                    63:22:4f:c6:d3:c2:85:63:33:c2:da:b5:a1:6b:7c:
                    33:26:5a:0f:3c:1b:62:12:d3:d5:c9:bf:d8:50:c7:
                    44:65:19:35:48:c0:fe:06:39:96:45:dd:f5:e3:2c:
                    af:80:54:57:f5:5d:4b:85:a0:ce:a9:3f:aa:31:35:
                    07:91:5d:c0:ee:e1:87:40:63:af:67:08:9a:60:25:
                    2a:74:26:3a:64:b9:92:cb:92:15:6a:1d:3b:9f:9e:
                    fe:b7:96:16:e3:3f:ba:a0:09:e3:ab:85:49:18:c8:
                    78:02:c7:82:35:eb:30:c3:0f:3d:47:4f:55:b2:bb:
                    62:ae:5e:e0:e4:13:86:98:14:ce:8a:82:2f:30:dc:
                    38:71:e6:15:87:a8:f6:93:25:ea:9d:14:7a:91:16:
                    cf:f2:37:b8:1f:c8:d5:55:cc:c0:84:68:3b:42:34:
                    1a:93:4f:83:d2:bb:ae:3a:03:e7:80:5b:b5:cb:49:
                    05:45:e3:16:9c:f2:76:a2:5d:56:87:98:b3:23:a3:
                    01:26:94:4c:65:05:44:70:f9:90:b9:29:af:1c:0d:
                    c3:5a:9a:51:b4:73:86:2e:c0:5d:ec:98:90:94:94:
                    3b:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:50:2D:04:D2:73:96:CF:00:81:A6:97:4F:C7:E3:70:25:F5:EE:60
            X509v3 Authority Key Identifier:
                keyid:3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/eFAtBNJzls8AgaaXT8fjcCX17mA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.69.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:a1:85:6c:16:95:53:3a:e4:dc:c3:d9:3c:52:b9:a2:a5:fe:
         0b:6d:73:83:ce:68:0f:b9:aa:f4:37:a6:bc:66:cc:99:a7:b3:
         26:8c:63:67:22:d2:08:6d:42:57:83:a0:87:18:85:de:d3:45:
         ac:b7:78:c2:fb:cb:29:52:41:f4:b2:51:7f:58:f2:18:23:ad:
         29:1a:d5:05:1f:e2:27:4e:b1:20:01:20:a8:9f:38:52:09:5d:
         13:15:d1:65:ef:c5:c6:9d:73:6e:69:19:02:e4:18:09:28:8d:
         83:56:e4:55:ce:cc:d4:41:02:ca:cc:77:40:f3:60:06:80:d3:
         bd:86:eb:89:41:89:21:4a:29:f5:59:74:f9:44:32:39:da:89:
         24:c0:b6:59:5c:a2:29:aa:b6:cf:ef:00:dc:eb:16:35:86:28:
         d0:d8:67:48:ab:c2:fd:ab:04:dc:7a:0c:30:09:ad:5f:da:84:
         bf:79:cb:19:df:75:de:2c:b2:8d:ce:5f:de:f6:57:56:ab:96:
         74:d3:68:f7:ba:12:03:79:30:37:98:b8:74:67:2a:a8:4f:a5:
         9a:51:98:20:e8:56:4d:96:d2:e2:1f:eb:48:14:85:a1:7a:9d:
         cd:92:3f:87:27:03:62:e0:bc:16:78:9b:27:1a:12:a8:8f:a4:
         8e:2c:38:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRC5tnpGkMzrHErKQSc0XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDczNGNmOTBjNzczNDI4ODA2Yjk2ODIwOTUxNWI5MTQ4
MzFhOWQwHhcNMjUwMTAxMDk0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODUwMmQwNGQyNzM5NmNmMDA4MWE2OTc0ZmM3ZTM3MDI1ZjVlZTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRRzuBBvHrVhqXhxSs0cTbZTlqOn
V9foFE7FRRJjIk/G08KFYzPC2rWha3wzJloPPBtiEtPVyb/YUMdEZRk1SMD+BjmW
Rd314yyvgFRX9V1LhaDOqT+qMTUHkV3A7uGHQGOvZwiaYCUqdCY6ZLmSy5IVah07
n57+t5YW4z+6oAnjq4VJGMh4AseCNeswww89R09Vsrtirl7g5BOGmBTOioIvMNw4
ceYVh6j2kyXqnRR6kRbP8je4H8jVVczAhGg7QjQak0+D0ruuOgPngFu1y0kFReMW
nPJ2ol1Wh5izI6MBJpRMZQVEcPmQuSmvHA3DWppRtHOGLsBd7JiQlJQ7CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhQLQTSc5bPAIGml0/H43Al9e5gMB8GA1UdIwQY
MBaAFDrXNM+Qx3NCiAa5aCCVFbkUgxqdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMt
NzZhMWQ0ZDgzMTk3LzEvZUZBdEJOSnpsczhBZ2FhWFQ4ZmpjQ1gxN21BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMtNzZhMWQ0ZDgzMTk3
LzEvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ0XhMA0G
CSqGSIb3DQEBCwUAA4IBAQCeoYVsFpVTOuTcw9k8Urmipf4LbXODzmgPuar0N6a8
ZsyZp7MmjGNnItIIbUJXg6CHGIXe00Wst3jC+8spUkH0slF/WPIYI60pGtUFH+In
TrEgASConzhSCV0TFdFl78XGnXNuaRkC5BgJKI2DVuRVzszUQQLKzHdA82AGgNO9
huuJQYkhSin1WXT5RDI52okkwLZZXKIpqrbP7wDc6xY1hijQ2GdIq8L9qwTcegww
Ca1f2oS/ecsZ33XeLLKNzl/e9ldWq5Z002j3uhIDeTA3mLh0ZyqoT6WaUZgg6FZN
ltLiH+tIFIWhep3Nkj+HJwNi4LwWeJsnGhKoj6SOLDgo
-----END CERTIFICATE-----