Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/rek0X510yoYHyVjkruMPn3RC8-U.roa
File:                     rek0X510yoYHyVjkruMPn3RC8-U.roa (raw, json)
Hash identifier:          izhBQrYPL13WJ5ThAE5jETW8ZiOeCpskIxrDH9eCy1o=
Subject key identifier:   AD:E9:34:5F:9D:74:CA:86:07:C9:58:E4:AE:E3:0F:9F:74:42:F3:E5
Certificate issuer:       /CN=3ad734cf90c773428806b968209515b914831a9d
Certificate serial:       018E9E8699847BD7AF366D695036ECCF40ED
Authority key identifier: 3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/rek0X510yoYHyVjkruMPn3RC8-U.roa
Signing time:             Tue 02 Apr 2024 11:16:45 +0000
ROA not before:           Tue 02 Apr 2024 11:16:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        103.69.224.0/24 maxlen: 24
                          103.69.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9e:86:99:84:7b:d7:af:36:6d:69:50:36:ec:cf:40:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad734cf90c773428806b968209515b914831a9d
        Validity
            Not Before: Apr  2 11:16:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ade9345f9d74ca8607c958e4aee30f9f7442f3e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:6f:13:22:66:13:ba:ba:77:f1:c8:98:e4:bb:
                    dc:a0:34:f7:2f:44:c9:f2:76:f8:bd:a3:ab:95:3f:
                    ae:2e:2b:38:a9:82:b8:84:0f:84:55:45:bb:e7:77:
                    cf:e2:aa:86:33:0f:09:f7:3d:e6:3b:f3:de:bd:bd:
                    6f:65:a1:3d:5b:d3:f6:78:ff:b2:c4:a1:68:8c:b3:
                    6e:2d:5f:f6:8a:16:f5:91:8e:dc:30:5b:c3:1e:63:
                    93:b1:e0:41:44:82:e8:00:c5:88:b7:ff:d5:80:25:
                    7e:bf:78:50:e1:78:a5:06:e7:dc:fd:5b:c2:0b:ca:
                    f0:78:db:b1:cd:16:4e:76:b4:53:b4:13:4a:83:47:
                    04:b8:0d:b9:b7:9c:c9:7b:5b:45:3d:7b:dc:cc:c8:
                    3e:fe:e6:31:cc:be:9c:df:a5:17:2e:d4:31:70:9d:
                    d8:91:a9:f6:ce:6c:6f:ba:52:8b:10:c9:6d:33:2b:
                    94:11:45:b3:8d:b5:37:df:fc:e4:f4:16:7a:c5:ce:
                    dc:fd:7e:eb:f0:a7:66:2f:06:42:66:60:de:17:cb:
                    b9:c1:e4:60:93:fd:06:6f:38:f4:b5:fa:88:33:5e:
                    7b:d0:6e:14:f3:03:ad:9d:ad:53:c5:e1:ab:99:01:
                    9f:08:8a:23:1d:7c:76:71:92:87:09:f5:8c:d8:44:
                    36:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:E9:34:5F:9D:74:CA:86:07:C9:58:E4:AE:E3:0F:9F:74:42:F3:E5
            X509v3 Authority Key Identifier:
                keyid:3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/rek0X510yoYHyVjkruMPn3RC8-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.69.224.0/24
                  103.69.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:83:68:25:a2:26:63:01:84:c8:7f:d3:4f:78:21:07:31:28:
         ee:c9:cb:45:9e:ed:b8:37:52:31:3f:34:7d:c4:e6:a0:55:91:
         4a:fd:07:1f:4b:f7:be:98:41:2d:42:db:a1:6a:bc:c8:55:64:
         50:84:33:a2:1e:df:46:4d:f0:f6:5f:7f:87:5c:5c:9c:a2:f5:
         50:cb:fc:9c:e5:f0:02:26:1c:c9:50:a9:18:53:db:20:96:0e:
         6c:68:17:aa:b5:7e:1a:98:f3:18:0c:21:1b:70:a5:0a:fb:81:
         36:01:8d:fe:da:90:31:b3:b1:35:1a:a0:45:73:fc:ed:55:53:
         bd:77:cf:23:2a:ce:71:5c:8f:13:11:b9:66:a7:c9:c2:5c:e3:
         b4:bd:a0:dd:34:48:49:c1:58:04:0d:43:7d:fc:15:ce:3d:40:
         c4:1c:a8:47:67:3e:8f:6a:1a:ea:44:a6:bf:8e:ed:a6:bf:9c:
         1b:4c:b3:17:f8:ae:47:c0:22:e5:a3:20:46:23:e6:3b:7d:bb:
         05:e2:bb:0b:b8:fa:02:91:be:2d:48:90:7c:a1:10:41:16:31:
         f2:67:5f:46:4a:08:63:e2:49:9d:ac:0c:cb:22:0b:54:6a:11:
         88:72:e1:52:e2:63:65:34:21:5e:c6:81:01:1c:52:ce:0d:30:
         c0:0e:d7:ce
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6ehpmEe9evNm1pUDbsz0DtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDczNGNmOTBjNzczNDI4ODA2Yjk2ODIwOTUxNWI5MTQ4
MzFhOWQwHhcNMjQwNDAyMTExNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGU5MzQ1ZjlkNzRjYTg2MDdjOTU4ZTRhZWUzMGY5Zjc0NDJmM2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhW8TImYTurp38ciY5LvcoDT3L0TJ
8nb4vaOrlT+uLis4qYK4hA+EVUW753fP4qqGMw8J9z3mO/Pevb1vZaE9W9P2eP+y
xKFojLNuLV/2ihb1kY7cMFvDHmOTseBBRILoAMWIt//VgCV+v3hQ4XilBufc/VvC
C8rweNuxzRZOdrRTtBNKg0cEuA25t5zJe1tFPXvczMg+/uYxzL6c36UXLtQxcJ3Y
kan2zmxvulKLEMltMyuUEUWzjbU33/zk9BZ6xc7c/X7r8KdmLwZCZmDeF8u5weRg
k/0Gbzj0tfqIM1570G4U8wOtna1TxeGrmQGfCIojHXx2cZKHCfWM2EQ2OQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK3pNF+ddMqGB8lY5K7jD590QvPlMB8GA1UdIwQY
MBaAFDrXNM+Qx3NCiAa5aCCVFbkUgxqdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMt
NzZhMWQ0ZDgzMTk3LzEvcmVrMFg1MTB5b1lIeVZqa3J1TVBuM1JDOC1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMtNzZhMWQ0ZDgzMTk3
LzEvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ0XgAwQA
Z0XjMA0GCSqGSIb3DQEBCwUAA4IBAQB/g2gloiZjAYTIf9NPeCEHMSjuyctFnu24
N1IxPzR9xOagVZFK/QcfS/e+mEEtQtuharzIVWRQhDOiHt9GTfD2X3+HXFycovVQ
y/yc5fACJhzJUKkYU9sglg5saBeqtX4amPMYDCEbcKUK+4E2AY3+2pAxs7E1GqBF
c/ztVVO9d88jKs5xXI8TEblmp8nCXOO0vaDdNEhJwVgEDUN9/BXOPUDEHKhHZz6P
ahrqRKa/ju2mv5wbTLMX+K5HwCLloyBGI+Y7fbsF4rsLuPoCkb4tSJB8oRBBFjHy
Z19GSghj4kmdrAzLIgtUahGIcuFS4mNlNCFexoEBHFLODTDADtfO
-----END CERTIFICATE-----