Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/LFy6DKQCFus74fn_BfJfNICyLMo.roa
File:                     LFy6DKQCFus74fn_BfJfNICyLMo.roa (raw, json)
Hash identifier:          lfdfm9JQbeDfCF8E13d1bDjYeAIUw6/8Ah1FqhBU2Oc=
Subject key identifier:   2C:5C:BA:0C:A4:02:16:EB:3B:E1:F9:FF:05:F2:5F:34:80:B2:2C:CA
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       0192298361E278E8BC01CBA0E9B2F8D87101
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/LFy6DKQCFus74fn_BfJfNICyLMo.roa
Signing time:             Wed 25 Sep 2024 14:08:48 +0000
ROA not before:           Wed 25 Sep 2024 14:08:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216183
IP address blocks:        103.17.98.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:29:83:61:e2:78:e8:bc:01:cb:a0:e9:b2:f8:d8:71:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Sep 25 14:08:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c5cba0ca40216eb3be1f9ff05f25f3480b22cca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:11:f6:d2:59:ab:cc:b5:cb:ce:fa:71:cb:02:
                    e9:3a:43:bf:09:9b:82:f1:4c:a8:39:49:b7:ff:b1:
                    df:0b:7c:87:3e:e0:36:ca:3d:cd:45:05:e3:16:e2:
                    6e:f8:85:93:a3:5f:1a:b3:35:51:ff:79:19:a9:66:
                    06:67:b1:b3:80:1b:4e:68:71:47:ac:2f:8d:0b:d7:
                    eb:8c:72:d9:c0:15:c4:a6:78:42:a6:8a:2d:50:27:
                    33:17:ee:b7:25:e5:c0:52:99:f2:2e:00:69:3e:47:
                    ec:ec:f8:04:95:ef:80:07:4d:c6:84:20:a8:81:da:
                    af:67:4e:73:e7:a2:f0:c6:05:2b:92:97:1b:77:86:
                    02:92:0f:e7:bf:f9:d6:c9:f1:a4:51:53:11:4d:07:
                    86:c0:b5:8b:17:79:26:9e:32:f9:9a:c9:1a:05:6d:
                    09:d1:d6:84:8f:f5:98:8f:ea:77:55:09:41:09:b3:
                    53:21:fb:92:47:84:6d:9d:ea:54:81:46:a4:9d:e0:
                    f5:18:2e:77:4b:26:a4:17:4f:ca:b9:1b:20:58:e1:
                    0f:92:bf:70:50:ab:d9:74:85:92:36:58:81:0c:0d:
                    39:d6:39:9c:a8:a6:8c:3b:64:5a:d7:95:cd:a2:31:
                    05:4d:69:7c:14:87:68:1b:25:f0:63:8d:11:a9:32:
                    aa:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:5C:BA:0C:A4:02:16:EB:3B:E1:F9:FF:05:F2:5F:34:80:B2:2C:CA
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/LFy6DKQCFus74fn_BfJfNICyLMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.17.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:cb:35:76:5a:f7:3a:e3:4f:e4:be:b2:46:48:e0:6a:7c:3c:
         27:fc:7a:d9:c8:87:3c:29:f8:21:5e:ea:2d:99:0a:8a:36:c2:
         dc:63:14:d4:d6:84:5f:58:53:05:6e:7e:b9:77:d4:a4:48:d1:
         09:7e:91:de:32:6e:90:1b:ea:9e:62:21:ff:2b:11:fb:fa:ec:
         55:cf:b1:e0:66:be:6a:e0:e7:4e:67:8a:11:6d:fb:67:a8:3a:
         10:38:65:17:23:51:f9:31:4f:53:e3:6e:2b:94:32:1e:c8:4b:
         84:e0:a1:51:be:07:90:3b:91:df:4f:e5:a2:c2:e3:56:4b:46:
         d2:bb:82:cf:ad:86:c8:de:92:c0:3d:4c:99:03:40:7e:2a:15:
         52:09:55:b7:64:d1:a0:83:ba:8d:00:0a:8c:c9:4b:f0:8c:d4:
         22:db:b2:7c:98:ea:2f:b8:3e:7a:ac:cf:f8:4f:87:26:c5:33:
         22:20:f2:26:eb:44:e9:ff:60:d1:f9:a8:6d:4f:f6:c8:46:4d:
         d2:c4:f9:3f:43:09:e5:27:3e:e8:1c:5b:d4:9b:e3:dc:39:4a:
         c2:9d:77:1c:f9:e9:6c:e2:32:be:eb:14:e0:f1:7f:c3:ae:c1:
         64:ed:11:a9:4e:38:49:c2:db:9c:ce:ba:c6:0b:ce:99:8a:cf:
         15:c6:c8:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIpg2HieOi8Acug6bL42HEBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwOTI1MTQwODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzVjYmEwY2E0MDIxNmViM2JlMWY5ZmYwNWYyNWYzNDgwYjIyY2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hH20lmrzLXLzvpxywLpOkO/CZuC
8UyoOUm3/7HfC3yHPuA2yj3NRQXjFuJu+IWTo18aszVR/3kZqWYGZ7GzgBtOaHFH
rC+NC9frjHLZwBXEpnhCpootUCczF+63JeXAUpnyLgBpPkfs7PgEle+AB03GhCCo
gdqvZ05z56LwxgUrkpcbd4YCkg/nv/nWyfGkUVMRTQeGwLWLF3kmnjL5mskaBW0J
0daEj/WYj+p3VQlBCbNTIfuSR4RtnepUgUakneD1GC53SyakF0/KuRsgWOEPkr9w
UKvZdIWSNliBDA051jmcqKaMO2Ra15XNojEFTWl8FIdoGyXwY40RqTKq1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxcugykAhbrO+H5/wXyXzSAsizKMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvTEZ5NkRLUUNGdXM3NGZuX0JmSmZOSUN5TE1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZxFiMA0G
CSqGSIb3DQEBCwUAA4IBAQClyzV2Wvc640/kvrJGSOBqfDwn/HrZyIc8KfghXuot
mQqKNsLcYxTU1oRfWFMFbn65d9SkSNEJfpHeMm6QG+qeYiH/KxH7+uxVz7HgZr5q
4OdOZ4oRbftnqDoQOGUXI1H5MU9T424rlDIeyEuE4KFRvgeQO5HfT+WiwuNWS0bS
u4LPrYbI3pLAPUyZA0B+KhVSCVW3ZNGgg7qNAAqMyUvwjNQi27J8mOovuD56rM/4
T4cmxTMiIPIm60Tp/2DR+ahtT/bIRk3SxPk/QwnlJz7oHFvUm+PcOUrCnXcc+els
4jK+6xTg8X/DrsFk7RGpTjhJwtuczrrGC86Zis8VxshI
-----END CERTIFICATE-----