Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/nbYaNMw-WvyaH8ik8DImWgNrNN4.roa
File:                     nbYaNMw-WvyaH8ik8DImWgNrNN4.roa (raw, json)
Hash identifier:          ttuG0dJsujIOcptK4bp4xNMyJlxTec7+ORDZE4AqqXg=
Subject key identifier:   9D:B6:1A:34:CC:3E:5A:FC:9A:1F:C8:A4:F0:32:26:5A:03:6B:34:DE
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       018EDA0DE2B0506509C192849E4CBB97EC0C
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/nbYaNMw-WvyaH8ik8DImWgNrNN4.roa
Signing time:             Sun 14 Apr 2024 00:42:06 +0000
ROA not before:           Sun 14 Apr 2024 00:42:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151106
IP address blocks:        103.17.96.0/24 maxlen: 24
                          103.17.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:da:0d:e2:b0:50:65:09:c1:92:84:9e:4c:bb:97:ec:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Apr 14 00:42:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9db61a34cc3e5afc9a1fc8a4f032265a036b34de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:9f:7a:71:63:aa:2d:40:11:f3:38:ac:74:8a:
                    0b:a6:45:f7:ed:b1:89:b8:64:ad:89:71:60:75:f4:
                    5f:c3:0d:ad:c2:e3:8e:9b:db:3f:d8:98:72:62:0d:
                    9b:95:17:a4:d7:09:ec:96:21:81:6d:ee:74:4a:4f:
                    fb:d7:61:70:b3:01:a9:b2:ba:67:a4:1d:e5:81:75:
                    06:81:ea:26:ee:ad:cd:72:5c:29:72:68:1d:32:cb:
                    79:44:1d:e8:55:a1:56:bd:12:f5:90:39:c5:c3:f8:
                    ac:9e:5d:5c:61:ca:c2:a4:41:9a:06:57:19:1b:d3:
                    25:2c:50:ae:ee:79:32:32:30:6a:14:fa:42:58:68:
                    b2:0e:63:af:5f:cb:41:11:2f:7d:67:8b:0e:dc:0d:
                    3d:bc:04:51:c5:64:57:f0:e9:bb:52:55:b5:bc:4d:
                    50:f2:ac:a3:75:d2:2d:f1:c7:6e:d5:e5:84:ee:63:
                    f1:0d:64:5a:fc:cf:75:28:a9:b9:f1:0d:94:5f:60:
                    52:8b:46:00:92:40:51:7a:6a:72:51:c6:8b:2b:5a:
                    4f:20:1f:22:6a:f0:3b:6e:6f:6f:4d:20:56:b6:37:
                    7f:fa:f8:c6:17:be:74:56:d1:ea:a1:ed:d2:60:08:
                    93:d8:2a:b7:bd:ea:6b:f2:b6:1e:38:74:88:62:b8:
                    36:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:B6:1A:34:CC:3E:5A:FC:9A:1F:C8:A4:F0:32:26:5A:03:6B:34:DE
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/nbYaNMw-WvyaH8ik8DImWgNrNN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.17.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:4d:c7:e2:bd:3d:65:b5:5c:d6:a8:c7:29:0b:3a:9e:9e:7a:
         72:70:ac:d6:b6:96:90:e9:97:38:29:94:39:55:8d:29:66:ca:
         fa:50:31:48:fa:26:74:14:a1:00:d9:58:8d:12:8f:5e:99:d1:
         f6:f6:a9:91:23:3f:92:92:a5:93:54:97:3c:f2:c6:8a:8e:fd:
         48:11:d5:ab:3d:26:6c:96:13:ec:0e:a6:10:9b:df:14:59:e4:
         98:1e:34:3c:f1:cc:0c:86:14:d7:13:f7:01:5a:94:e2:1e:60:
         75:47:ed:c3:c4:79:71:d4:92:79:5d:6e:9c:86:bc:9e:d5:96:
         c8:68:11:2d:7b:dd:7e:eb:ae:31:c4:1a:0e:92:9c:79:f5:98:
         96:31:a5:b0:11:91:47:30:6a:94:3a:78:f7:2d:75:6d:89:aa:
         3a:03:4d:ce:01:99:4a:75:73:7e:71:3b:12:9b:a4:26:7c:2c:
         a5:3f:08:e2:18:29:da:ab:96:e3:76:b7:5b:23:1c:72:90:12:
         31:34:8b:28:29:0d:db:f2:e7:55:a0:c8:cd:3a:7b:96:b0:80:
         8f:e5:53:34:cc:7e:b2:e0:bb:de:82:f1:5c:80:de:ae:1b:83:
         f1:70:46:f7:33:32:96:d9:a2:0e:1a:3e:c4:7a:45:25:15:72:
         cb:79:fe:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7aDeKwUGUJwZKEnky7l+wMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwNDE0MDA0MjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGI2MWEzNGNjM2U1YWZjOWExZmM4YTRmMDMyMjY1YTAzNmIzNGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZ96cWOqLUAR8zisdIoLpkX37bGJ
uGStiXFgdfRfww2twuOOm9s/2JhyYg2blRek1wnsliGBbe50Sk/712FwswGpsrpn
pB3lgXUGgeom7q3NclwpcmgdMst5RB3oVaFWvRL1kDnFw/isnl1cYcrCpEGaBlcZ
G9MlLFCu7nkyMjBqFPpCWGiyDmOvX8tBES99Z4sO3A09vARRxWRX8Om7UlW1vE1Q
8qyjddIt8cdu1eWE7mPxDWRa/M91KKm58Q2UX2BSi0YAkkBRempyUcaLK1pPIB8i
avA7bm9vTSBWtjd/+vjGF750VtHqoe3SYAiT2Cq3vepr8rYeOHSIYrg2SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ22GjTMPlr8mh/IpPAyJloDazTeMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvbmJZYU5Ndy1XdnlhSDhpazhESW1XZ05yTk40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZxFgMA0G
CSqGSIb3DQEBCwUAA4IBAQClTcfivT1ltVzWqMcpCzqennpycKzWtpaQ6Zc4KZQ5
VY0pZsr6UDFI+iZ0FKEA2ViNEo9emdH29qmRIz+SkqWTVJc88saKjv1IEdWrPSZs
lhPsDqYQm98UWeSYHjQ88cwMhhTXE/cBWpTiHmB1R+3DxHlx1JJ5XW6chrye1ZbI
aBEte91+664xxBoOkpx59ZiWMaWwEZFHMGqUOnj3LXVtiao6A03OAZlKdXN+cTsS
m6QmfCylPwjiGCnaq5bjdrdbIxxykBIxNIsoKQ3b8udVoMjNOnuWsICP5VM0zH6y
4LvegvFcgN6uG4PxcEb3MzKW2aIOGj7EekUlFXLLef6J
-----END CERTIFICATE-----