Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/rQW2dw98Fh-iwHUnu837pVRjuWc.roa
File:                     rQW2dw98Fh-iwHUnu837pVRjuWc.roa (raw, json)
Hash identifier:          Pa1aj93uAUOOLzOu+jsDUQFa2MsGoVi8bIM+YOqFcyo=
Subject key identifier:   AD:05:B6:77:0F:7C:16:1F:A2:C0:75:27:BB:CD:FB:A5:54:63:B9:67
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       01941FFA8D6C8BFC5A4CC35BD5E8853F4416
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/rQW2dw98Fh-iwHUnu837pVRjuWc.roa
Signing time:             Wed 01 Jan 2025 03:48:21 +0000
ROA not before:           Wed 01 Jan 2025 03:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     151106
IP address blocks:        103.17.96.0/24 maxlen: 24
                          103.17.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:8d:6c:8b:fc:5a:4c:c3:5b:d5:e8:85:3f:44:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Jan  1 03:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad05b6770f7c161fa2c07527bbcdfba55463b967
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a8:6c:28:a8:2d:e4:b8:3a:7d:a0:26:d9:bc:
                    38:d4:a2:e1:6d:29:d6:90:10:84:c9:b6:14:95:be:
                    4b:57:eb:21:17:27:68:1f:ea:b2:7f:2f:c5:c1:7a:
                    90:4b:70:ea:be:b8:e5:fd:d5:72:cf:62:45:ef:cd:
                    9b:ef:11:00:d8:a8:30:33:36:87:01:25:33:1d:6f:
                    4b:59:96:55:82:58:67:59:d1:f6:05:8b:7e:2b:ad:
                    e6:f9:4a:6a:60:cc:42:03:32:fe:92:ff:5e:d6:cf:
                    19:6e:39:2a:37:91:81:e9:db:78:94:8a:2a:72:95:
                    58:93:49:f0:e2:cd:b9:68:0b:15:67:40:0d:c1:e5:
                    ff:e0:cb:9c:49:10:37:5d:85:fb:3e:8b:48:89:b1:
                    d5:06:b3:3d:64:a7:84:db:55:2b:f2:45:8a:58:b9:
                    98:72:88:c2:6e:fd:b8:e5:43:d4:1d:a8:1f:48:fd:
                    b3:4c:24:2e:28:f8:5c:9d:30:c8:f9:7f:45:fb:c6:
                    08:6d:54:3b:74:1b:de:72:2c:74:53:f3:6b:1a:23:
                    f6:c9:e4:64:c0:f4:4f:81:aa:94:c8:09:cf:cc:55:
                    14:bc:67:16:96:9b:f5:55:19:c5:7e:12:d2:b8:9f:
                    1e:a1:e6:d6:19:82:8c:27:c8:61:4a:e9:04:c9:66:
                    f9:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:05:B6:77:0F:7C:16:1F:A2:C0:75:27:BB:CD:FB:A5:54:63:B9:67
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/rQW2dw98Fh-iwHUnu837pVRjuWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.17.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:48:96:73:09:13:3b:53:9e:52:a0:74:d1:1c:45:ab:22:fb:
         78:23:23:8d:f8:62:ee:00:75:b8:79:63:1e:ec:9e:a8:d9:93:
         b7:f0:07:1e:26:f6:d4:0c:20:84:4c:8c:52:1d:65:41:dd:fb:
         b4:be:01:ac:7e:df:2a:9a:4d:10:49:82:c9:3b:1e:6e:18:07:
         13:92:74:9e:fa:03:1f:85:1b:70:ca:4d:9e:6d:96:e8:e3:55:
         58:4b:b1:a4:31:d5:b1:45:70:3a:a0:61:e8:73:59:0f:bb:b8:
         3e:4d:18:16:fc:1f:3d:0f:31:70:51:72:77:f5:87:71:f8:0e:
         08:d8:a4:ac:e8:08:7f:06:9d:f9:f9:12:90:00:3e:36:1c:8b:
         8f:e0:94:61:5b:e8:01:7e:88:72:79:de:3e:ef:9a:46:7d:d1:
         8b:2d:c2:f9:d8:cf:99:4a:25:56:25:c3:66:f7:d4:cd:a2:70:
         7b:25:2e:98:2d:7e:66:7c:ce:cb:16:63:91:14:bb:b6:60:b0:
         f6:98:26:a2:c2:c8:19:0b:f9:e6:ce:8c:2a:d1:b2:c8:bf:bf:
         4d:c5:d2:09:15:b0:14:03:0f:51:c9:4d:a9:6a:0e:63:5c:47:
         e5:11:62:8b:b8:65:25:3a:64:a9:09:15:cd:5c:81:fc:7e:af:
         fe:61:b8:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+o1si/xaTMNb1eiFP0QWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwMTAxMDM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDA1YjY3NzBmN2MxNjFmYTJjMDc1MjdiYmNkZmJhNTU0NjNiOTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqahsKKgt5Lg6faAm2bw41KLhbSnW
kBCEybYUlb5LV+shFydoH+qyfy/FwXqQS3Dqvrjl/dVyz2JF782b7xEA2KgwMzaH
ASUzHW9LWZZVglhnWdH2BYt+K63m+UpqYMxCAzL+kv9e1s8ZbjkqN5GB6dt4lIoq
cpVYk0nw4s25aAsVZ0ANweX/4MucSRA3XYX7PotIibHVBrM9ZKeE21Ur8kWKWLmY
cojCbv245UPUHagfSP2zTCQuKPhcnTDI+X9F+8YIbVQ7dBvecix0U/NrGiP2yeRk
wPRPgaqUyAnPzFUUvGcWlpv1VRnFfhLSuJ8eoebWGYKMJ8hhSukEyWb5kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0FtncPfBYfosB1J7vN+6VUY7lnMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvclFXMmR3OThGaC1pd0hVbnU4MzdwVlJqdVdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZxFgMA0G
CSqGSIb3DQEBCwUAA4IBAQCHSJZzCRM7U55SoHTRHEWrIvt4IyON+GLuAHW4eWMe
7J6o2ZO38AceJvbUDCCETIxSHWVB3fu0vgGsft8qmk0QSYLJOx5uGAcTknSe+gMf
hRtwyk2ebZbo41VYS7GkMdWxRXA6oGHoc1kPu7g+TRgW/B89DzFwUXJ39Ydx+A4I
2KSs6Ah/Bp35+RKQAD42HIuP4JRhW+gBfohyed4+75pGfdGLLcL52M+ZSiVWJcNm
99TNonB7JS6YLX5mfM7LFmORFLu2YLD2mCaiwsgZC/nmzowq0bLIv79NxdIJFbAU
Aw9RyU2pag5jXEflEWKLuGUlOmSpCRXNXIH8fq/+YbiL
-----END CERTIFICATE-----