Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/xj-DjoLgl8-FANNyz_xJIBZmwiw.roa
File:                     xj-DjoLgl8-FANNyz_xJIBZmwiw.roa (raw, json)
Hash identifier:          L6j7yGZKuneOzZX7yUWSYEwxUt5P57ysLi9wKDoEPbw=
Subject key identifier:   C6:3F:83:8E:82:E0:97:CF:85:00:D3:72:CF:FC:49:20:16:66:C2:2C
Certificate issuer:       /CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
Certificate serial:       01932FFB2B0C251F639B4F510E3A305A7FBE
Authority key identifier: 42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/xj-DjoLgl8-FANNyz_xJIBZmwiw.roa
Signing time:             Fri 15 Nov 2024 13:20:09 +0000
ROA not before:           Fri 15 Nov 2024 13:20:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214036
IP address blocks:        103.229.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:03:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2f:fb:2b:0c:25:1f:63:9b:4f:51:0e:3a:30:5a:7f:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
        Validity
            Not Before: Nov 15 13:20:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c63f838e82e097cf8500d372cffc49201666c22c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:67:d0:da:95:97:af:73:58:7e:3f:64:8d:ce:
                    65:fb:51:28:4a:fa:d7:e1:6d:c7:89:70:43:a2:4e:
                    f3:d1:61:aa:67:fc:0a:b3:ea:f9:a6:a6:59:e6:b5:
                    2a:9a:f8:01:d5:e5:ac:3a:1e:f7:61:59:e4:02:89:
                    22:54:c5:36:96:1e:27:a7:65:34:a0:9a:4d:31:bc:
                    84:14:46:64:13:b1:9a:fd:57:7f:ef:c4:de:21:4c:
                    88:d1:46:5a:f8:97:d2:ab:8f:66:f9:63:37:05:cf:
                    2a:7f:86:fd:9c:6d:9d:70:09:f4:5d:ac:14:e7:ad:
                    42:be:cf:c8:0a:e1:27:93:74:64:a1:19:80:34:f3:
                    cc:a3:21:f8:54:95:1d:f9:4a:46:36:f5:7c:35:07:
                    c0:47:f2:56:5b:30:13:4c:5b:32:38:34:19:98:fc:
                    07:04:c6:96:49:51:53:5e:c0:f9:ff:e7:4b:9b:46:
                    73:e0:bf:b9:e7:bf:24:b2:cc:29:d1:69:02:db:07:
                    f8:f5:c1:4d:6d:9a:30:7e:16:12:78:dd:78:26:b1:
                    6f:80:3e:67:4b:cc:4b:8a:39:29:24:3e:45:0f:23:
                    97:b8:fc:21:48:1a:ad:bf:3f:c8:24:96:bd:43:2c:
                    68:35:b5:8a:8b:f1:93:1a:e9:95:55:e2:c1:73:8c:
                    13:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:3F:83:8E:82:E0:97:CF:85:00:D3:72:CF:FC:49:20:16:66:C2:2C
            X509v3 Authority Key Identifier:
                keyid:42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/xj-DjoLgl8-FANNyz_xJIBZmwiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.229.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:de:5b:5e:1c:f3:91:9a:32:f9:44:50:e0:a9:a6:01:63:bd:
         9d:3f:c6:fb:4d:12:ad:a4:5a:ee:42:26:0f:80:de:94:33:18:
         77:30:7e:a5:7e:08:d7:25:00:d9:2c:d0:8b:83:e0:4e:58:a6:
         ef:54:36:7a:7f:27:ed:1f:05:54:59:2f:a0:fb:a0:3d:fb:fa:
         70:e4:b7:72:46:52:ae:7c:d1:6b:76:2d:7c:6e:d8:32:f1:b1:
         f7:05:1c:81:ed:8a:b0:2b:df:f2:fd:f0:ac:5d:21:e4:b2:5d:
         18:8d:ac:77:03:c0:53:dc:4a:c1:94:9e:01:bd:2f:46:55:23:
         d7:88:ec:c2:3d:7e:f1:42:7d:78:39:66:a9:57:6c:05:bd:75:
         dd:5a:23:fa:31:85:8d:ce:b3:9c:55:d7:cd:52:0d:02:39:ce:
         9b:cc:db:66:c4:7d:09:45:ee:d0:a7:cf:3c:e9:0a:21:f4:24:
         8d:52:41:ec:4e:3a:d6:77:9b:ba:5f:31:c0:c5:c0:5a:57:f6:
         d1:3f:89:96:38:94:d3:dd:28:4a:a8:b6:c6:af:8a:62:09:85:
         96:79:51:4d:81:03:e1:79:e2:20:2e:54:d0:61:a1:40:5c:2e:
         85:99:66:c0:84:be:a2:58:16:cb:56:59:76:77:2d:e0:38:77:
         73:b3:4a:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMv+ysMJR9jm09RDjowWn++MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTJiNWRhNGI0ZmZlYWY3MjA2NDk1MThmYmFhYTEwYzVj
YjI4MTEwHhcNMjQxMTE1MTMyMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjNmODM4ZTgyZTA5N2NmODUwMGQzNzJjZmZjNDkyMDE2NjZjMjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GfQ2pWXr3NYfj9kjc5l+1EoSvrX
4W3HiXBDok7z0WGqZ/wKs+r5pqZZ5rUqmvgB1eWsOh73YVnkAokiVMU2lh4np2U0
oJpNMbyEFEZkE7Ga/Vd/78TeIUyI0UZa+JfSq49m+WM3Bc8qf4b9nG2dcAn0XawU
561Cvs/ICuEnk3RkoRmANPPMoyH4VJUd+UpGNvV8NQfAR/JWWzATTFsyODQZmPwH
BMaWSVFTXsD5/+dLm0Zz4L+5578ksswp0WkC2wf49cFNbZowfhYSeN14JrFvgD5n
S8xLijkpJD5FDyOXuPwhSBqtvz/IJJa9QyxoNbWKi/GTGumVVeLBc4wTJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMY/g46C4JfPhQDTcs/8SSAWZsIsMB8GA1UdIwQY
MBaAFEKStdpLT/6vcgZJUY+6qhDFyygRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3Yzct
YTA0M2UxYjY3Yjk0LzEveGotRGpvTGdsOC1GQU5OeXpfeEpJQlptd2l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3YzctYTA0M2UxYjY3Yjk0
LzEvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ+VRMA0G
CSqGSIb3DQEBCwUAA4IBAQCf3lteHPORmjL5RFDgqaYBY72dP8b7TRKtpFruQiYP
gN6UMxh3MH6lfgjXJQDZLNCLg+BOWKbvVDZ6fyftHwVUWS+g+6A9+/pw5LdyRlKu
fNFrdi18btgy8bH3BRyB7YqwK9/y/fCsXSHksl0Yjax3A8BT3ErBlJ4BvS9GVSPX
iOzCPX7xQn14OWapV2wFvXXdWiP6MYWNzrOcVdfNUg0COc6bzNtmxH0JRe7Qp888
6Qoh9CSNUkHsTjrWd5u6XzHAxcBaV/bRP4mWOJTT3ShKqLbGr4piCYWWeVFNgQPh
eeIgLlTQYaFAXC6FmWbAhL6iWBbLVll2dy3gOHdzs0q7
-----END CERTIFICATE-----