Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/af0a2a-7ebf-4dc0-a319-819b7a7ec434/1/44uLXBcL_RZwFzmvHMDFnzRLsrc.roa
File:                     44uLXBcL_RZwFzmvHMDFnzRLsrc.roa (raw, json)
Hash identifier:          ebcHWLKhk2lxI2aGu12w8EL09XqOe4qlsJc7YtoQwgs=
Subject key identifier:   E3:8B:8B:5C:17:0B:FD:16:70:17:39:AF:1C:C0:C5:9F:34:4B:B2:B7
Certificate issuer:       /CN=ffca997d390cd6e46e0128e50d70b84e7ab6740f
Certificate serial:       019427B3DDFED6208853DAD9D014A8FE1929
Authority key identifier: FF:CA:99:7D:39:0C:D6:E4:6E:01:28:E5:0D:70:B8:4E:7A:B6:74:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_8qZfTkM1uRuASjlDXC4Tnq2dA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/af0a2a-7ebf-4dc0-a319-819b7a7ec434/1/44uLXBcL_RZwFzmvHMDFnzRLsrc.roa
Signing time:             Thu 02 Jan 2025 15:48:06 +0000
ROA not before:           Thu 02 Jan 2025 15:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214509
IP address blocks:        103.132.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/af0a2a-7ebf-4dc0-a319-819b7a7ec434/1/_8qZfTkM1uRuASjlDXC4Tnq2dA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/af0a2a-7ebf-4dc0-a319-819b7a7ec434/1/_8qZfTkM1uRuASjlDXC4Tnq2dA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_8qZfTkM1uRuASjlDXC4Tnq2dA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:dd:fe:d6:20:88:53:da:d9:d0:14:a8:fe:19:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffca997d390cd6e46e0128e50d70b84e7ab6740f
        Validity
            Not Before: Jan  2 15:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e38b8b5c170bfd16701739af1cc0c59f344bb2b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:3e:51:15:92:ca:4e:b3:f6:b8:dc:a6:e2:b5:
                    e0:f6:38:40:6f:7a:95:3e:ac:80:62:78:a5:56:a3:
                    a0:b0:b6:12:88:fa:8a:27:74:65:f7:c4:99:05:f5:
                    33:b9:47:18:81:ea:36:d3:68:6a:0a:66:ad:ac:ab:
                    19:99:4a:27:cf:d4:56:63:83:de:1b:21:e4:05:c3:
                    83:ca:98:0d:5b:2f:fc:64:3d:0e:54:74:b3:bf:a7:
                    51:95:09:b9:3f:cc:af:e1:e4:49:2f:16:6c:85:8d:
                    fa:1e:81:9b:e4:5a:0c:f5:93:53:df:4f:8d:a4:85:
                    e9:7d:c4:01:aa:c9:35:58:4b:e5:b6:cd:a4:e7:8c:
                    d9:0d:e5:d7:35:2e:6d:46:74:9c:cc:53:4f:7c:33:
                    e1:60:b2:8b:d8:65:e4:20:cc:ad:79:4e:c3:e2:ee:
                    21:64:d6:9c:60:63:5d:47:f3:66:30:93:9b:cf:2f:
                    92:b7:61:d0:2a:c5:e7:68:8c:89:c1:27:e0:5c:0b:
                    5e:a6:25:a2:32:eb:31:a1:92:fa:e9:13:9f:ec:72:
                    26:de:11:37:94:11:4b:b9:e1:ce:d1:e1:f4:fb:98:
                    06:09:2c:75:ee:ee:d8:9c:8c:30:a5:f1:da:fc:74:
                    08:56:17:d9:48:e4:81:3a:54:6d:33:c5:bc:cf:bd:
                    ae:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:8B:8B:5C:17:0B:FD:16:70:17:39:AF:1C:C0:C5:9F:34:4B:B2:B7
            X509v3 Authority Key Identifier:
                keyid:FF:CA:99:7D:39:0C:D6:E4:6E:01:28:E5:0D:70:B8:4E:7A:B6:74:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_8qZfTkM1uRuASjlDXC4Tnq2dA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/af0a2a-7ebf-4dc0-a319-819b7a7ec434/1/44uLXBcL_RZwFzmvHMDFnzRLsrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/af0a2a-7ebf-4dc0-a319-819b7a7ec434/1/_8qZfTkM1uRuASjlDXC4Tnq2dA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.132.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:92:cb:76:ef:58:9b:5c:27:78:07:a7:80:4e:db:42:f5:d3:
         cd:6c:29:ad:71:f1:7b:fd:b0:69:f8:38:3a:5c:d3:72:a8:f8:
         73:4a:63:67:2f:87:12:0b:fa:69:b1:bf:ed:93:e4:ee:4b:94:
         00:fa:31:a7:47:53:29:f9:37:11:43:5f:b7:28:70:d4:e6:19:
         d3:8d:61:b8:e7:b8:ed:94:f8:02:a3:2d:45:4e:5e:3e:e7:ef:
         72:e4:d6:25:95:c3:73:a1:dd:b7:de:c1:05:29:58:64:8c:a9:
         10:38:03:58:73:75:36:5f:4b:17:a7:09:7c:f9:39:27:be:03:
         7f:5c:e6:6b:98:85:3c:68:02:2c:0f:b2:94:ac:1b:8d:2f:59:
         35:34:9e:44:25:8e:3b:10:aa:a0:8c:49:a7:3d:f7:99:70:bb:
         ff:d0:df:32:0a:30:8a:da:b1:14:d7:c2:d6:1e:7b:38:1e:d2:
         bd:06:b9:aa:02:98:25:39:5c:e2:49:b7:7f:3c:b1:fe:5f:c2:
         c4:8b:3c:68:55:32:4f:4d:52:69:1b:30:d6:61:4c:77:20:53:
         82:e6:ca:05:bb:3d:50:4c:88:34:91:6e:ac:0c:3c:6f:10:63:
         ae:5c:83:f3:8c:11:f3:9d:a4:86:eb:9e:95:40:bc:15:14:69:
         f7:2b:e9:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns93+1iCIU9rZ0BSo/hkpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmY2E5OTdkMzkwY2Q2ZTQ2ZTAxMjhlNTBkNzBiODRlN2Fi
Njc0MGYwHhcNMjUwMTAyMTU0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzhiOGI1YzE3MGJmZDE2NzAxNzM5YWYxY2MwYzU5ZjM0NGJiMmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0j5RFZLKTrP2uNym4rXg9jhAb3qV
PqyAYnilVqOgsLYSiPqKJ3Rl98SZBfUzuUcYgeo202hqCmatrKsZmUonz9RWY4Pe
GyHkBcODypgNWy/8ZD0OVHSzv6dRlQm5P8yv4eRJLxZshY36HoGb5FoM9ZNT30+N
pIXpfcQBqsk1WEvlts2k54zZDeXXNS5tRnSczFNPfDPhYLKL2GXkIMyteU7D4u4h
ZNacYGNdR/NmMJObzy+St2HQKsXnaIyJwSfgXAtepiWiMusxoZL66ROf7HIm3hE3
lBFLueHO0eH0+5gGCSx17u7YnIwwpfHa/HQIVhfZSOSBOlRtM8W8z72urwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOLi1wXC/0WcBc5rxzAxZ80S7K3MB8GA1UdIwQY
MBaAFP/KmX05DNbkbgEo5Q1wuE56tnQPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzhxWmZUa00xdVJ1QVNqbERYQzRUbnEyZEE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9hZjBhMmEtN2ViZi00ZGMwLWEzMTkt
ODE5YjdhN2VjNDM0LzEvNDR1TFhCY0xfUlp3RnptdkhNREZuelJMc3JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9hZjBhMmEtN2ViZi00ZGMwLWEzMTktODE5YjdhN2VjNDM0
LzEvXzhxWmZUa00xdVJ1QVNqbERYQzRUbnEyZEE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ4SDMA0G
CSqGSIb3DQEBCwUAA4IBAQCwkst271ibXCd4B6eATttC9dPNbCmtcfF7/bBp+Dg6
XNNyqPhzSmNnL4cSC/ppsb/tk+TuS5QA+jGnR1Mp+TcRQ1+3KHDU5hnTjWG457jt
lPgCoy1FTl4+5+9y5NYllcNzod233sEFKVhkjKkQOANYc3U2X0sXpwl8+TknvgN/
XOZrmIU8aAIsD7KUrBuNL1k1NJ5EJY47EKqgjEmnPfeZcLv/0N8yCjCK2rEU18LW
Hns4HtK9BrmqApglOVziSbd/PLH+X8LEizxoVTJPTVJpGzDWYUx3IFOC5soFuz1Q
TIg0kW6sDDxvEGOuXIPzjBHznaSG656VQLwVFGn3K+kA
-----END CERTIFICATE-----