Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/VG8_1kfRCxrU2KHxSoXmG8gC94Y.roa
File:                     VG8_1kfRCxrU2KHxSoXmG8gC94Y.roa (raw, json)
Hash identifier:          gKRSRk7t0YzO9tLfsVCNYDe7yWkFP/33bg1WVn1YyrA=
Subject key identifier:   54:6F:3F:D6:47:D1:0B:1A:D4:D8:A1:F1:4A:85:E6:1B:C8:02:F7:86
Certificate issuer:       /CN=5c892aed3833e6100f5e0cf12271fd80b755c361
Certificate serial:       018CC8018BCEC6F2133F0EED185A1EEA542E
Authority key identifier: 5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/VG8_1kfRCxrU2KHxSoXmG8gC94Y.roa
Signing time:             Tue 02 Jan 2024 02:29:53 +0000
ROA not before:           Tue 02 Jan 2024 02:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        103.75.71.0/24 maxlen: 24
                          103.75.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 10:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:8b:ce:c6:f2:13:3f:0e:ed:18:5a:1e:ea:54:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c892aed3833e6100f5e0cf12271fd80b755c361
        Validity
            Not Before: Jan  2 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=546f3fd647d10b1ad4d8a1f14a85e61bc802f786
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:23:2d:a1:76:de:fe:a4:25:b2:27:4a:df:c5:
                    2d:c3:ff:08:a7:46:ea:3c:1a:5a:4a:c9:e5:58:6d:
                    9a:f7:20:77:50:67:00:fa:26:c0:f1:30:ac:8d:86:
                    d7:d1:99:ba:76:4d:5b:87:f4:68:fe:fb:5b:49:e7:
                    34:5f:fb:ff:3f:9e:6c:78:66:44:91:84:d9:eb:67:
                    5b:76:29:ca:95:c1:7d:4d:3f:fe:94:21:f3:b8:65:
                    df:bf:74:6a:08:16:7f:60:40:28:f7:e0:80:2b:47:
                    c4:7b:bf:18:37:cc:af:31:49:17:16:56:86:a0:52:
                    ad:ce:0c:58:7e:d1:91:e4:99:07:e9:c8:fe:55:45:
                    d7:35:56:22:44:15:d5:5c:64:9e:18:0a:a8:85:f6:
                    97:1d:80:c1:f8:7b:a4:d6:f7:6c:92:f2:bc:4f:df:
                    ee:47:63:b7:1f:de:ca:48:71:13:e1:a2:99:92:9d:
                    90:ee:4d:01:3c:62:8a:a1:e8:fe:6a:42:0f:80:f3:
                    15:25:f8:77:5a:e8:b5:5e:1c:43:50:8e:34:e4:25:
                    3d:40:25:f8:5e:8a:67:dd:2a:26:28:d2:db:70:81:
                    60:5d:4f:52:c4:45:85:a9:0a:e4:33:51:63:d4:2d:
                    7f:2f:6d:c1:17:50:72:b4:10:3a:a7:64:26:26:da:
                    03:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:6F:3F:D6:47:D1:0B:1A:D4:D8:A1:F1:4A:85:E6:1B:C8:02:F7:86
            X509v3 Authority Key Identifier:
                keyid:5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/VG8_1kfRCxrU2KHxSoXmG8gC94Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.75.68.0/24
                  103.75.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:43:94:fd:54:dd:78:73:95:87:5a:d7:c3:56:66:50:e4:48:
         be:61:c1:bb:be:8c:9e:f8:9d:be:99:35:db:f4:34:96:c9:5b:
         b5:ff:35:65:d2:32:0c:a4:c5:bd:9c:f6:be:53:0a:eb:75:c0:
         65:5e:b2:8a:d4:3d:06:8f:7d:a3:cd:50:0f:14:68:eb:75:f7:
         fa:e2:53:b8:89:46:a8:62:4b:9a:96:3f:2d:3a:19:b7:01:ae:
         66:d5:42:50:7d:21:ad:76:54:cd:fa:1a:ec:c9:7b:cb:6c:4b:
         55:03:0d:f1:87:31:41:7a:3c:85:1f:6a:af:41:1a:af:e0:25:
         0b:9f:81:80:54:cf:d8:94:9f:30:8c:3a:90:47:cc:58:b2:31:
         e9:93:f4:db:e6:0d:16:28:b3:8a:0c:73:0a:a0:e1:f7:14:30:
         a1:54:b5:c9:e1:8a:6f:85:9d:d9:1b:af:7e:59:d7:e2:5c:ba:
         19:99:8a:c0:6a:6c:98:2b:60:eb:6c:6f:8c:54:8f:30:a9:c3:
         04:a6:ec:6a:7a:08:be:e3:15:92:c9:93:b7:c4:f9:93:af:e3:
         bd:5e:25:d3:df:f1:b4:37:cc:bb:d2:04:17:92:21:1f:32:6e:
         e5:af:e4:fe:3b:f1:41:56:f8:71:70:85:a5:e9:56:8d:21:56:
         74:91:b4:24
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAYvOxvITPw7tGFoe6lQuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjODkyYWVkMzgzM2U2MTAwZjVlMGNmMTIyNzFmZDgwYjc1
NWMzNjEwHhcNMjQwMTAyMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDZmM2ZkNjQ3ZDEwYjFhZDRkOGExZjE0YTg1ZTYxYmM4MDJmNzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCMtoXbe/qQlsidK38Utw/8Ip0bq
PBpaSsnlWG2a9yB3UGcA+ibA8TCsjYbX0Zm6dk1bh/Ro/vtbSec0X/v/P55seGZE
kYTZ62dbdinKlcF9TT/+lCHzuGXfv3RqCBZ/YEAo9+CAK0fEe78YN8yvMUkXFlaG
oFKtzgxYftGR5JkH6cj+VUXXNVYiRBXVXGSeGAqohfaXHYDB+Huk1vdskvK8T9/u
R2O3H97KSHET4aKZkp2Q7k0BPGKKoej+akIPgPMVJfh3Wui1XhxDUI405CU9QCX4
Xopn3SomKNLbcIFgXU9SxEWFqQrkM1Fj1C1/L23BF1BytBA6p2QmJtoDYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFRvP9ZH0Qsa1Nih8UqF5hvIAveGMB8GA1UdIwQY
MBaAFFyJKu04M+YQD14M8SJx/YC3VcNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2Ut
M2FhN2RhYTlkM2VjLzEvVkc4XzFrZlJDeHJVMktIeFNvWG1HOGdDOTRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2UtM2FhN2RhYTlkM2Vj
LzEvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ0tEAwQA
Z0tHMA0GCSqGSIb3DQEBCwUAA4IBAQAhQ5T9VN14c5WHWtfDVmZQ5Ei+YcG7voye
+J2+mTXb9DSWyVu1/zVl0jIMpMW9nPa+UwrrdcBlXrKK1D0Gj32jzVAPFGjrdff6
4lO4iUaoYkualj8tOhm3Aa5m1UJQfSGtdlTN+hrsyXvLbEtVAw3xhzFBejyFH2qv
QRqv4CULn4GAVM/YlJ8wjDqQR8xYsjHpk/Tb5g0WKLOKDHMKoOH3FDChVLXJ4Ypv
hZ3ZG69+WdfiXLoZmYrAamyYK2DrbG+MVI8wqcMEpuxqegi+4xWSyZO3xPmTr+O9
XiXT3/G0N8y70gQXkiEfMm7lr+T+O/FBVvhxcIWl6VaNIVZ0kbQk
-----END CERTIFICATE-----