Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/Z_jyMM7ugZPGwYIkwMU446e3P7w.roa
File:                     Z_jyMM7ugZPGwYIkwMU446e3P7w.roa (raw, json)
Hash identifier:          b+fcKkLPC2Zi/VNIDIkoFRugtVLS4bTpd4Y8OXIWERk=
Subject key identifier:   67:F8:F2:30:CE:EE:81:93:C6:C1:82:24:C0:C5:38:E3:A7:B7:3F:BC
Certificate issuer:       /CN=5c892aed3833e6100f5e0cf12271fd80b755c361
Certificate serial:       018D16BAC0238FFFFABCD2D6305339CACE11
Authority key identifier: 5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/Z_jyMM7ugZPGwYIkwMU446e3P7w.roa
Signing time:             Wed 17 Jan 2024 09:22:34 +0000
ROA not before:           Wed 17 Jan 2024 09:22:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199707
IP address blocks:        103.76.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:16:ba:c0:23:8f:ff:fa:bc:d2:d6:30:53:39:ca:ce:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c892aed3833e6100f5e0cf12271fd80b755c361
        Validity
            Not Before: Jan 17 09:22:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67f8f230ceee8193c6c18224c0c538e3a7b73fbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:0d:49:c9:55:cd:a0:61:6b:99:83:c0:e3:12:
                    a7:ae:ab:c9:c3:7e:51:4d:8f:e3:9c:18:1e:e6:3a:
                    b2:42:3d:ca:11:04:d9:24:c2:b9:fb:5d:6c:7b:53:
                    74:20:6a:a2:56:57:20:f5:a7:c5:6e:47:e7:9a:48:
                    f4:64:c5:18:93:bb:b9:cc:b4:ee:0b:ca:64:98:8b:
                    ad:3a:5e:b2:03:26:fb:4d:7b:42:29:3d:ac:05:65:
                    f4:d1:f9:de:e2:3b:d1:6b:0a:86:e5:bc:65:70:9c:
                    1e:71:2a:0e:26:b7:a4:1e:b3:18:f2:8b:3c:91:17:
                    2c:ea:a8:0e:42:4a:aa:64:a1:ec:1c:6e:49:6f:de:
                    9f:28:68:81:7f:9b:0c:a3:2e:1c:14:cf:20:6d:f9:
                    12:6a:d3:ca:d5:c2:6c:74:f5:31:5b:c0:35:e1:91:
                    bb:50:ac:04:1a:52:98:fb:70:28:81:fb:32:4b:82:
                    7d:12:ed:a0:8b:dd:82:71:b0:d4:f8:33:a7:2f:63:
                    df:5c:2e:42:3b:a7:c2:21:e0:a2:0d:5e:30:6a:69:
                    9f:04:81:bb:39:ae:46:76:b6:17:11:10:12:e3:08:
                    88:c5:e9:41:27:7d:9e:fa:5b:22:86:ac:6c:8b:17:
                    b2:aa:f1:71:18:7e:75:58:b3:72:dd:b5:b7:e0:bc:
                    3f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:F8:F2:30:CE:EE:81:93:C6:C1:82:24:C0:C5:38:E3:A7:B7:3F:BC
            X509v3 Authority Key Identifier:
                keyid:5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/Z_jyMM7ugZPGwYIkwMU446e3P7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.76.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:c4:41:03:e8:b7:ae:d2:b1:f7:23:9c:7f:93:e3:1f:9c:e7:
         40:1a:c9:1f:65:7f:55:0e:e2:b7:fd:3e:ad:e0:bb:f7:09:44:
         e1:ed:5d:52:a2:b7:f8:b9:d2:64:68:01:9c:19:61:01:37:c3:
         3d:3d:f5:21:1d:3c:dc:52:c2:ec:63:ee:f1:5d:6a:58:e3:6c:
         88:92:76:d4:44:4b:13:b3:43:e2:9c:71:e8:59:d5:0c:1d:1f:
         c4:a8:23:2c:99:ea:c2:61:5f:64:85:c4:13:e1:88:ca:f7:5d:
         52:a3:74:6b:8d:f5:36:35:71:67:89:26:cb:13:14:29:2f:c9:
         3a:58:95:1a:cb:f4:79:81:69:5d:29:36:d0:8b:e7:f7:75:47:
         66:de:e9:08:73:3e:5b:0c:90:89:8b:ad:fd:3e:8e:23:68:fc:
         aa:bc:89:3d:a1:c5:8e:ee:4c:83:20:ca:db:73:5d:63:44:c4:
         dc:04:70:3a:1e:ec:bb:47:9c:49:e7:62:80:fa:03:ba:96:d8:
         1a:fb:c6:eb:63:b1:f8:cf:40:65:32:36:e7:81:89:18:cf:1c:
         1b:e1:00:c0:bb:a9:f5:cd:1c:54:d6:4a:75:cf:21:39:37:60:
         41:66:02:06:96:46:23:b3:f5:ea:13:2f:d3:0c:5e:c9:0e:bd:
         55:ad:3c:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0WusAjj//6vNLWMFM5ys4RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjODkyYWVkMzgzM2U2MTAwZjVlMGNmMTIyNzFmZDgwYjc1
NWMzNjEwHhcNMjQwMTE3MDkyMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2Y4ZjIzMGNlZWU4MTkzYzZjMTgyMjRjMGM1MzhlM2E3YjczZmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlw1JyVXNoGFrmYPA4xKnrqvJw35R
TY/jnBge5jqyQj3KEQTZJMK5+11se1N0IGqiVlcg9afFbkfnmkj0ZMUYk7u5zLTu
C8pkmIutOl6yAyb7TXtCKT2sBWX00fne4jvRawqG5bxlcJwecSoOJrekHrMY8os8
kRcs6qgOQkqqZKHsHG5Jb96fKGiBf5sMoy4cFM8gbfkSatPK1cJsdPUxW8A14ZG7
UKwEGlKY+3AogfsyS4J9Eu2gi92CcbDU+DOnL2PfXC5CO6fCIeCiDV4wammfBIG7
Oa5GdrYXERAS4wiIxelBJ32e+lsihqxsixeyqvFxGH51WLNy3bW34Lw//wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGf48jDO7oGTxsGCJMDFOOOntz+8MB8GA1UdIwQY
MBaAFFyJKu04M+YQD14M8SJx/YC3VcNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2Ut
M2FhN2RhYTlkM2VjLzEvWl9qeU1NN3VnWlBHd1lJa3dNVTQ0NmUzUDd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2UtM2FhN2RhYTlkM2Vj
LzEvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ0yDMA0G
CSqGSIb3DQEBCwUAA4IBAQBwxEED6Leu0rH3I5x/k+MfnOdAGskfZX9VDuK3/T6t
4Lv3CUTh7V1Sorf4udJkaAGcGWEBN8M9PfUhHTzcUsLsY+7xXWpY42yIknbUREsT
s0PinHHoWdUMHR/EqCMsmerCYV9khcQT4YjK911So3RrjfU2NXFniSbLExQpL8k6
WJUay/R5gWldKTbQi+f3dUdm3ukIcz5bDJCJi639Po4jaPyqvIk9ocWO7kyDIMrb
c11jRMTcBHA6Huy7R5xJ52KA+gO6ltga+8brY7H4z0BlMjbngYkYzxwb4QDAu6n1
zRxU1kp1zyE5N2BBZgIGlkYjs/XqEy/TDF7JDr1VrTxA
-----END CERTIFICATE-----