Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/n_rP7jWTS4Z479ne6IAs1NmLMNk.roa
File:                     n_rP7jWTS4Z479ne6IAs1NmLMNk.roa (raw, json)
Hash identifier:          tJkrT8kWq9nKGSWE25BO34wrEprXE5qoElSyxJPmjJc=
Subject key identifier:   9F:FA:CF:EE:35:93:4B:86:78:EF:D9:DE:E8:80:2C:D4:D9:8B:30:D9
Certificate issuer:       /CN=5c892aed3833e6100f5e0cf12271fd80b755c361
Certificate serial:       01941F8C3F84ABB90730F30F8F77F61E6CAF
Authority key identifier: 5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/n_rP7jWTS4Z479ne6IAs1NmLMNk.roa
Signing time:             Wed 01 Jan 2025 01:47:52 +0000
ROA not before:           Wed 01 Jan 2025 01:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199707
IP address blocks:        103.76.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:3f:84:ab:b9:07:30:f3:0f:8f:77:f6:1e:6c:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c892aed3833e6100f5e0cf12271fd80b755c361
        Validity
            Not Before: Jan  1 01:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ffacfee35934b8678efd9dee8802cd4d98b30d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:55:84:a9:5f:f7:64:4a:3c:72:41:5f:87:46:
                    e3:1f:16:b5:5e:8e:bc:77:a1:c5:9d:34:2b:35:d2:
                    4b:88:95:c8:cc:79:9e:94:03:3c:2a:e4:51:36:9b:
                    cf:88:53:6d:51:77:f6:99:50:14:c9:a0:4f:ff:ef:
                    77:ee:a1:53:2f:94:3f:96:f5:c8:16:1c:30:9e:18:
                    87:a5:bb:4f:d5:af:7b:73:d9:07:dc:df:b7:44:34:
                    5d:04:0d:b8:13:d8:a7:69:3b:6e:98:99:ac:e8:0e:
                    86:be:2d:02:26:14:4e:ec:2d:e5:0a:ba:67:17:ca:
                    e2:34:2a:35:fb:91:b4:1c:9c:68:81:e2:2b:1b:48:
                    db:6b:ee:ef:91:ce:f4:89:50:6d:74:d9:33:84:5d:
                    7e:54:9f:84:3f:2a:63:8d:36:6e:b0:cf:e0:c9:e8:
                    c8:00:c0:34:98:2f:48:68:38:4b:b9:3e:c6:cc:00:
                    fe:7f:c7:71:08:27:15:27:12:aa:dc:73:dc:68:6f:
                    df:21:33:74:3e:05:ef:d5:19:22:0a:e6:88:21:0e:
                    13:10:2a:cd:61:b5:1f:66:38:64:c5:be:a0:9e:0c:
                    ba:21:99:35:14:0a:c5:a4:11:eb:72:4c:2f:60:83:
                    d9:36:81:d7:37:14:0e:65:cb:14:8d:77:e3:62:b8:
                    0b:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:FA:CF:EE:35:93:4B:86:78:EF:D9:DE:E8:80:2C:D4:D9:8B:30:D9
            X509v3 Authority Key Identifier:
                keyid:5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/n_rP7jWTS4Z479ne6IAs1NmLMNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.76.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:87:6c:f0:ea:19:66:05:7c:6e:e7:64:ad:72:7b:4b:fc:72:
         eb:29:42:79:5b:05:ad:7a:76:e9:71:89:c7:26:1f:85:8c:9d:
         6c:99:88:6f:bd:e2:a3:6c:91:1e:f7:5a:c7:6c:8a:8a:6b:08:
         c6:7f:3b:74:68:b0:74:00:4d:30:a4:c8:8f:9d:b6:52:68:cf:
         37:f7:7c:66:ef:77:6d:77:a6:2f:eb:10:b4:6b:52:c4:1b:fa:
         e8:1b:3e:26:f0:e2:31:07:74:38:d8:ab:e6:59:4d:49:52:e0:
         5e:e0:d4:c3:1b:07:59:6d:57:61:4a:6e:7d:33:11:1a:63:3c:
         41:3f:8e:ea:ef:ab:64:13:d7:7a:84:09:1f:0a:0f:e7:1f:80:
         d0:f9:e1:91:a0:77:2a:cf:29:8c:27:53:ef:ce:59:a4:5b:9a:
         9e:a2:08:98:29:4a:53:85:9c:60:c5:5f:3c:b5:87:cf:c3:32:
         86:49:5c:cf:00:6b:da:13:81:4c:cc:cb:d5:be:f2:f8:fe:ce:
         f9:07:34:fe:66:03:37:fe:15:3d:89:eb:f0:02:58:aa:6f:9e:
         cc:45:65:a9:66:b2:e0:ef:48:88:81:52:47:34:f2:ae:60:8b:
         4f:f6:ba:83:5d:81:cb:c2:a7:de:bc:0c:20:af:60:4e:36:1a:
         93:8f:e4:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjD+Eq7kHMPMPj3f2HmyvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjODkyYWVkMzgzM2U2MTAwZjVlMGNmMTIyNzFmZDgwYjc1
NWMzNjEwHhcNMjUwMTAxMDE0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmZhY2ZlZTM1OTM0Yjg2NzhlZmQ5ZGVlODgwMmNkNGQ5OGIzMGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41WEqV/3ZEo8ckFfh0bjHxa1Xo68
d6HFnTQrNdJLiJXIzHmelAM8KuRRNpvPiFNtUXf2mVAUyaBP/+937qFTL5Q/lvXI
FhwwnhiHpbtP1a97c9kH3N+3RDRdBA24E9inaTtumJms6A6Gvi0CJhRO7C3lCrpn
F8riNCo1+5G0HJxogeIrG0jba+7vkc70iVBtdNkzhF1+VJ+EPypjjTZusM/gyejI
AMA0mC9IaDhLuT7GzAD+f8dxCCcVJxKq3HPcaG/fITN0PgXv1RkiCuaIIQ4TECrN
YbUfZjhkxb6gngy6IZk1FArFpBHrckwvYIPZNoHXNxQOZcsUjXfjYrgL6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ/6z+41k0uGeO/Z3uiALNTZizDZMB8GA1UdIwQY
MBaAFFyJKu04M+YQD14M8SJx/YC3VcNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2Ut
M2FhN2RhYTlkM2VjLzEvbl9yUDdqV1RTNFo0NzluZTZJQXMxTm1MTU5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2UtM2FhN2RhYTlkM2Vj
LzEvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ0yDMA0G
CSqGSIb3DQEBCwUAA4IBAQC5h2zw6hlmBXxu52StcntL/HLrKUJ5WwWtenbpcYnH
Jh+FjJ1smYhvveKjbJEe91rHbIqKawjGfzt0aLB0AE0wpMiPnbZSaM8393xm73dt
d6Yv6xC0a1LEG/roGz4m8OIxB3Q42KvmWU1JUuBe4NTDGwdZbVdhSm59MxEaYzxB
P47q76tkE9d6hAkfCg/nH4DQ+eGRoHcqzymMJ1PvzlmkW5qeogiYKUpThZxgxV88
tYfPwzKGSVzPAGvaE4FMzMvVvvL4/s75BzT+ZgM3/hU9ievwAliqb57MRWWpZrLg
70iIgVJHNPKuYItP9rqDXYHLwqfevAwgr2BONhqTj+T5
-----END CERTIFICATE-----