Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/IwDvVR7vnN0znFMkR2yd62k1GQc.roa
File:                     IwDvVR7vnN0znFMkR2yd62k1GQc.roa (raw, json)
Hash identifier:          qcngXSk3iHVYSUeEQ0B69dEqnicTVGXRXPo/V3Zr1Qc=
Subject key identifier:   23:00:EF:55:1E:EF:9C:DD:33:9C:53:24:47:6C:9D:EB:69:35:19:07
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       019350A59A677E95A4DC7B73E62B3BB4AD4D
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/IwDvVR7vnN0znFMkR2yd62k1GQc.roa
Signing time:             Thu 21 Nov 2024 21:34:10 +0000
ROA not before:           Thu 21 Nov 2024 21:34:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214135
IP address blocks:        103.83.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:50:a5:9a:67:7e:95:a4:dc:7b:73:e6:2b:3b:b4:ad:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: Nov 21 21:34:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2300ef551eef9cdd339c5324476c9deb69351907
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d2:30:a8:6c:31:91:78:e4:f3:03:56:79:41:
                    0f:68:20:fd:10:8e:55:18:01:fa:be:4e:61:f4:f9:
                    33:c7:11:6b:57:24:36:58:78:4d:51:5e:59:27:4f:
                    a7:27:b6:a0:c2:90:b7:03:70:8c:3f:02:97:fa:19:
                    30:ec:25:1f:b1:27:82:ee:22:7a:25:2c:57:2c:ee:
                    d8:86:ae:41:d1:fa:2f:1f:15:7c:d5:e2:da:d1:b6:
                    5f:b2:5a:6c:db:62:62:a8:2e:e0:eb:b0:79:f5:b2:
                    b3:e5:ee:e2:7e:16:45:fb:cd:88:03:f3:70:ff:38:
                    88:45:91:a9:5c:0f:0e:dd:fa:86:ad:eb:54:cd:10:
                    e0:89:71:ec:32:ac:c8:94:34:89:0a:f0:6c:7d:bc:
                    c0:5c:29:2e:aa:bf:97:49:a6:a3:17:83:86:4d:86:
                    52:a2:c6:00:d5:ab:21:50:d5:df:20:7e:28:a9:16:
                    14:87:c5:f4:4b:0f:09:f6:63:a1:35:2f:7b:ba:ca:
                    8c:16:88:af:f2:45:77:2c:30:a6:e5:8c:32:a5:89:
                    e7:7a:fa:d8:49:dd:ae:8c:81:c9:4a:8b:04:3b:77:
                    68:5b:45:90:c2:6d:1b:f1:0d:fa:cc:d6:17:5a:02:
                    51:86:50:fd:91:4b:c4:a3:4c:f7:9f:e0:b5:1d:89:
                    18:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:00:EF:55:1E:EF:9C:DD:33:9C:53:24:47:6C:9D:EB:69:35:19:07
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/IwDvVR7vnN0znFMkR2yd62k1GQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.83.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:93:69:10:c5:40:fd:48:47:36:08:f9:a4:0e:e1:b6:21:3a:
         4b:d1:a5:93:b6:73:40:77:78:a9:b7:ae:10:84:a0:fa:44:1d:
         e8:fa:e6:a6:a5:4a:76:f5:d4:e9:66:b2:19:64:f8:3f:f5:89:
         bb:d5:56:ec:44:c7:a4:81:97:a8:52:e4:bb:ce:5c:83:35:c0:
         73:70:22:5b:e2:30:6b:76:8e:5f:3e:48:fb:42:1a:bc:99:1b:
         f1:56:90:5f:33:45:c7:dc:16:97:c5:3a:43:c7:93:e2:3d:ae:
         ad:d2:34:9e:64:42:cd:7c:f4:f4:ed:bf:41:15:d4:8d:44:2b:
         df:25:6b:af:c4:ba:4f:bb:22:8b:ef:b6:0d:59:4d:09:3e:93:
         61:6f:ba:82:22:35:a6:4f:41:84:be:f3:20:c6:14:86:c9:55:
         39:39:62:34:92:06:25:68:cb:1e:11:0d:c1:61:e3:7c:ae:3a:
         d8:23:3c:aa:87:70:f7:37:11:fe:49:37:27:f2:49:55:00:c6:
         9e:2d:b1:5a:3b:e3:ed:e9:87:3c:73:56:86:c3:94:9c:4a:91:
         9c:6f:50:c9:36:1f:be:42:e8:a1:68:7d:8e:d2:3d:d6:1d:09:
         3f:8e:96:68:d0:6d:2e:19:9b:14:14:bf:4c:4b:af:13:46:a5:
         78:75:38:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNQpZpnfpWk3Htz5is7tK1NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjQxMTIxMjEzNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzAwZWY1NTFlZWY5Y2RkMzM5YzUzMjQ0NzZjOWRlYjY5MzUxOTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtIwqGwxkXjk8wNWeUEPaCD9EI5V
GAH6vk5h9PkzxxFrVyQ2WHhNUV5ZJ0+nJ7agwpC3A3CMPwKX+hkw7CUfsSeC7iJ6
JSxXLO7Yhq5B0fovHxV81eLa0bZfslps22JiqC7g67B59bKz5e7ifhZF+82IA/Nw
/ziIRZGpXA8O3fqGretUzRDgiXHsMqzIlDSJCvBsfbzAXCkuqr+XSaajF4OGTYZS
osYA1ashUNXfIH4oqRYUh8X0Sw8J9mOhNS97usqMFoiv8kV3LDCm5YwypYnnevrY
Sd2ujIHJSosEO3doW0WQwm0b8Q36zNYXWgJRhlD9kUvEo0z3n+C1HYkYeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMA71Ue75zdM5xTJEdsnetpNRkHMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvSXdEdlZSN3ZuTjB6bkZNa1IyeWQ2MmsxR1FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ1NWMA0G
CSqGSIb3DQEBCwUAA4IBAQADk2kQxUD9SEc2CPmkDuG2ITpL0aWTtnNAd3ipt64Q
hKD6RB3o+uampUp29dTpZrIZZPg/9Ym71VbsRMekgZeoUuS7zlyDNcBzcCJb4jBr
do5fPkj7Qhq8mRvxVpBfM0XH3BaXxTpDx5PiPa6t0jSeZELNfPT07b9BFdSNRCvf
JWuvxLpPuyKL77YNWU0JPpNhb7qCIjWmT0GEvvMgxhSGyVU5OWI0kgYlaMseEQ3B
YeN8rjrYIzyqh3D3NxH+STcn8klVAMaeLbFaO+Pt6Yc8c1aGw5ScSpGcb1DJNh++
QuihaH2O0j3WHQk/jpZo0G0uGZsUFL9MS68TRqV4dTgr
-----END CERTIFICATE-----