Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/TsM4UlYYpO9tPXPDEFOFCOGHwsw.roa
File:                     TsM4UlYYpO9tPXPDEFOFCOGHwsw.roa (raw, json)
Hash identifier:          PSPljH2zJLVAv1mw8DtZFam+/xxsNrzrquVduGNrbpU=
Subject key identifier:   4E:C3:38:52:56:18:A4:EF:6D:3D:73:C3:10:53:85:08:E1:87:C2:CC
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       0194AC2755DDBD274F1EA1C040A4C9E3AE3F
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/TsM4UlYYpO9tPXPDEFOFCOGHwsw.roa
Signing time:             Tue 28 Jan 2025 09:04:06 +0000
ROA not before:           Tue 28 Jan 2025 09:04:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202656
IP address blocks:        103.147.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:27:55:dd:bd:27:4f:1e:a1:c0:40:a4:c9:e3:ae:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Jan 28 09:04:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ec338525618a4ef6d3d73c310538508e187c2cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d6:cf:30:69:e7:d6:c5:0d:0b:79:11:9b:c1:
                    f6:06:cc:65:25:ea:ab:26:f6:a5:39:db:85:04:c9:
                    ec:a0:ce:0e:19:7c:ce:71:d9:3d:9b:ea:57:aa:20:
                    aa:fe:62:b0:99:bf:bb:13:2a:a9:d5:ff:1b:4e:21:
                    ff:76:b2:10:58:84:c8:ea:bc:87:86:55:66:ca:d6:
                    22:6e:dc:9a:7b:4e:73:77:eb:a7:90:ae:c7:6e:56:
                    ec:3b:0b:f9:39:2b:bc:4f:83:c5:d3:3c:19:63:6f:
                    1b:70:80:9d:a3:df:b4:5f:af:11:31:ff:27:d4:0c:
                    1d:d6:37:32:fa:27:57:94:93:a2:13:4e:dc:b9:65:
                    3f:a3:4e:b4:7d:b4:b2:74:6c:24:a2:9f:c4:06:2a:
                    23:4f:ca:65:50:22:c8:89:82:b1:bc:f1:2a:9a:f1:
                    58:94:fb:4c:9b:6a:a6:f6:60:e2:ba:27:b7:d8:c4:
                    21:8b:95:ad:5c:5e:a7:cb:ec:9e:94:fa:83:6b:d6:
                    19:61:3f:95:31:5a:8e:e8:7d:07:88:4d:11:3b:d1:
                    cc:10:76:57:f8:6e:e8:45:9f:b8:5f:cc:1a:43:2a:
                    34:a1:2b:74:c5:af:1e:5d:6f:03:54:fe:b4:5a:93:
                    3f:45:32:68:25:5a:04:0a:fd:94:39:a8:db:34:14:
                    a0:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:C3:38:52:56:18:A4:EF:6D:3D:73:C3:10:53:85:08:E1:87:C2:CC
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/TsM4UlYYpO9tPXPDEFOFCOGHwsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.147.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:0c:6c:6b:4e:a4:8f:f9:51:9a:08:ce:7e:56:e2:3f:2d:6b:
         ae:b5:26:a7:40:a6:7c:53:8b:ed:0b:cd:17:b6:ab:50:ac:78:
         e5:af:34:e4:16:09:64:38:f7:f0:cc:62:fa:03:ba:91:f7:01:
         c1:2b:7c:78:ea:8a:aa:8f:be:f2:30:0b:8d:57:2e:25:5e:d2:
         f5:84:61:dc:0e:ac:78:c7:d5:83:df:ba:f5:98:8b:ed:05:83:
         bd:65:21:fc:ef:99:05:f2:9a:6e:5e:fc:13:09:e2:20:08:ca:
         9f:d1:eb:7c:1a:bc:b8:c3:66:44:a0:dc:27:80:7b:54:a0:dd:
         53:55:e4:47:8f:e4:26:26:e6:05:88:9d:e1:4e:0c:ae:a5:e1:
         13:40:75:7e:ef:30:7e:09:96:33:3d:56:c7:3a:ae:87:ec:eb:
         3f:51:ea:04:85:5b:b8:d6:a2:61:d4:0c:23:43:f8:bd:92:a2:
         0b:19:92:ba:f6:f9:e8:bb:37:40:19:8e:74:7e:18:ce:b1:c2:
         a6:dc:6a:4a:2a:be:1f:e8:33:c4:d0:56:4f:20:a6:9a:25:d3:
         1d:51:97:71:96:1c:46:2c:90:2e:6f:4b:35:57:3d:ca:06:5a:
         ce:b8:41:88:40:7e:2e:86:3d:5c:20:ee:8f:e1:79:31:74:1b:
         00:cc:27:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSsJ1XdvSdPHqHAQKTJ464/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwMTI4MDkwNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWMzMzg1MjU2MThhNGVmNmQzZDczYzMxMDUzODUwOGUxODdjMmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytbPMGnn1sUNC3kRm8H2BsxlJeqr
JvalOduFBMnsoM4OGXzOcdk9m+pXqiCq/mKwmb+7Eyqp1f8bTiH/drIQWITI6ryH
hlVmytYibtyae05zd+unkK7HblbsOwv5OSu8T4PF0zwZY28bcICdo9+0X68RMf8n
1Awd1jcy+idXlJOiE07cuWU/o060fbSydGwkop/EBiojT8plUCLIiYKxvPEqmvFY
lPtMm2qm9mDiuie32MQhi5WtXF6ny+yelPqDa9YZYT+VMVqO6H0HiE0RO9HMEHZX
+G7oRZ+4X8waQyo0oSt0xa8eXW8DVP60WpM/RTJoJVoECv2UOajbNBSgNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7DOFJWGKTvbT1zwxBThQjhh8LMMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvVHNNNFVsWVlwTzl0UFhQREVGT0ZDT0dId3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ5OqMA0G
CSqGSIb3DQEBCwUAA4IBAQCdDGxrTqSP+VGaCM5+VuI/LWuutSanQKZ8U4vtC80X
tqtQrHjlrzTkFglkOPfwzGL6A7qR9wHBK3x46oqqj77yMAuNVy4lXtL1hGHcDqx4
x9WD37r1mIvtBYO9ZSH875kF8ppuXvwTCeIgCMqf0et8Gry4w2ZEoNwngHtUoN1T
VeRHj+QmJuYFiJ3hTgyupeETQHV+7zB+CZYzPVbHOq6H7Os/UeoEhVu41qJh1Awj
Q/i9kqILGZK69vnouzdAGY50fhjOscKm3GpKKr4f6DPE0FZPIKaaJdMdUZdxlhxG
LJAub0s1Vz3KBlrOuEGIQH4uhj1cIO6P4XkxdBsAzCco
-----END CERTIFICATE-----