Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/dNm1rES2Zl08JygLPN3BuGwOCUM.roa
File:                     dNm1rES2Zl08JygLPN3BuGwOCUM.roa (raw, json)
Hash identifier:          7raxOyAsZMXqdmIt6IsBRfrs2D9ul1H2Zd2ogF8bwNk=
Subject key identifier:   74:D9:B5:AC:44:B6:66:5D:3C:27:28:0B:3C:DD:C1:B8:6C:0E:09:43
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       0194AC292A1EEBE18A0B8B0A3121FF41919A
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/dNm1rES2Zl08JygLPN3BuGwOCUM.roa
Signing time:             Tue 28 Jan 2025 09:06:06 +0000
ROA not before:           Tue 28 Jan 2025 09:06:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63930
IP address blocks:        103.146.96.0/24 maxlen: 24
                          103.147.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:29:2a:1e:eb:e1:8a:0b:8b:0a:31:21:ff:41:91:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Jan 28 09:06:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74d9b5ac44b6665d3c27280b3cddc1b86c0e0943
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e5:e0:2a:ef:d8:18:c4:92:52:3f:cc:2d:ac:
                    6b:aa:8b:e6:cb:5a:ee:4e:3c:10:8e:a7:71:e8:08:
                    d3:54:c3:dd:36:31:b9:cb:18:6d:3b:16:81:03:b9:
                    82:68:30:d3:e5:21:4b:66:3d:f9:33:8e:d8:d8:2f:
                    78:65:72:40:21:ab:14:4f:36:3b:1d:a1:e7:f1:8d:
                    2e:28:f8:61:dc:f3:45:c3:4f:71:a6:1a:4c:cf:3c:
                    4c:bc:83:ac:b8:e1:7c:80:c4:7e:f6:5d:c2:e6:0e:
                    ac:ba:7b:7a:c8:1a:af:51:75:cc:5b:04:a9:33:58:
                    0a:7a:80:40:f6:43:08:7e:f1:14:f8:4f:d9:0e:31:
                    38:48:f5:e4:ce:17:11:1c:e3:35:38:b5:29:63:f2:
                    3a:5e:ca:15:0f:4e:a2:1a:f0:d6:07:4e:cb:61:f8:
                    52:d6:58:9f:04:05:c2:de:88:9b:01:a5:54:2c:da:
                    72:91:0a:0f:40:71:3e:17:a5:72:b0:45:ad:7b:09:
                    76:24:46:27:14:c2:95:a4:d6:38:43:df:e1:dc:84:
                    72:40:1d:65:92:28:62:f0:16:80:42:9c:33:fc:e6:
                    9c:d3:81:2c:9c:7d:28:c0:c2:50:04:03:af:42:e6:
                    91:f7:29:08:6e:04:24:91:51:4d:f9:df:44:46:a0:
                    e8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:D9:B5:AC:44:B6:66:5D:3C:27:28:0B:3C:DD:C1:B8:6C:0E:09:43
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/dNm1rES2Zl08JygLPN3BuGwOCUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.146.96.0/24
                  103.147.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:03:8e:ad:4d:80:18:fe:05:eb:3c:eb:df:a6:c0:fe:0b:95:
         94:c0:15:97:58:7a:f4:72:d4:ae:b2:ec:31:b3:fc:e5:86:0c:
         b3:31:bc:e1:6b:3e:ee:52:0f:c2:18:56:5e:44:12:df:70:20:
         02:c7:11:78:e8:e3:4d:e4:5b:00:17:83:f7:de:c1:cc:41:b2:
         43:72:a6:e3:ee:1f:16:6c:f6:13:5e:69:9a:30:ae:6c:05:9c:
         7c:55:5e:25:3b:ea:ce:67:e5:9d:7a:f7:10:5e:06:13:2c:4b:
         36:2d:28:ab:3e:fd:7c:9d:b3:07:23:cc:b6:bd:7b:00:55:c2:
         b5:aa:55:2a:79:cb:aa:89:fa:0a:f1:16:2d:ce:ce:8c:fa:7a:
         eb:10:51:3e:ec:91:dd:e6:d7:16:01:63:6f:87:b7:3b:62:ee:
         8a:f2:91:12:fd:fe:c0:90:28:46:4a:a8:1c:ff:6f:e9:a1:0b:
         38:d0:ba:e4:29:4c:80:c4:57:a4:ca:79:ea:a2:ed:c4:1d:3d:
         fb:b0:82:63:18:30:93:7e:b6:7f:00:a6:55:16:9d:37:85:e9:
         48:cb:6d:69:10:60:f9:75:75:18:11:9a:de:83:f4:7c:48:68:
         e3:d3:7d:fa:f4:96:46:ff:2b:ed:75:04:45:ed:c4:94:35:88:
         9a:3e:6f:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSsKSoe6+GKC4sKMSH/QZGaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwMTI4MDkwNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGQ5YjVhYzQ0YjY2NjVkM2MyNzI4MGIzY2RkYzFiODZjMGUwOTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOXgKu/YGMSSUj/MLaxrqovmy1ru
TjwQjqdx6AjTVMPdNjG5yxhtOxaBA7mCaDDT5SFLZj35M47Y2C94ZXJAIasUTzY7
HaHn8Y0uKPhh3PNFw09xphpMzzxMvIOsuOF8gMR+9l3C5g6sunt6yBqvUXXMWwSp
M1gKeoBA9kMIfvEU+E/ZDjE4SPXkzhcRHOM1OLUpY/I6XsoVD06iGvDWB07LYfhS
1lifBAXC3oibAaVULNpykQoPQHE+F6VysEWtewl2JEYnFMKVpNY4Q9/h3IRyQB1l
kihi8BaAQpwz/Oac04EsnH0owMJQBAOvQuaR9ykIbgQkkVFN+d9ERqDoqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHTZtaxEtmZdPCcoCzzdwbhsDglDMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvZE5tMXJFUzJabDA4SnlnTFBOM0J1R3dPQ1VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ5JgAwQA
Z5OrMA0GCSqGSIb3DQEBCwUAA4IBAQAqA46tTYAY/gXrPOvfpsD+C5WUwBWXWHr0
ctSusuwxs/zlhgyzMbzhaz7uUg/CGFZeRBLfcCACxxF46ONN5FsAF4P33sHMQbJD
cqbj7h8WbPYTXmmaMK5sBZx8VV4lO+rOZ+WdevcQXgYTLEs2LSirPv18nbMHI8y2
vXsAVcK1qlUqecuqifoK8RYtzs6M+nrrEFE+7JHd5tcWAWNvh7c7Yu6K8pES/f7A
kChGSqgc/2/poQs40LrkKUyAxFekynnqou3EHT37sIJjGDCTfrZ/AKZVFp03helI
y21pEGD5dXUYEZreg/R8SGjj03369JZG/yvtdQRF7cSUNYiaPm/B
-----END CERTIFICATE-----