Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/dilIZ_m0N0KpwP4nQhCx-qQboOo.roa
File:                     dilIZ_m0N0KpwP4nQhCx-qQboOo.roa (raw, json)
Hash identifier:          ue4P2X3Td8gQCVKtmnlfgVYfIncUdITv4atoQl1cj38=
Subject key identifier:   76:29:48:67:F9:B4:37:42:A9:C0:FE:27:42:10:B1:FA:A4:1B:A0:EA
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019108954015056EB670C304866CD34C72C0
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/dilIZ_m0N0KpwP4nQhCx-qQboOo.roa
Signing time:             Wed 31 Jul 2024 11:38:04 +0000
ROA not before:           Wed 31 Jul 2024 11:38:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     262287
IP address blocks:        103.125.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 21:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:08:95:40:15:05:6e:b6:70:c3:04:86:6c:d3:4c:72:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jul 31 11:38:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76294867f9b43742a9c0fe274210b1faa41ba0ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:90:bf:2c:b2:d4:31:49:48:9d:4b:0b:68:b6:
                    6f:2f:c6:dd:d6:c8:ce:1a:5e:62:98:67:33:56:0c:
                    bf:0b:37:f1:75:4c:68:e5:aa:3f:21:c8:7a:3e:b7:
                    2b:b7:ac:49:2a:45:5a:8b:a7:17:a1:1c:65:ad:95:
                    a7:75:60:2b:cd:06:e6:7c:9a:cc:e7:12:cf:7e:03:
                    cf:d0:da:35:c2:63:39:40:96:18:3b:a1:c5:65:bc:
                    d1:52:d6:b1:75:e1:72:a8:16:12:08:59:a5:4e:47:
                    a9:66:66:6d:b9:e1:28:72:29:ab:bd:e5:16:c7:16:
                    32:1c:a3:7f:45:2a:77:f1:5e:b4:97:48:a2:3d:cd:
                    24:e6:c5:03:fc:bc:8a:2e:8e:af:f9:47:84:b2:7e:
                    ef:75:49:cc:6d:91:eb:1d:1c:57:15:8c:88:41:cd:
                    84:3b:93:1a:ef:54:fe:4f:f4:27:66:1d:a3:58:83:
                    08:e6:a6:41:35:f8:f4:dc:64:1f:ce:4b:3a:b4:95:
                    e2:0a:f5:2e:11:a0:43:10:39:16:2c:e9:e8:ef:0f:
                    31:a6:6c:40:34:6c:55:80:8e:08:93:a4:81:e8:f0:
                    cb:94:46:18:12:c2:0c:eb:6a:64:80:37:dc:cb:c2:
                    7e:db:17:2a:17:22:7c:a9:56:6c:d1:ea:20:c0:d0:
                    99:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:29:48:67:F9:B4:37:42:A9:C0:FE:27:42:10:B1:FA:A4:1B:A0:EA
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/dilIZ_m0N0KpwP4nQhCx-qQboOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.125.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         df:40:f5:ce:48:3a:3f:3a:f1:cf:86:17:ac:4f:5a:b3:c2:42:
         14:3b:d0:0e:2f:a5:1b:a8:95:8e:c3:b0:97:b4:0e:e4:5e:70:
         c2:f2:19:ff:eb:7a:c2:82:41:fe:c1:57:51:4a:56:09:57:87:
         22:e5:86:03:e7:ad:01:2c:7c:df:f8:6f:43:ff:e8:cc:ca:0e:
         cf:b6:87:09:6f:64:c7:cb:df:be:d0:16:8c:31:78:f1:fa:70:
         7a:35:82:fc:e6:49:9c:80:ff:6a:ed:f8:66:e7:40:17:4c:4f:
         81:7b:e4:70:62:f4:05:b5:f3:ee:c1:d7:7a:ac:7a:03:94:cc:
         54:df:91:3a:e1:fe:52:ef:00:a0:27:16:99:18:4d:c8:7c:d4:
         5f:41:87:a1:8e:4a:43:c4:26:ad:ae:66:43:34:9e:09:d0:8b:
         c0:e2:57:92:b3:b3:08:f3:a9:56:c0:e1:66:ad:a4:ad:35:ba:
         25:f3:64:ca:47:0a:1c:29:08:ff:0f:f6:40:26:5c:5c:14:40:
         ba:9b:66:11:80:0b:4b:77:93:89:36:26:ab:bf:9d:05:9e:0f:
         e9:39:f8:56:f9:d0:b1:28:40:f5:3b:1f:70:81:b1:f8:05:f6:
         b7:a6:04:73:26:86:5d:a0:b0:72:bd:72:95:21:df:83:73:92:
         68:48:b6:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEIlUAVBW62cMMEhmzTTHLAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjQwNzMxMTEzODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjI5NDg2N2Y5YjQzNzQyYTljMGZlMjc0MjEwYjFmYWE0MWJhMGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5C/LLLUMUlInUsLaLZvL8bd1sjO
Gl5imGczVgy/CzfxdUxo5ao/Ich6Prcrt6xJKkVai6cXoRxlrZWndWArzQbmfJrM
5xLPfgPP0No1wmM5QJYYO6HFZbzRUtaxdeFyqBYSCFmlTkepZmZtueEocimrveUW
xxYyHKN/RSp38V60l0iiPc0k5sUD/LyKLo6v+UeEsn7vdUnMbZHrHRxXFYyIQc2E
O5Ma71T+T/QnZh2jWIMI5qZBNfj03GQfzks6tJXiCvUuEaBDEDkWLOno7w8xpmxA
NGxVgI4Ik6SB6PDLlEYYEsIM62pkgDfcy8J+2xcqFyJ8qVZs0eogwNCZMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHYpSGf5tDdCqcD+J0IQsfqkG6DqMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvZGlsSVpfbTBOMEtwd1A0blFoQ3gtcVFib09vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ31MMA0G
CSqGSIb3DQEBCwUAA4IBAQDfQPXOSDo/OvHPhhesT1qzwkIUO9AOL6UbqJWOw7CX
tA7kXnDC8hn/63rCgkH+wVdRSlYJV4ci5YYD560BLHzf+G9D/+jMyg7PtocJb2TH
y9++0BaMMXjx+nB6NYL85kmcgP9q7fhm50AXTE+Be+RwYvQFtfPuwdd6rHoDlMxU
35E64f5S7wCgJxaZGE3IfNRfQYehjkpDxCatrmZDNJ4J0IvA4leSs7MI86lWwOFm
raStNbol82TKRwocKQj/D/ZAJlxcFEC6m2YRgAtLd5OJNiarv50Fng/pOfhW+dCx
KED1Ox9wgbH4Bfa3pgRzJoZdoLByvXKVId+Dc5JoSLZ/
-----END CERTIFICATE-----