Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/ucEOUhU3l0s_qDGiUbvzb1dVB6Q.roa
File:                     ucEOUhU3l0s_qDGiUbvzb1dVB6Q.roa (raw, json)
Hash identifier:          wQMe6LXIoAZf+HvUdmkwIBlFs0SFQwnGhzpHY3/Fl6E=
Subject key identifier:   B9:C1:0E:52:15:37:97:4B:3F:A8:31:A2:51:BB:F3:6F:57:55:07:A4
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019344D107DF1E04168D03A5F03D4FD40A25
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/ucEOUhU3l0s_qDGiUbvzb1dVB6Q.roa
Signing time:             Tue 19 Nov 2024 14:26:09 +0000
ROA not before:           Tue 19 Nov 2024 14:26:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4648
IP address blocks:        103.198.28.0/22 maxlen: 24
                          170.62.184.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:44:d1:07:df:1e:04:16:8d:03:a5:f0:3d:4f:d4:0a:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Nov 19 14:26:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9c10e521537974b3fa831a251bbf36f575507a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ad:da:e5:78:63:87:43:8c:4b:7e:f9:20:1c:
                    3a:4b:51:93:df:c4:de:49:e8:8b:78:52:dc:00:0e:
                    b7:29:f5:60:0c:e4:e1:e4:a8:3a:08:6b:e9:1b:72:
                    cd:05:44:38:1b:c4:15:73:1b:56:2d:34:04:0f:dc:
                    e4:6a:37:7b:39:07:e7:6e:ea:4c:a8:34:63:44:4c:
                    65:55:4e:ec:b8:88:c4:71:c6:ef:51:74:86:a4:8d:
                    76:e7:a3:52:e8:be:19:c8:61:76:0a:dc:35:16:5e:
                    55:a5:b0:07:5f:a9:df:46:0d:f3:76:6d:5c:33:c7:
                    d3:ab:7d:09:b0:34:2d:1b:92:1c:ca:dd:9d:d8:a3:
                    63:0f:4c:3f:70:b4:22:6c:7b:15:a5:87:a3:db:de:
                    8e:21:6a:c0:09:64:b3:b0:d1:47:9d:23:ca:24:c7:
                    03:3f:54:03:71:c7:29:bb:ca:30:73:71:71:a3:94:
                    3e:9f:56:5f:1a:62:89:46:bd:53:70:a1:35:79:ce:
                    99:07:10:67:6f:86:5e:32:24:de:e9:3a:89:68:79:
                    2e:d3:53:12:6b:f8:2a:b6:5a:92:6e:66:b4:c1:c5:
                    98:c2:f3:a5:5a:a8:33:04:66:47:5b:fc:44:a2:52:
                    1f:3c:50:fa:a1:19:1a:35:81:96:14:e7:42:dd:f8:
                    80:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:C1:0E:52:15:37:97:4B:3F:A8:31:A2:51:BB:F3:6F:57:55:07:A4
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/ucEOUhU3l0s_qDGiUbvzb1dVB6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.198.28.0/22
                  170.62.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:1f:9e:da:82:3a:f7:5d:3a:61:94:85:44:ce:4c:d2:b8:34:
         7d:92:40:51:ab:0d:8f:6f:52:6e:bd:85:02:36:c2:3d:15:23:
         a0:fb:f5:fe:4a:02:ea:0a:f0:20:25:1c:cd:fd:e0:11:7b:b5:
         8c:07:ae:8f:ea:85:38:a0:a5:2a:28:f5:d6:e4:a7:cd:ac:92:
         34:01:e6:87:f2:b7:63:36:88:7d:de:45:e1:ed:3a:ea:1c:77:
         2f:17:ac:e2:2a:55:e2:48:58:a3:67:7a:1f:52:d7:4b:f0:ae:
         1a:41:5a:3b:46:2c:a2:66:9a:6a:ba:08:69:23:68:a2:1a:8f:
         d1:88:a4:e4:7b:86:04:f0:22:55:27:4c:80:97:88:a1:cb:1a:
         95:cc:80:0f:a5:10:1e:bc:f1:5a:a0:fc:c8:33:b3:af:87:98:
         4b:9e:e5:83:2d:e8:de:55:11:44:43:04:8a:01:14:63:67:98:
         c9:75:92:a4:b8:2b:5e:90:b8:06:ac:48:60:41:b5:94:a2:8c:
         f1:34:81:9a:9a:68:d9:01:87:bd:78:49:b5:b6:2c:d5:e8:b8:
         10:d9:8e:0b:65:2c:e4:1a:7b:51:03:61:45:38:84:13:e7:46:
         66:50:ce:40:8e:61:c2:91:0a:91:87:3c:13:99:30:e2:36:d7:
         80:2d:7c:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNE0QffHgQWjQOl8D1P1AolMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjQxMTE5MTQyNjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWMxMGU1MjE1Mzc5NzRiM2ZhODMxYTI1MWJiZjM2ZjU3NTUwN2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi63a5Xhjh0OMS375IBw6S1GT38Te
SeiLeFLcAA63KfVgDOTh5Kg6CGvpG3LNBUQ4G8QVcxtWLTQED9zkajd7OQfnbupM
qDRjRExlVU7suIjEccbvUXSGpI1256NS6L4ZyGF2Ctw1Fl5VpbAHX6nfRg3zdm1c
M8fTq30JsDQtG5Icyt2d2KNjD0w/cLQibHsVpYej296OIWrACWSzsNFHnSPKJMcD
P1QDcccpu8owc3Fxo5Q+n1ZfGmKJRr1TcKE1ec6ZBxBnb4ZeMiTe6TqJaHku01MS
a/gqtlqSbma0wcWYwvOlWqgzBGZHW/xEolIfPFD6oRkaNYGWFOdC3fiAQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLnBDlIVN5dLP6gxolG7829XVQekMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvdWNFT1VoVTNsMHNfcURHaVVidnpiMWRWQjZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCZ8YcAwQC
qj64MA0GCSqGSIb3DQEBCwUAA4IBAQBjH57agjr3XTphlIVEzkzSuDR9kkBRqw2P
b1JuvYUCNsI9FSOg+/X+SgLqCvAgJRzN/eARe7WMB66P6oU4oKUqKPXW5KfNrJI0
AeaH8rdjNoh93kXh7TrqHHcvF6ziKlXiSFijZ3ofUtdL8K4aQVo7RiyiZppqughp
I2iiGo/RiKTke4YE8CJVJ0yAl4ihyxqVzIAPpRAevPFaoPzIM7Ovh5hLnuWDLeje
VRFEQwSKARRjZ5jJdZKkuCtekLgGrEhgQbWUoozxNIGammjZAYe9eEm1tizV6LgQ
2Y4LZSzkGntRA2FFOIQT50ZmUM5AjmHCkQqRhzwTmTDiNteALXzC
-----END CERTIFICATE-----