Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/I0rkRlbXWFUrSq_ch993BZYppg0.roa
File:                     I0rkRlbXWFUrSq_ch993BZYppg0.roa (raw, json)
Hash identifier:          CpXCvCRU7yBIWuPBDou5BSODnJ5+l7tdatmblwb/XEA=
Subject key identifier:   23:4A:E4:46:56:D7:58:55:2B:4A:AF:DC:87:DF:77:05:96:29:A6:0D
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0192F85AEDF274254CEB4958AAA90E3399B9
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/I0rkRlbXWFUrSq_ch993BZYppg0.roa
Signing time:             Mon 04 Nov 2024 18:06:01 +0000
ROA not before:           Mon 04 Nov 2024 18:06:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     141844
IP address blocks:        103.245.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f8:5a:ed:f2:74:25:4c:eb:49:58:aa:a9:0e:33:99:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Nov  4 18:06:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=234ae44656d758552b4aafdc87df77059629a60d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6b:41:03:55:a7:d5:1b:2a:1d:ba:90:e3:32:
                    62:80:eb:70:fa:5c:b4:71:0e:f1:f0:54:5d:cc:a2:
                    5d:14:49:56:76:64:a7:0b:c5:7d:90:a3:25:ed:a7:
                    ed:a5:b1:0c:06:d1:c3:60:0d:9a:b1:72:c9:d9:13:
                    9b:9a:7f:ac:65:00:6c:2a:f9:2b:8b:b8:c8:fa:f9:
                    b7:9d:fc:a4:68:7c:4b:1f:bb:a2:39:1e:23:99:c9:
                    7a:43:ef:cc:6b:31:72:03:a9:37:92:e1:6f:a7:34:
                    ec:fd:06:91:43:ff:98:c1:d2:5f:fe:b5:28:08:18:
                    73:c3:a0:cb:d7:81:dc:a9:21:91:3a:64:f0:2e:15:
                    ca:fb:8c:a4:8e:ab:b4:1d:cc:b3:08:7a:40:f2:9c:
                    21:23:de:bf:df:40:98:15:13:52:22:b4:64:bb:17:
                    74:99:8b:99:c7:0b:3c:7f:5f:a9:5c:9d:d4:78:42:
                    76:34:e8:2b:27:6b:b0:ca:e2:1c:47:a4:20:f0:1b:
                    51:56:7d:57:81:5d:f6:cc:be:1a:12:94:2d:a1:9f:
                    1a:fc:73:cf:e5:3b:b9:a6:41:15:94:9c:8c:7f:00:
                    98:bf:a8:88:d7:50:56:0f:f8:75:f8:05:49:db:4c:
                    e3:3e:49:26:5d:5e:a5:f9:34:5e:d3:0e:76:d9:f7:
                    cb:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:4A:E4:46:56:D7:58:55:2B:4A:AF:DC:87:DF:77:05:96:29:A6:0D
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/I0rkRlbXWFUrSq_ch993BZYppg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.245.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:c9:8a:6a:7c:95:60:3f:3c:6e:8e:3c:75:4c:9e:e0:16:f4:
         9f:0f:95:c4:89:fb:5b:a9:91:6f:2d:f4:af:66:ee:54:64:83:
         a2:f0:5f:5d:56:f0:68:9b:c9:e3:be:21:54:75:6b:87:55:f5:
         78:f0:ae:9a:eb:80:a4:ef:79:1e:2a:65:3c:bf:ca:3c:3b:5f:
         0e:bf:e9:11:1d:7f:13:04:01:b7:2f:ab:d5:33:57:65:09:f2:
         49:0e:4d:6c:c9:19:79:94:76:ea:2e:29:4e:58:10:9c:79:bc:
         5b:bd:f1:a5:12:44:4c:1e:d4:ca:97:73:d7:db:b3:07:3c:df:
         9b:35:cf:1c:1c:83:26:17:50:7d:0e:02:30:d9:2e:94:e3:34:
         3a:20:e1:04:17:40:b7:d5:ed:09:eb:c4:b2:47:35:f7:ca:75:
         1f:cd:80:ef:9f:f3:35:ea:e4:92:73:d2:f0:0d:4f:32:e5:37:
         b0:89:4c:c0:7e:b3:e2:f8:35:76:fd:e6:4a:32:2f:e2:35:6a:
         c4:67:dd:05:73:8d:c8:82:6e:f7:7a:31:ae:5c:dd:cd:2e:40:
         80:cd:ec:63:4b:4d:02:89:af:da:90:82:1b:a7:a7:65:b3:95:
         91:de:4d:ca:4a:38:65:0e:48:d5:b8:e8:69:3f:49:66:bd:5f:
         a8:b0:ea:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL4Wu3ydCVM60lYqqkOM5m5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQxMTA0MTgwNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzRhZTQ0NjU2ZDc1ODU1MmI0YWFmZGM4N2RmNzcwNTk2MjlhNjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmtBA1Wn1RsqHbqQ4zJigOtw+ly0
cQ7x8FRdzKJdFElWdmSnC8V9kKMl7aftpbEMBtHDYA2asXLJ2RObmn+sZQBsKvkr
i7jI+vm3nfykaHxLH7uiOR4jmcl6Q+/MazFyA6k3kuFvpzTs/QaRQ/+YwdJf/rUo
CBhzw6DL14HcqSGROmTwLhXK+4ykjqu0HcyzCHpA8pwhI96/30CYFRNSIrRkuxd0
mYuZxws8f1+pXJ3UeEJ2NOgrJ2uwyuIcR6Qg8BtRVn1XgV32zL4aEpQtoZ8a/HPP
5Tu5pkEVlJyMfwCYv6iI11BWD/h1+AVJ20zjPkkmXV6l+TRe0w522ffLKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNK5EZW11hVK0qv3IffdwWWKaYNMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvSTBya1JsYlhXRlVyU3FfY2g5OTNCWllwcGcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ/XkMA0G
CSqGSIb3DQEBCwUAA4IBAQAuyYpqfJVgPzxujjx1TJ7gFvSfD5XEiftbqZFvLfSv
Zu5UZIOi8F9dVvBom8njviFUdWuHVfV48K6a64Ck73keKmU8v8o8O18Ov+kRHX8T
BAG3L6vVM1dlCfJJDk1syRl5lHbqLilOWBCcebxbvfGlEkRMHtTKl3PX27MHPN+b
Nc8cHIMmF1B9DgIw2S6U4zQ6IOEEF0C31e0J68SyRzX3ynUfzYDvn/M16uSSc9Lw
DU8y5TewiUzAfrPi+DV2/eZKMi/iNWrEZ90Fc43Igm73ejGuXN3NLkCAzexjS00C
ia/akIIbp6dls5WR3k3KSjhlDkjVuOhpP0lmvV+osOqA
-----END CERTIFICATE-----