Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/w2DVhL8tP8K3afc656085mMdIIs.roa
File:                     w2DVhL8tP8K3afc656085mMdIIs.roa (raw, json)
Hash identifier:          6bSnfxCatLX8zZTXDxmQmpM/8IDclNGIY1+NxsTXNG4=
Subject key identifier:   C3:60:D5:84:BF:2D:3F:C2:B7:69:F7:3A:E7:AD:3C:E6:63:1D:20:8B
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019463E56415B8CFD9FA9CABB26342573AFD
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/w2DVhL8tP8K3afc656085mMdIIs.roa
Signing time:             Tue 14 Jan 2025 08:19:25 +0000
ROA not before:           Tue 14 Jan 2025 08:19:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214128
IP address blocks:        103.245.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:63:e5:64:15:b8:cf:d9:fa:9c:ab:b2:63:42:57:3a:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan 14 08:19:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c360d584bf2d3fc2b769f73ae7ad3ce6631d208b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:51:9c:16:95:cb:ca:e2:ee:8e:a0:4d:94:24:
                    1a:ab:72:75:cf:da:4a:d0:0d:eb:7a:c9:7c:b7:97:
                    ac:c7:ef:31:7d:de:b6:f3:75:26:18:66:1d:55:32:
                    16:41:6b:69:7c:c4:3b:a0:6d:3d:84:d1:a3:bf:b5:
                    f2:d1:0b:50:13:07:b7:52:e9:f0:63:16:62:81:45:
                    8b:c6:67:9a:a3:57:c5:e4:62:e1:c5:32:5a:f0:91:
                    24:c8:ec:b4:40:ff:ab:b4:c8:a6:2a:1c:ed:3f:74:
                    1b:0a:dd:70:76:5a:2b:04:c8:23:51:2f:f2:dc:f9:
                    cd:4a:9d:f2:6f:ba:12:98:1c:f6:76:8d:ed:5f:8e:
                    b8:03:b2:55:19:1b:0d:a6:42:4b:cb:be:fe:2f:13:
                    9e:b2:d9:89:7a:cf:55:59:ff:1e:5c:5f:77:ef:e9:
                    54:e2:88:5e:a7:98:f8:93:2e:d6:3d:43:60:35:3e:
                    1a:ff:06:5d:ce:ca:0c:7b:c8:ab:3e:fc:3e:00:3a:
                    1a:fe:ab:03:94:85:33:a2:fd:47:ed:e0:98:7b:6e:
                    c0:21:d3:96:9d:6f:5e:ed:42:46:8b:b3:84:7c:e8:
                    51:4b:9f:86:82:16:05:c2:8b:56:2d:c1:51:b0:e0:
                    30:73:7a:c3:ea:58:4c:3f:bc:8b:b2:5e:e8:f2:40:
                    ce:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:60:D5:84:BF:2D:3F:C2:B7:69:F7:3A:E7:AD:3C:E6:63:1D:20:8B
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/w2DVhL8tP8K3afc656085mMdIIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.245.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:68:4c:ac:64:42:c0:91:b2:31:f0:cb:75:15:b2:38:be:74:
         da:0c:0b:01:0b:d8:39:06:1d:95:54:14:03:18:20:04:7f:6b:
         5d:41:d3:15:e1:16:f4:e3:da:ef:26:4f:de:d0:b8:66:53:70:
         c4:a8:95:09:cc:fd:b2:3e:25:ee:68:56:29:ab:a7:ae:b1:61:
         f9:93:51:db:0d:1d:ff:94:95:e6:9f:0f:83:a9:f5:ee:1c:6d:
         7e:39:69:91:af:15:af:cf:c6:30:65:37:ff:1a:51:1f:26:0a:
         7b:c6:94:ac:88:90:1b:0d:87:db:44:2e:f2:ae:c5:cc:3e:47:
         41:eb:14:0d:d1:6c:49:7d:3b:75:9f:7c:3c:de:c0:37:57:35:
         e6:6b:4c:a6:d0:a0:43:63:a0:fb:d3:f1:cf:69:41:1d:97:a4:
         ee:1e:cc:52:7e:df:8b:a7:f6:3a:b4:dd:e6:b9:1c:e6:72:c1:
         27:c9:31:e9:b9:dc:e3:7c:d9:21:93:6e:bb:5e:62:36:94:5b:
         06:7f:20:10:e9:88:b9:f2:71:e0:9e:b3:a2:14:e6:50:79:4c:
         79:e4:c9:52:b8:6f:96:eb:de:a9:02:86:ae:dd:e1:23:18:88:
         ca:a9:81:0b:d5:45:85:9f:2c:a9:74:a2:2a:d2:f3:0a:b2:46:
         75:23:08:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRj5WQVuM/Z+pyrsmNCVzr9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTE0MDgxOTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzYwZDU4NGJmMmQzZmMyYjc2OWY3M2FlN2FkM2NlNjYzMWQyMDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlGcFpXLyuLujqBNlCQaq3J1z9pK
0A3resl8t5esx+8xfd6283UmGGYdVTIWQWtpfMQ7oG09hNGjv7Xy0QtQEwe3Uunw
YxZigUWLxmeao1fF5GLhxTJa8JEkyOy0QP+rtMimKhztP3QbCt1wdlorBMgjUS/y
3PnNSp3yb7oSmBz2do3tX464A7JVGRsNpkJLy77+LxOestmJes9VWf8eXF937+lU
4ohep5j4ky7WPUNgNT4a/wZdzsoMe8irPvw+ADoa/qsDlIUzov1H7eCYe27AIdOW
nW9e7UJGi7OEfOhRS5+GghYFwotWLcFRsOAwc3rD6lhMP7yLsl7o8kDOdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMNg1YS/LT/Ct2n3OuetPOZjHSCLMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvdzJEVmhMOHRQOEszYWZjNjU2MDg1bU1kSUlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ/XmMA0G
CSqGSIb3DQEBCwUAA4IBAQAjaEysZELAkbIx8Mt1FbI4vnTaDAsBC9g5Bh2VVBQD
GCAEf2tdQdMV4Rb049rvJk/e0LhmU3DEqJUJzP2yPiXuaFYpq6eusWH5k1HbDR3/
lJXmnw+DqfXuHG1+OWmRrxWvz8YwZTf/GlEfJgp7xpSsiJAbDYfbRC7yrsXMPkdB
6xQN0WxJfTt1n3w83sA3VzXma0ym0KBDY6D70/HPaUEdl6TuHsxSft+Lp/Y6tN3m
uRzmcsEnyTHpudzjfNkhk267XmI2lFsGfyAQ6Yi58nHgnrOiFOZQeUx55MlSuG+W
696pAoau3eEjGIjKqYEL1UWFnyypdKIq0vMKskZ1Iwgy
-----END CERTIFICATE-----