Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oeQhXFM3YRcRlDkk3NBN-FfyTFs.roa
File:                     oeQhXFM3YRcRlDkk3NBN-FfyTFs.roa (raw, json)
Hash identifier:          TqrrM4TOht5TFWdSNhBfNn2l4anaAPEgNygo+4cvNvw=
Subject key identifier:   A1:E4:21:5C:53:37:61:17:11:94:39:24:DC:D0:4D:F8:57:F2:4C:5B
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018F1459025D52F58365A5C4A0B602081BFE
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oeQhXFM3YRcRlDkk3NBN-FfyTFs.roa
Signing time:             Thu 25 Apr 2024 08:22:08 +0000
ROA not before:           Thu 25 Apr 2024 08:22:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        103.25.86.0/23 maxlen: 24
                          202.133.90.0/23 maxlen: 24
                          213.173.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:14:59:02:5d:52:f5:83:65:a5:c4:a0:b6:02:08:1b:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Apr 25 08:22:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1e4215c5337611711943924dcd04df857f24c5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:03:a4:39:3e:01:15:96:fc:50:bb:54:d2:4f:
                    32:65:ac:13:e5:36:5f:cb:a0:e0:e1:09:86:0d:98:
                    0a:7b:4b:04:45:c9:40:a2:f0:50:09:06:58:f5:46:
                    91:f5:bd:0f:e5:f0:06:13:69:e1:b1:70:38:3c:83:
                    91:71:6d:0c:63:65:d7:07:5b:b2:16:de:91:d1:9b:
                    10:f7:c4:c8:5e:20:c5:10:2b:bc:c8:a9:8f:e2:ad:
                    9e:7d:2f:a0:c1:80:0f:fa:0c:fa:12:06:ad:df:3f:
                    97:97:07:6f:e9:00:44:27:19:4c:66:fd:a7:d5:6b:
                    eb:9a:69:eb:bc:3a:9d:95:67:d8:47:72:5c:71:13:
                    50:0f:1f:7f:9f:03:ce:75:74:fa:a7:96:37:b9:46:
                    78:c0:2a:fc:ae:6f:ce:01:d7:77:d7:65:ca:6b:c2:
                    b3:bd:8a:29:65:9a:7f:cc:03:43:73:40:c5:54:95:
                    74:9b:99:76:a2:07:83:3f:40:51:9e:dd:ea:b5:91:
                    06:ca:2b:31:a0:22:ab:75:31:89:bb:79:19:52:2e:
                    d3:31:cf:3d:22:9a:d8:99:24:c1:f8:e3:1b:c9:6d:
                    00:a0:9a:72:d8:a4:9c:e5:88:7e:bf:b1:33:1a:78:
                    ae:19:91:7e:f0:53:6d:38:2c:58:f5:1b:e0:a4:13:
                    a5:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:E4:21:5C:53:37:61:17:11:94:39:24:DC:D0:4D:F8:57:F2:4C:5B
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oeQhXFM3YRcRlDkk3NBN-FfyTFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.25.86.0/23
                  202.133.90.0/23
                  213.173.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:98:9a:d8:cb:be:a4:9e:6d:c1:0c:01:1b:d9:ed:8c:1e:ca:
         12:85:56:8d:d3:cf:6a:70:95:0c:23:12:21:5c:b5:d4:0b:9a:
         38:81:0e:07:94:1b:4e:bc:ea:30:a8:ca:40:f0:e4:c8:9f:28:
         77:a1:cf:36:53:20:3f:48:d4:32:5e:cd:c9:8d:0d:bf:2b:74:
         28:71:27:a1:e0:6d:66:5b:c4:62:e7:28:09:5c:68:4c:c7:69:
         6f:00:99:91:38:62:8c:88:20:c2:22:50:41:b8:22:61:8b:85:
         5c:a3:2c:53:98:42:d4:bb:b0:58:81:0e:b0:24:08:85:90:72:
         69:50:d1:23:13:aa:7a:4a:73:b3:40:cf:7a:d9:f4:16:b9:7a:
         93:37:75:2c:ee:d6:ac:c3:19:1e:91:61:5a:62:3f:d6:ee:02:
         26:3b:f4:9b:12:63:1f:f3:83:ff:26:b9:75:d8:90:d3:17:0c:
         1a:d5:df:7a:fc:40:df:aa:08:f3:1c:f8:99:73:1e:5e:51:1b:
         80:de:11:9e:74:fc:85:80:bc:15:1b:57:63:34:ed:70:f4:53:
         6c:fa:cf:46:16:a1:df:a6:7a:f6:d7:17:57:4c:4f:ed:b4:48:
         f7:ab:d0:84:b0:57:3e:59:65:1a:e8:fb:c3:eb:e2:ae:52:8d:
         87:51:5c:8f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8UWQJdUvWDZaXEoLYCCBv+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwNDI1MDgyMjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWU0MjE1YzUzMzc2MTE3MTE5NDM5MjRkY2QwNGRmODU3ZjI0YzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwOkOT4BFZb8ULtU0k8yZawT5TZf
y6Dg4QmGDZgKe0sERclAovBQCQZY9UaR9b0P5fAGE2nhsXA4PIORcW0MY2XXB1uy
Ft6R0ZsQ98TIXiDFECu8yKmP4q2efS+gwYAP+gz6Egat3z+Xlwdv6QBEJxlMZv2n
1WvrmmnrvDqdlWfYR3JccRNQDx9/nwPOdXT6p5Y3uUZ4wCr8rm/OAdd312XKa8Kz
vYopZZp/zANDc0DFVJV0m5l2ogeDP0BRnt3qtZEGyisxoCKrdTGJu3kZUi7TMc89
IprYmSTB+OMbyW0AoJpy2KSc5Yh+v7EzGniuGZF+8FNtOCxY9RvgpBOlEQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKHkIVxTN2EXEZQ5JNzQTfhX8kxbMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvb2VRaFhGTTNZUmNSbERrazNOQk4tRmZ5VEZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBZxlWAwQB
yoVaAwQA1a0jMA0GCSqGSIb3DQEBCwUAA4IBAQCJmJrYy76knm3BDAEb2e2MHsoS
hVaN089qcJUMIxIhXLXUC5o4gQ4HlBtOvOowqMpA8OTInyh3oc82UyA/SNQyXs3J
jQ2/K3QocSeh4G1mW8Ri5ygJXGhMx2lvAJmROGKMiCDCIlBBuCJhi4VcoyxTmELU
u7BYgQ6wJAiFkHJpUNEjE6p6SnOzQM962fQWuXqTN3Us7taswxkekWFaYj/W7gIm
O/SbEmMf84P/Jrl12JDTFwwa1d96/EDfqgjzHPiZcx5eURuA3hGedPyFgLwVG1dj
NO1w9FNs+s9GFqHfpnr21xdXTE/ttEj3q9CEsFc+WWUa6PvD6+KuUo2HUVyP
-----END CERTIFICATE-----