Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/xjKQLL0gW1GJ1csPN8gaNEPdv9s.roa
File:                     xjKQLL0gW1GJ1csPN8gaNEPdv9s.roa (raw, json)
Hash identifier:          p9FQENMfd097AMINXZuM8uvFIGwOMU23WgEg1Z14fp0=
Subject key identifier:   C6:32:90:2C:BD:20:5B:51:89:D5:CB:0F:37:C8:1A:34:43:DD:BF:DB
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019425FC7D6A5C3AFA8514B5236026DE817C
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/xjKQLL0gW1GJ1csPN8gaNEPdv9s.roa
Signing time:             Thu 02 Jan 2025 07:48:11 +0000
ROA not before:           Thu 02 Jan 2025 07:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     149457
IP address blocks:        103.25.84.0/24 maxlen: 24
                          146.19.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:7d:6a:5c:3a:fa:85:14:b5:23:60:26:de:81:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 07:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c632902cbd205b5189d5cb0f37c81a3443ddbfdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:fd:f9:61:94:40:dd:04:dc:ba:cc:2f:54:51:
                    71:ba:f1:ff:5f:35:c7:51:98:7e:1e:36:df:63:c4:
                    76:12:03:dc:ca:ac:aa:97:66:d9:09:fa:0c:73:8f:
                    97:af:cc:ec:af:af:ac:74:3e:27:c7:50:1a:50:69:
                    fc:f0:92:ca:f8:91:61:d4:f7:4f:61:c6:4d:2b:04:
                    50:b7:56:02:55:d3:12:76:7b:f9:21:b8:d8:a8:2c:
                    23:26:01:91:93:ba:da:36:df:43:2c:3e:91:c7:fb:
                    16:c0:6e:3b:c0:a2:26:12:d9:93:b5:6c:27:bd:bf:
                    09:2e:3c:e4:6d:9b:50:d9:fe:d9:e6:e3:f6:1c:6c:
                    e5:b2:aa:39:3d:10:a8:5e:71:56:c7:11:01:c1:d0:
                    1a:61:f6:99:70:53:95:3e:5d:5a:49:2d:15:cb:bc:
                    be:f1:19:5b:0d:9f:d3:03:ab:e1:bd:6b:e8:3a:33:
                    b3:5d:2f:f1:7d:f4:54:10:1d:3c:21:32:2e:7b:c8:
                    cb:f1:70:d5:dd:87:e0:a6:6a:10:04:ca:4d:fd:d2:
                    f4:5e:d1:71:09:fb:d8:1d:84:14:70:1c:cd:cf:48:
                    3b:e5:ba:35:f8:32:8f:95:aa:c7:89:4f:b3:0f:4f:
                    21:45:50:1b:bf:fe:6b:a0:bd:86:f2:6c:b1:81:19:
                    8d:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:32:90:2C:BD:20:5B:51:89:D5:CB:0F:37:C8:1A:34:43:DD:BF:DB
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/xjKQLL0gW1GJ1csPN8gaNEPdv9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.25.84.0/24
                  146.19.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:08:2e:fb:bc:ce:6a:72:b5:da:88:17:49:18:24:6c:e5:11:
         0f:fa:65:3e:2b:75:ab:51:d5:53:34:ad:2d:c4:d4:dd:6e:90:
         77:39:7b:a3:76:7e:e3:3d:0e:bd:ad:47:00:f9:ee:07:9f:56:
         53:55:22:4d:41:ac:85:61:4f:aa:3b:59:b1:99:1a:62:c5:40:
         34:59:c4:fe:20:7a:00:32:9e:e3:78:ca:0a:29:2d:38:22:df:
         92:eb:51:1b:d3:6b:59:99:28:a6:36:bb:06:61:e1:29:85:c3:
         06:eb:30:67:e1:76:62:6d:54:60:c5:e3:80:bf:8c:8c:42:03:
         10:d3:ff:2b:d8:98:db:00:75:4e:fa:93:37:cf:5b:fd:2c:f3:
         3f:17:fc:58:84:ca:89:f6:d3:a0:0f:21:6d:46:00:b6:55:27:
         b2:01:c0:92:d9:96:2f:4c:21:75:76:81:a5:b2:7c:a7:4a:df:
         fe:f7:de:bf:17:8c:33:9f:32:68:07:02:5c:7a:3e:43:0b:f9:
         e3:b1:27:ed:7b:ab:b1:81:3c:04:ba:95:ec:c5:d2:83:32:e8:
         b0:9e:26:bc:37:22:d7:d6:12:b1:68:83:b9:22:dc:87:b0:9e:
         0a:cc:c6:30:b1:66:4d:f9:68:b0:e5:b6:56:84:98:2e:c7:44:
         16:4c:02:05
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/H1qXDr6hRS1I2Am3oF8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwMTAyMDc0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjMyOTAyY2JkMjA1YjUxODlkNWNiMGYzN2M4MWEzNDQzZGRiZmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuv35YZRA3QTcuswvVFFxuvH/XzXH
UZh+HjbfY8R2EgPcyqyql2bZCfoMc4+Xr8zsr6+sdD4nx1AaUGn88JLK+JFh1PdP
YcZNKwRQt1YCVdMSdnv5IbjYqCwjJgGRk7raNt9DLD6Rx/sWwG47wKImEtmTtWwn
vb8JLjzkbZtQ2f7Z5uP2HGzlsqo5PRCoXnFWxxEBwdAaYfaZcFOVPl1aSS0Vy7y+
8RlbDZ/TA6vhvWvoOjOzXS/xffRUEB08ITIue8jL8XDV3YfgpmoQBMpN/dL0XtFx
CfvYHYQUcBzNz0g75bo1+DKPlarHiU+zD08hRVAbv/5roL2G8myxgRmN3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMYykCy9IFtRidXLDzfIGjRD3b/bMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEveGpLUUxMMGdXMUdKMWNzUE44Z2FORVBkdjlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZxlUAwQA
khOHMA0GCSqGSIb3DQEBCwUAA4IBAQAPCC77vM5qcrXaiBdJGCRs5REP+mU+K3Wr
UdVTNK0txNTdbpB3OXujdn7jPQ69rUcA+e4Hn1ZTVSJNQayFYU+qO1mxmRpixUA0
WcT+IHoAMp7jeMoKKS04It+S61Eb02tZmSimNrsGYeEphcMG6zBn4XZibVRgxeOA
v4yMQgMQ0/8r2JjbAHVO+pM3z1v9LPM/F/xYhMqJ9tOgDyFtRgC2VSeyAcCS2ZYv
TCF1doGlsnynSt/+996/F4wznzJoBwJcej5DC/njsSfte6uxgTwEupXsxdKDMuiw
nia8NyLX1hKxaIO5ItyHsJ4KzMYwsWZN+Wiw5bZWhJgux0QWTAIF
-----END CERTIFICATE-----