Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/4GFLNoudKsxo0lKJ1-DlrH13jnQ.roa
File:                     4GFLNoudKsxo0lKJ1-DlrH13jnQ.roa (raw, json)
Hash identifier:          HUsEZcDE4OcjX3j8qjU3YIB7IUQvhWtNObC5QxLBOjI=
Subject key identifier:   E0:61:4B:36:8B:9D:2A:CC:68:D2:52:89:D7:E0:E5:AC:7D:77:8E:74
Certificate issuer:       /CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Certificate serial:       01942067E4D77E2BF1912CF3AA43131731E7
Authority key identifier: 6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/4GFLNoudKsxo0lKJ1-DlrH13jnQ.roa
Signing time:             Wed 01 Jan 2025 05:47:47 +0000
ROA not before:           Wed 01 Jan 2025 05:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51765
IP address blocks:        103.101.88.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e4:d7:7e:2b:f1:91:2c:f3:aa:43:13:17:31:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
        Validity
            Not Before: Jan  1 05:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0614b368b9d2acc68d25289d7e0e5ac7d778e74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:78:8b:6d:a3:40:b8:21:c2:60:22:5e:36:53:
                    20:bc:90:12:f8:73:17:f0:3f:c4:2e:9a:c1:ae:11:
                    a5:82:1d:e0:ff:2a:36:01:0a:e6:7f:3d:1f:ff:30:
                    50:b9:03:3f:4b:99:25:a0:1a:79:34:f1:87:95:8b:
                    c4:30:ae:2c:5b:ba:a5:06:c7:05:08:ff:57:ea:9c:
                    54:ef:5f:ed:f9:02:5d:0d:7c:4d:77:03:09:21:15:
                    d4:e8:3e:e9:84:60:8c:3c:b0:ce:b5:ca:b5:57:14:
                    7e:93:c7:ff:ed:c0:86:41:77:7b:d0:9b:4c:bb:3f:
                    fa:52:3b:b3:da:c5:54:62:91:51:2c:f4:9f:75:5e:
                    61:be:54:b6:45:85:ba:b3:17:e7:fe:7e:ca:0d:2a:
                    3e:d5:f7:b6:7c:6f:9c:42:bd:11:4c:24:3d:a9:bb:
                    7b:c6:22:bf:2a:c5:f9:b1:90:10:37:8d:5f:ad:d0:
                    4d:01:36:83:25:93:55:f5:38:d1:00:43:70:47:b2:
                    5c:75:43:c2:69:49:fe:e1:32:33:fe:84:34:a4:af:
                    64:93:9b:5a:0c:66:b0:3c:b4:41:40:52:28:7c:83:
                    9e:27:a9:c2:0c:61:b9:51:dd:35:ee:82:6b:56:17:
                    cc:86:10:12:29:f1:86:0e:d3:e7:f5:ba:72:6f:18:
                    6a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:61:4B:36:8B:9D:2A:CC:68:D2:52:89:D7:E0:E5:AC:7D:77:8E:74
            X509v3 Authority Key Identifier:
                keyid:6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/4GFLNoudKsxo0lKJ1-DlrH13jnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.101.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c8:f2:a5:34:a8:bd:d1:ec:67:b1:0d:fa:81:d8:bc:04:fe:c6:
         e5:1e:87:23:b1:be:8a:49:7f:43:20:6f:04:45:c6:a4:f6:06:
         15:c3:7b:f2:91:31:de:b2:bb:33:cd:09:06:30:30:ff:58:df:
         32:63:0e:20:c4:ba:15:7a:4a:3c:26:df:19:14:c0:03:7c:75:
         61:20:c6:49:2e:ec:5f:c4:e3:6f:31:ae:0f:f2:eb:2c:14:2e:
         d0:18:ee:e0:33:34:97:9c:2c:24:33:7a:01:ee:c3:65:80:33:
         ae:af:39:cd:10:c4:3f:35:33:90:37:b6:a2:94:4f:93:f2:50:
         13:30:f4:ee:0c:91:9a:94:66:6a:06:69:99:0e:91:9d:5f:bd:
         86:d2:25:21:4c:96:a2:ad:67:2a:7f:ca:f9:e5:c6:e4:f6:97:
         55:f4:61:de:d8:97:9d:b2:14:9d:e3:29:06:d5:df:66:8d:16:
         e9:1b:70:b0:11:64:16:79:f5:f4:65:98:b8:15:ef:7e:7b:94:
         b6:17:f8:16:10:48:e8:d9:33:e3:84:95:a9:bc:32:fa:5e:bb:
         9f:6d:e4:22:01:c7:fd:3c:9d:18:8e:06:2d:18:20:77:33:d2:
         b6:5c:0c:a1:34:c8:f4:31:f4:a0:7b:7f:17:1e:4e:ef:d0:1e:
         c7:f5:4c:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ+TXfivxkSzzqkMTFzHnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDNhMmNhZjI5ODAxOWZiZDY2ODYyMTUxNmM4YzZlMWQx
MGU4M2MwHhcNMjUwMTAxMDU0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDYxNGIzNjhiOWQyYWNjNjhkMjUyODlkN2UwZTVhYzdkNzc4ZTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHiLbaNAuCHCYCJeNlMgvJAS+HMX
8D/ELprBrhGlgh3g/yo2AQrmfz0f/zBQuQM/S5kloBp5NPGHlYvEMK4sW7qlBscF
CP9X6pxU71/t+QJdDXxNdwMJIRXU6D7phGCMPLDOtcq1VxR+k8f/7cCGQXd70JtM
uz/6Ujuz2sVUYpFRLPSfdV5hvlS2RYW6sxfn/n7KDSo+1fe2fG+cQr0RTCQ9qbt7
xiK/KsX5sZAQN41frdBNATaDJZNV9TjRAENwR7JcdUPCaUn+4TIz/oQ0pK9kk5ta
DGawPLRBQFIofIOeJ6nCDGG5Ud017oJrVhfMhhASKfGGDtPn9bpybxhqiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOBhSzaLnSrMaNJSidfg5ax9d450MB8GA1UdIwQY
MBaAFGwDosrymAGfvWaGIVFsjG4dEOg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDkt
ZmMzN2ZiMGNkNDNiLzEvNEdGTE5vdWRLc3hvMGxLSjEtRGxySDEzam5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDktZmMzN2ZiMGNkNDNi
LzEvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCZ2VYMA0G
CSqGSIb3DQEBCwUAA4IBAQDI8qU0qL3R7GexDfqB2LwE/sblHocjsb6KSX9DIG8E
Rcak9gYVw3vykTHesrszzQkGMDD/WN8yYw4gxLoVeko8Jt8ZFMADfHVhIMZJLuxf
xONvMa4P8ussFC7QGO7gMzSXnCwkM3oB7sNlgDOurznNEMQ/NTOQN7ailE+T8lAT
MPTuDJGalGZqBmmZDpGdX72G0iUhTJairWcqf8r55cbk9pdV9GHe2JedshSd4ykG
1d9mjRbpG3CwEWQWefX0ZZi4Fe9+e5S2F/gWEEjo2TPjhJWpvDL6XrufbeQiAcf9
PJ0YjgYtGCB3M9K2XAyhNMj0MfSge38XHk7v0B7H9Uyp
-----END CERTIFICATE-----