Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/Mk1XugJgVyitbuZlK_8tGnsTy7I.roa
File:                     Mk1XugJgVyitbuZlK_8tGnsTy7I.roa (raw, json)
Hash identifier:          M+Y9DB3gh1thqrUp20ISWwMydzivKab4XmqvSHiN/w8=
Subject key identifier:   32:4D:57:BA:02:60:57:28:AD:6E:E6:65:2B:FF:2D:1A:7B:13:CB:B2
Certificate issuer:       /CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Certificate serial:       018CC6B8F18E5620E382EDA366B641ED3919
Authority key identifier: 6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/Mk1XugJgVyitbuZlK_8tGnsTy7I.roa
Signing time:             Mon 01 Jan 2024 20:30:58 +0000
ROA not before:           Mon 01 Jan 2024 20:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202914
IP address blocks:        103.37.180.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f1:8e:56:20:e3:82:ed:a3:66:b6:41:ed:39:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
        Validity
            Not Before: Jan  1 20:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=324d57ba02605728ad6ee6652bff2d1a7b13cbb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:87:17:44:95:35:70:d2:26:e6:f2:17:d0:dd:
                    d0:0e:0a:bd:d1:55:07:46:62:d4:d7:8e:e5:71:1b:
                    aa:b6:b3:ca:5f:63:0b:18:1f:6f:85:24:a9:74:53:
                    b8:14:fb:c2:77:57:3b:d3:cb:30:8f:f0:33:22:71:
                    5b:0c:6e:c8:24:d9:de:66:74:6f:1f:24:45:14:7b:
                    07:ff:9b:38:84:c7:02:3b:d5:67:47:64:b8:2c:94:
                    bd:f5:79:e7:0f:33:87:34:44:e9:46:23:5f:d8:f2:
                    b1:a9:d9:28:02:ee:fb:1e:0e:7d:c8:31:51:96:26:
                    ef:74:f6:ee:cf:83:f6:e0:51:89:cc:74:9a:d2:40:
                    f7:e3:e7:2c:a5:34:ee:66:a8:23:21:23:a6:69:40:
                    72:ac:39:84:2a:20:5a:06:92:5e:68:76:9b:05:cb:
                    ae:cf:e8:e8:8b:ee:93:9e:14:3d:a5:da:21:4c:7a:
                    97:95:14:6d:73:a5:8e:e5:d0:75:6c:58:0c:09:03:
                    bf:9f:73:b5:46:d5:e4:bb:c5:51:0f:20:d0:86:e9:
                    0b:4c:11:29:d9:54:44:14:46:95:aa:ef:f4:77:f3:
                    62:1a:40:3e:34:23:c0:f2:5b:9e:2c:c8:97:00:cd:
                    a1:16:0a:4a:86:52:40:87:3e:4d:f8:ca:d8:a8:50:
                    67:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:4D:57:BA:02:60:57:28:AD:6E:E6:65:2B:FF:2D:1A:7B:13:CB:B2
            X509v3 Authority Key Identifier:
                keyid:6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/Mk1XugJgVyitbuZlK_8tGnsTy7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.37.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:43:8a:07:af:63:aa:32:00:39:04:ab:15:f0:21:a6:b2:b2:
         a7:f3:e9:cd:14:5b:ea:8a:b9:00:2c:6f:53:bd:fe:e9:7f:a5:
         0e:08:18:34:d5:40:f9:50:1c:bc:f2:b7:d6:b9:43:49:94:23:
         ef:27:da:11:8d:8f:55:98:fe:27:e4:69:81:c9:5b:e7:40:b8:
         2f:fa:b5:3f:12:99:78:af:10:69:f7:3b:f2:84:a8:e9:de:16:
         03:31:fd:93:00:26:19:84:5b:a4:83:44:72:54:b4:38:4a:02:
         25:9a:03:da:66:5b:c7:14:71:6a:66:ef:27:62:5a:29:90:17:
         72:dc:69:d9:be:5a:96:0a:12:ca:1d:ae:79:aa:cb:68:0a:68:
         cd:93:d7:bd:af:47:f7:c6:49:c9:0d:f3:07:3c:dc:a0:36:1f:
         42:6a:de:5e:72:93:b0:0d:75:b9:b7:70:ca:ed:2a:9a:5e:39:
         b5:dc:d7:8d:40:2b:e1:5c:88:a9:5e:d7:57:77:de:01:3a:70:
         a5:5e:eb:3b:f6:f6:47:d0:05:ee:1d:2e:a0:0b:96:53:ad:ce:
         f7:e3:9b:7c:03:1e:aa:7a:b7:5a:31:6b:82:6d:13:eb:e0:09:
         04:36:36:c4:8e:09:0f:00:f6:f5:e2:6a:44:3d:72:10:4f:35:
         0c:83:5e:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuPGOViDjgu2jZrZB7TkZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDNhMmNhZjI5ODAxOWZiZDY2ODYyMTUxNmM4YzZlMWQx
MGU4M2MwHhcNMjQwMTAxMjAzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjRkNTdiYTAyNjA1NzI4YWQ2ZWU2NjUyYmZmMmQxYTdiMTNjYmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4cXRJU1cNIm5vIX0N3QDgq90VUH
RmLU147lcRuqtrPKX2MLGB9vhSSpdFO4FPvCd1c708swj/AzInFbDG7IJNneZnRv
HyRFFHsH/5s4hMcCO9VnR2S4LJS99XnnDzOHNETpRiNf2PKxqdkoAu77Hg59yDFR
libvdPbuz4P24FGJzHSa0kD34+cspTTuZqgjISOmaUByrDmEKiBaBpJeaHabBcuu
z+joi+6TnhQ9pdohTHqXlRRtc6WO5dB1bFgMCQO/n3O1RtXku8VRDyDQhukLTBEp
2VREFEaVqu/0d/NiGkA+NCPA8lueLMiXAM2hFgpKhlJAhz5N+MrYqFBnvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJNV7oCYFcorW7mZSv/LRp7E8uyMB8GA1UdIwQY
MBaAFGwDosrymAGfvWaGIVFsjG4dEOg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDkt
ZmMzN2ZiMGNkNDNiLzEvTWsxWHVnSmdWeWl0YnVabEtfOHRHbnNUeTdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDktZmMzN2ZiMGNkNDNi
LzEvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCZyW0MA0G
CSqGSIb3DQEBCwUAA4IBAQBfQ4oHr2OqMgA5BKsV8CGmsrKn8+nNFFvqirkALG9T
vf7pf6UOCBg01UD5UBy88rfWuUNJlCPvJ9oRjY9VmP4n5GmByVvnQLgv+rU/Epl4
rxBp9zvyhKjp3hYDMf2TACYZhFukg0RyVLQ4SgIlmgPaZlvHFHFqZu8nYlopkBdy
3GnZvlqWChLKHa55qstoCmjNk9e9r0f3xknJDfMHPNygNh9Cat5ecpOwDXW5t3DK
7SqaXjm13NeNQCvhXIipXtdXd94BOnClXus79vZH0AXuHS6gC5ZTrc7345t8Ax6q
erdaMWuCbRPr4AkENjbEjgkPAPb14mpEPXIQTzUMg16Q
-----END CERTIFICATE-----