Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/_9B5OWRzC930yTVX3VrZeqgdDd4.roa
File:                     _9B5OWRzC930yTVX3VrZeqgdDd4.roa (raw, json)
Hash identifier:          yxnEtrKVnNIGcJopKdA6EyjFIygXLbuYt2+IFUSC4V4=
Subject key identifier:   FF:D0:79:39:64:73:0B:DD:F4:C9:35:57:DD:5A:D9:7A:A8:1D:0D:DE
Certificate issuer:       /CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Certificate serial:       018F7B7A548905111FFA2FA04390735FB188
Authority key identifier: 6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/_9B5OWRzC930yTVX3VrZeqgdDd4.roa
Signing time:             Wed 15 May 2024 08:59:25 +0000
ROA not before:           Wed 15 May 2024 08:59:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136787
IP address blocks:        103.53.82.0/24 maxlen: 24
                          103.53.83.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7b:7a:54:89:05:11:1f:fa:2f:a0:43:90:73:5f:b1:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
        Validity
            Not Before: May 15 08:59:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffd0793964730bddf4c93557dd5ad97aa81d0dde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:63:ea:dd:3a:b9:38:da:8f:9b:68:eb:06:4c:
                    40:c7:53:53:cd:a7:d5:d6:6e:a4:af:8c:a8:c7:ee:
                    5c:b4:00:0b:5e:36:2c:c7:6e:4d:2d:b2:e4:32:1d:
                    75:d1:73:87:43:4c:25:1a:7b:aa:c2:13:18:8d:46:
                    7f:67:61:2c:29:b6:a1:0f:62:91:09:26:f4:de:f6:
                    6f:6b:7d:66:8d:e1:df:fe:0d:e8:21:e7:8e:1f:48:
                    62:61:71:08:68:c0:a6:99:d1:6b:69:82:7c:73:39:
                    1d:08:aa:5c:4a:b1:41:37:f8:eb:94:4b:b2:8d:08:
                    22:15:7b:6a:01:6e:16:60:70:cd:dc:c5:f2:00:71:
                    81:f8:48:9b:b5:13:ba:79:df:f3:a6:4f:62:c1:d5:
                    ce:ac:47:28:97:25:60:67:f0:7a:40:a4:3d:64:1d:
                    cc:23:75:40:33:10:44:e2:f0:46:be:bb:1a:66:40:
                    8f:8f:65:6d:40:1d:c1:da:3c:40:e8:03:77:1e:2f:
                    12:98:7f:59:3e:42:99:19:f3:5d:fb:d4:dc:f6:31:
                    51:46:99:81:5d:67:59:c4:52:e0:ce:97:11:c1:5e:
                    42:72:f2:01:14:e5:eb:79:9c:09:09:47:7e:85:6f:
                    54:07:1a:28:81:fe:96:34:e4:81:ea:02:83:30:6a:
                    d4:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:D0:79:39:64:73:0B:DD:F4:C9:35:57:DD:5A:D9:7A:A8:1D:0D:DE
            X509v3 Authority Key Identifier:
                keyid:6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/_9B5OWRzC930yTVX3VrZeqgdDd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.53.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:61:06:e8:85:88:e4:8e:b8:25:f0:6d:08:32:12:1c:9e:33:
         3c:49:bd:41:5e:1b:26:c5:87:37:d6:52:8c:06:ec:a3:e0:eb:
         5e:21:ff:f5:36:38:6d:ef:9a:36:24:a9:d1:0f:59:d5:91:da:
         74:e8:6d:c2:78:bf:90:b0:33:10:ff:1a:13:2d:58:29:5a:b6:
         84:b0:3f:f4:39:3d:67:2c:d5:ba:6c:41:27:ed:dd:76:bd:0e:
         3a:84:23:9d:8b:57:59:7e:80:a6:fd:1a:20:c3:21:4e:97:d4:
         50:cc:30:a2:bf:61:d1:c2:ac:13:da:d7:39:20:a1:6e:92:38:
         0a:30:36:5e:8f:ff:0e:7f:2d:c9:14:9f:40:44:cb:4f:ed:af:
         ad:a8:a9:0d:7a:ab:ce:b6:0c:0d:f8:b4:af:f9:97:35:84:82:
         70:4e:4d:2f:c1:51:a2:56:d2:43:04:20:0b:af:b0:36:ab:89:
         38:04:7e:b6:d2:ab:3d:96:d1:5e:6e:3b:42:54:72:d4:14:5f:
         ed:6c:3b:9b:32:16:9f:b3:a5:12:f8:7d:cf:32:6a:c2:4e:85:
         89:5a:be:66:bb:c0:2b:57:1b:0a:c6:89:d7:7d:7d:0b:f4:c7:
         fa:ef:80:d8:15:6c:d8:ad:59:7b:59:f8:99:26:fd:cc:22:e5:
         a1:b5:58:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY97elSJBREf+i+gQ5BzX7GIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDNhMmNhZjI5ODAxOWZiZDY2ODYyMTUxNmM4YzZlMWQx
MGU4M2MwHhcNMjQwNTE1MDg1OTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmQwNzkzOTY0NzMwYmRkZjRjOTM1NTdkZDVhZDk3YWE4MWQwZGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmPq3Tq5ONqPm2jrBkxAx1NTzafV
1m6kr4yox+5ctAALXjYsx25NLbLkMh110XOHQ0wlGnuqwhMYjUZ/Z2EsKbahD2KR
CSb03vZva31mjeHf/g3oIeeOH0hiYXEIaMCmmdFraYJ8czkdCKpcSrFBN/jrlEuy
jQgiFXtqAW4WYHDN3MXyAHGB+EibtRO6ed/zpk9iwdXOrEcolyVgZ/B6QKQ9ZB3M
I3VAMxBE4vBGvrsaZkCPj2VtQB3B2jxA6AN3Hi8SmH9ZPkKZGfNd+9Tc9jFRRpmB
XWdZxFLgzpcRwV5CcvIBFOXreZwJCUd+hW9UBxoogf6WNOSB6gKDMGrUnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/QeTlkcwvd9Mk1V91a2XqoHQ3eMB8GA1UdIwQY
MBaAFGwDosrymAGfvWaGIVFsjG4dEOg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDkt
ZmMzN2ZiMGNkNDNiLzEvXzlCNU9XUnpDOTMweVRWWDNWclplcWdkRGQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDktZmMzN2ZiMGNkNDNi
LzEvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZzVSMA0G
CSqGSIb3DQEBCwUAA4IBAQBGYQbohYjkjrgl8G0IMhIcnjM8Sb1BXhsmxYc31lKM
Buyj4OteIf/1Njht75o2JKnRD1nVkdp06G3CeL+QsDMQ/xoTLVgpWraEsD/0OT1n
LNW6bEEn7d12vQ46hCOdi1dZfoCm/RogwyFOl9RQzDCiv2HRwqwT2tc5IKFukjgK
MDZej/8Ofy3JFJ9ARMtP7a+tqKkNeqvOtgwN+LSv+Zc1hIJwTk0vwVGiVtJDBCAL
r7A2q4k4BH620qs9ltFebjtCVHLUFF/tbDubMhafs6US+H3PMmrCToWJWr5mu8Ar
VxsKxonXfX0L9Mf674DYFWzYrVl7WfiZJv3MIuWhtVhy
-----END CERTIFICATE-----