Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/oo7kH23l6zlkR-n3uX25MBoiAJs.roa
File:                     oo7kH23l6zlkR-n3uX25MBoiAJs.roa (raw, json)
Hash identifier:          SIp8JfUrBozoezFoCRSy5iHfv0RtCDLBVoZy4gM0Pk4=
Subject key identifier:   A2:8E:E4:1F:6D:E5:EB:39:64:47:E9:F7:B9:7D:B9:30:1A:22:00:9B
Certificate issuer:       /CN=af734108705a95796e8577125dd300c751dfd9a8
Certificate serial:       01926B42CB57FC81C8E5C8970D8C9FF12599
Authority key identifier: AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/oo7kH23l6zlkR-n3uX25MBoiAJs.roa
Signing time:             Tue 08 Oct 2024 08:33:12 +0000
ROA not before:           Tue 08 Oct 2024 08:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206388
IP address blocks:        103.215.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6b:42:cb:57:fc:81:c8:e5:c8:97:0d:8c:9f:f1:25:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af734108705a95796e8577125dd300c751dfd9a8
        Validity
            Not Before: Oct  8 08:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a28ee41f6de5eb396447e9f7b97db9301a22009b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7d:23:0c:0d:c8:b7:b1:21:4b:49:bf:3b:f2:
                    1f:09:49:9c:be:70:71:4d:26:57:d5:b4:f0:68:5e:
                    34:4b:1f:fe:af:de:77:39:78:35:25:b9:ec:a7:10:
                    95:46:ad:f5:b7:99:80:86:8f:87:7d:39:6d:26:4e:
                    11:00:c7:a0:18:e9:9f:97:89:00:33:a0:d9:af:5f:
                    0c:00:94:bb:08:e7:de:71:fd:d7:61:28:4b:0d:aa:
                    2d:bb:62:71:10:c8:74:34:dd:2d:4c:04:f5:bc:5b:
                    c1:a9:94:d8:8f:0d:f4:96:ae:78:16:a0:30:a2:51:
                    17:ad:8d:8b:a0:de:d8:61:fd:0b:ce:cf:92:4c:08:
                    87:18:c7:d3:d5:05:8c:c9:bb:16:fd:81:20:1f:65:
                    4d:d4:50:02:1c:65:97:fd:66:f6:3e:fb:69:c4:2c:
                    07:e3:ae:f3:53:e2:93:65:d5:c9:37:5e:84:df:f1:
                    d5:b4:dd:9d:4f:e2:8a:7f:08:b4:ee:e4:d9:a3:10:
                    77:4c:98:d8:f0:4e:b0:26:96:72:11:41:b9:6e:ff:
                    c0:97:74:1f:f1:fb:fb:4a:38:ef:dc:3f:1e:d5:c5:
                    a9:52:01:13:b6:f7:4c:df:35:75:63:3c:ca:13:4d:
                    bb:6d:73:14:41:b5:b5:b2:7e:1f:d6:90:cb:80:d1:
                    30:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:8E:E4:1F:6D:E5:EB:39:64:47:E9:F7:B9:7D:B9:30:1A:22:00:9B
            X509v3 Authority Key Identifier:
                keyid:AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/oo7kH23l6zlkR-n3uX25MBoiAJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.215.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:fe:c7:89:b9:64:2f:b2:77:49:af:92:1f:53:99:81:ed:c2:
         63:32:76:a2:ac:37:d5:3f:6e:66:c1:11:e6:8a:5d:5a:b5:a3:
         37:1a:29:0f:ce:ca:db:02:6f:3f:16:f2:21:de:7f:54:96:3a:
         d5:59:fd:da:0b:05:4e:44:cd:8f:a9:5f:74:10:03:00:a0:5c:
         10:0c:92:55:dd:59:78:e2:64:d4:6c:52:96:fb:71:67:89:b9:
         7f:e9:e8:5f:13:71:7c:7b:9a:ed:69:4b:7e:64:6a:ab:0e:68:
         85:8b:e3:29:10:a6:08:b4:8c:57:fd:f6:7a:e5:12:18:c5:c7:
         3d:85:62:0e:ee:d1:53:3a:0b:a4:53:08:5b:d7:0a:ac:fb:81:
         27:3e:bf:52:2f:19:36:c3:4c:08:97:91:b1:c2:c2:81:94:3b:
         a9:3e:88:1a:db:72:74:d6:27:1c:f5:60:2f:83:7f:9c:c3:be:
         4d:0d:f1:22:7b:0d:52:49:93:f0:84:d6:0b:02:bb:b0:ea:53:
         56:ea:1a:4b:1b:3e:a3:a6:b9:35:2c:01:0e:16:be:4d:86:48:
         95:e9:9b:b1:8e:62:9b:90:15:45:54:ba:a4:5c:3b:d2:36:46:
         b3:74:b6:c2:4a:e2:a9:c6:51:10:55:39:0a:24:8a:79:10:84:
         a0:4b:19:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJrQstX/IHI5ciXDYyf8SWZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzM0MTA4NzA1YTk1Nzk2ZTg1NzcxMjVkZDMwMGM3NTFk
ZmQ5YTgwHhcNMjQxMDA4MDgzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjhlZTQxZjZkZTVlYjM5NjQ0N2U5ZjdiOTdkYjkzMDFhMjIwMDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwH0jDA3It7EhS0m/O/IfCUmcvnBx
TSZX1bTwaF40Sx/+r953OXg1JbnspxCVRq31t5mAho+HfTltJk4RAMegGOmfl4kA
M6DZr18MAJS7COfecf3XYShLDaotu2JxEMh0NN0tTAT1vFvBqZTYjw30lq54FqAw
olEXrY2LoN7YYf0Lzs+STAiHGMfT1QWMybsW/YEgH2VN1FACHGWX/Wb2PvtpxCwH
467zU+KTZdXJN16E3/HVtN2dT+KKfwi07uTZoxB3TJjY8E6wJpZyEUG5bv/Al3Qf
8fv7Sjjv3D8e1cWpUgETtvdM3zV1YzzKE027bXMUQbW1sn4f1pDLgNEwGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKO5B9t5es5ZEfp97l9uTAaIgCbMB8GA1UdIwQY
MBaAFK9zQQhwWpV5boV3El3TAMdR39moMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUt
MThkMWE0MDZhYWVkLzEvb283a0gyM2w2emxrUi1uM3VYMjVNQm9pQUpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUtMThkMWE0MDZhYWVk
LzEvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ9fdMA0G
CSqGSIb3DQEBCwUAA4IBAQB8/seJuWQvsndJr5IfU5mB7cJjMnairDfVP25mwRHm
il1ataM3GikPzsrbAm8/FvIh3n9UljrVWf3aCwVORM2PqV90EAMAoFwQDJJV3Vl4
4mTUbFKW+3Fnibl/6ehfE3F8e5rtaUt+ZGqrDmiFi+MpEKYItIxX/fZ65RIYxcc9
hWIO7tFTOgukUwhb1wqs+4EnPr9SLxk2w0wIl5GxwsKBlDupPoga23J01icc9WAv
g3+cw75NDfEiew1SSZPwhNYLAruw6lNW6hpLGz6jprk1LAEOFr5NhkiV6ZuxjmKb
kBVFVLqkXDvSNkazdLbCSuKpxlEQVTkKJIp5EISgSxmc
-----END CERTIFICATE-----