Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/480f4a-a937-4149-aee8-e32924ac7b63/1/IjLvzEagMTndDWuAQNBBVbTR3IY.roa
File:                     IjLvzEagMTndDWuAQNBBVbTR3IY.roa (raw, json)
Hash identifier:          XCVVG4W23sKnQEUfk6MjWQVJqvGdA/uvghgcTwqSkl4=
Subject key identifier:   22:32:EF:CC:46:A0:31:39:DD:0D:6B:80:40:D0:41:55:B4:D1:DC:86
Certificate issuer:       /CN=b78678bd654ca6b10a5c773bc269754dc234cfd5
Certificate serial:       01929E67D2658FC05F4A9576F9A707EEFEF9
Authority key identifier: B7:86:78:BD:65:4C:A6:B1:0A:5C:77:3B:C2:69:75:4D:C2:34:CF:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t4Z4vWVMprEKXHc7wml1TcI0z9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/480f4a-a937-4149-aee8-e32924ac7b63/1/IjLvzEagMTndDWuAQNBBVbTR3IY.roa
Signing time:             Fri 18 Oct 2024 06:54:17 +0000
ROA not before:           Fri 18 Oct 2024 06:54:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214113
IP address blocks:        103.115.182.0/23 maxlen: 23
                          192.140.228.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/480f4a-a937-4149-aee8-e32924ac7b63/1/t4Z4vWVMprEKXHc7wml1TcI0z9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/480f4a-a937-4149-aee8-e32924ac7b63/1/t4Z4vWVMprEKXHc7wml1TcI0z9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t4Z4vWVMprEKXHc7wml1TcI0z9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9e:67:d2:65:8f:c0:5f:4a:95:76:f9:a7:07:ee:fe:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b78678bd654ca6b10a5c773bc269754dc234cfd5
        Validity
            Not Before: Oct 18 06:54:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2232efcc46a03139dd0d6b8040d04155b4d1dc86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:72:82:0d:22:f6:bd:1e:f9:1b:83:91:e2:7d:
                    0a:b1:d2:8c:0f:34:a1:d7:dd:cb:2d:c4:ee:18:d2:
                    76:31:19:1a:5b:17:f8:0d:c4:3d:34:57:4e:e8:ae:
                    77:22:0f:d9:d6:90:df:4d:e6:00:b5:c3:fa:56:1f:
                    0a:84:a5:83:56:fd:72:b3:b5:80:3d:24:d2:20:99:
                    6d:78:98:62:3b:9d:2e:4c:e5:18:10:97:e7:32:25:
                    e7:74:32:a2:84:d8:23:35:17:ae:17:99:7c:58:c2:
                    82:b1:f5:fc:85:d8:6a:ee:cf:3d:88:21:2a:08:89:
                    2b:ff:bf:56:c2:01:62:39:76:b1:97:65:46:d7:f7:
                    68:b4:d9:62:e8:53:30:c1:b6:17:95:e6:b2:00:2c:
                    1c:0b:f4:72:27:ef:b7:28:c6:76:bf:6e:e9:eb:de:
                    8c:a0:eb:15:22:6d:85:88:90:37:2a:93:e9:28:43:
                    18:cb:62:08:99:8e:30:30:b5:1d:35:8e:1e:4a:21:
                    59:b1:fa:db:0c:70:83:84:c9:4a:5f:f5:fb:d8:31:
                    7c:3f:1d:4e:f6:a9:f7:4d:d9:02:16:68:a1:e0:3e:
                    11:67:94:1e:96:e0:dc:ed:43:dc:9a:0f:f9:f5:81:
                    3d:15:9d:9e:ac:f8:a2:6b:2c:cb:6a:7f:34:30:e3:
                    6d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:32:EF:CC:46:A0:31:39:DD:0D:6B:80:40:D0:41:55:B4:D1:DC:86
            X509v3 Authority Key Identifier:
                keyid:B7:86:78:BD:65:4C:A6:B1:0A:5C:77:3B:C2:69:75:4D:C2:34:CF:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t4Z4vWVMprEKXHc7wml1TcI0z9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/480f4a-a937-4149-aee8-e32924ac7b63/1/IjLvzEagMTndDWuAQNBBVbTR3IY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/480f4a-a937-4149-aee8-e32924ac7b63/1/t4Z4vWVMprEKXHc7wml1TcI0z9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.115.182.0/23
                  192.140.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:f7:73:f5:6e:b8:3b:a6:33:b7:48:90:12:96:40:18:1a:93:
         cc:a0:4f:a4:20:d1:0f:1f:a8:15:f3:0f:a8:65:37:2d:2e:d3:
         20:11:39:44:fe:7b:cd:04:e6:64:52:08:fb:05:54:83:d2:6a:
         1c:6f:f1:fc:b9:dc:fa:e1:6c:3a:39:11:f6:71:8e:66:35:97:
         cd:ae:04:e0:bd:bf:18:9d:c8:b4:4d:09:5d:dc:99:27:e2:34:
         e7:f0:f8:c4:42:e6:17:55:1e:60:dc:b8:61:fb:f5:19:39:38:
         1e:c7:9d:b7:c3:97:5d:bb:2d:f0:92:30:f6:1a:db:4a:d2:12:
         dc:e8:4e:9a:cd:8e:87:92:ab:10:1e:8b:5e:d5:6f:b2:82:cc:
         9b:ea:2a:33:5c:cd:17:30:2b:46:5c:53:81:ef:b2:67:35:5b:
         d2:a3:f7:4a:ca:13:6f:f2:7e:3e:94:b4:63:f7:56:0c:9b:7f:
         df:42:07:24:c0:ce:49:64:7c:f7:74:e4:50:58:8a:ca:95:c7:
         d1:20:4e:d3:64:82:70:44:a2:83:11:27:b5:04:85:8a:66:f0:
         bb:f4:7e:f2:1e:64:59:2c:b9:c4:b7:df:fd:d3:37:4e:04:79:
         01:50:74:a0:5c:03:f9:7b:c3:8f:7e:19:87:46:99:f1:e5:d5:
         73:0c:8e:39
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZKeZ9Jlj8BfSpV2+acH7v75MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3ODY3OGJkNjU0Y2E2YjEwYTVjNzczYmMyNjk3NTRkYzIz
NGNmZDUwHhcNMjQxMDE4MDY1NDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjMyZWZjYzQ2YTAzMTM5ZGQwZDZiODA0MGQwNDE1NWI0ZDFkYzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1HKCDSL2vR75G4OR4n0KsdKMDzSh
193LLcTuGNJ2MRkaWxf4DcQ9NFdO6K53Ig/Z1pDfTeYAtcP6Vh8KhKWDVv1ys7WA
PSTSIJlteJhiO50uTOUYEJfnMiXndDKihNgjNReuF5l8WMKCsfX8hdhq7s89iCEq
CIkr/79WwgFiOXaxl2VG1/dotNli6FMwwbYXleayACwcC/RyJ++3KMZ2v27p696M
oOsVIm2FiJA3KpPpKEMYy2IImY4wMLUdNY4eSiFZsfrbDHCDhMlKX/X72DF8Px1O
9qn3TdkCFmih4D4RZ5QeluDc7UPcmg/59YE9FZ2erPiiayzLan80MONtAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCIy78xGoDE53Q1rgEDQQVW00dyGMB8GA1UdIwQY
MBaAFLeGeL1lTKaxClx3O8JpdU3CNM/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDRaNHZXVk1wckVLWEhjN3dtbDFUY0kwejlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS80ODBmNGEtYTkzNy00MTQ5LWFlZTgt
ZTMyOTI0YWM3YjYzLzEvSWpMdnpFYWdNVG5kRFd1QVFOQkJWYlRSM0lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS80ODBmNGEtYTkzNy00MTQ5LWFlZTgtZTMyOTI0YWM3YjYz
LzEvdDRaNHZXVk1wckVLWEhjN3dtbDFUY0kwejlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBZ3O2AwQC
wIzkMA0GCSqGSIb3DQEBCwUAA4IBAQCM93P1brg7pjO3SJASlkAYGpPMoE+kINEP
H6gV8w+oZTctLtMgETlE/nvNBOZkUgj7BVSD0mocb/H8udz64Ww6ORH2cY5mNZfN
rgTgvb8Ynci0TQld3Jkn4jTn8PjEQuYXVR5g3Lhh+/UZOTgex523w5dduy3wkjD2
GttK0hLc6E6azY6HkqsQHote1W+ygsyb6iozXM0XMCtGXFOB77JnNVvSo/dKyhNv
8n4+lLRj91YMm3/fQgckwM5JZHz3dORQWIrKlcfRIE7TZIJwRKKDESe1BIWKZvC7
9H7yHmRZLLnEt9/90zdOBHkBUHSgXAP5e8OPfhmHRpnx5dVzDI45
-----END CERTIFICATE-----