Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/09b7de-ffb7-4d6b-b414-f21b4f11faf0/1/np95vJ63njzIyEv2cfQb2cWtUbY.roa
File:                     np95vJ63njzIyEv2cfQb2cWtUbY.roa (raw, json)
Hash identifier:          5+hTVLtGUJs00SbtJjx8hk0pvI7MNlC+/8yzlk+cXtI=
Subject key identifier:   9E:9F:79:BC:9E:B7:9E:3C:C8:C8:4B:F6:71:F4:1B:D9:C5:AD:51:B6
Certificate issuer:       /CN=6912d04ab0c37a473b1fc81a369fc9ad5d9ffd44
Certificate serial:       01923688CFC0ED468A4A2C55DE3F0B51A6C7
Authority key identifier: 69:12:D0:4A:B0:C3:7A:47:3B:1F:C8:1A:36:9F:C9:AD:5D:9F:FD:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aRLQSrDDekc7H8gaNp_JrV2f_UQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/09b7de-ffb7-4d6b-b414-f21b4f11faf0/1/np95vJ63njzIyEv2cfQb2cWtUbY.roa
Signing time:             Sat 28 Sep 2024 02:49:48 +0000
ROA not before:           Sat 28 Sep 2024 02:49:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214785
IP address blocks:        103.55.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/09b7de-ffb7-4d6b-b414-f21b4f11faf0/1/aRLQSrDDekc7H8gaNp_JrV2f_UQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/09b7de-ffb7-4d6b-b414-f21b4f11faf0/1/aRLQSrDDekc7H8gaNp_JrV2f_UQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aRLQSrDDekc7H8gaNp_JrV2f_UQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:36:88:cf:c0:ed:46:8a:4a:2c:55:de:3f:0b:51:a6:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6912d04ab0c37a473b1fc81a369fc9ad5d9ffd44
        Validity
            Not Before: Sep 28 02:49:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e9f79bc9eb79e3cc8c84bf671f41bd9c5ad51b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:9b:2b:a0:83:11:be:44:f5:ae:d9:6f:09:e6:
                    56:54:63:e6:5a:38:06:e9:23:8b:2b:c4:5b:41:7b:
                    be:8d:0b:33:72:05:4e:ef:66:a4:c4:7c:dd:bc:e8:
                    0f:d6:31:b3:e0:9c:99:27:73:15:3d:e2:04:a1:77:
                    55:7a:b8:8a:07:c8:37:5d:12:e0:89:d5:af:72:37:
                    f4:e0:61:b7:77:d7:e4:9a:50:fb:c6:8a:4e:00:a6:
                    ce:79:90:e0:95:5a:af:59:ae:4e:89:f1:80:87:6e:
                    ad:b2:26:e0:9f:fb:fe:d3:be:cc:ad:4c:40:2d:dd:
                    a1:04:4e:d5:f4:0a:69:10:32:2d:83:87:3c:d8:8e:
                    ab:61:3f:2f:c4:b7:60:4d:3d:73:1f:af:23:ab:25:
                    bf:07:63:18:1e:93:e2:33:62:cb:1f:20:63:64:e0:
                    a4:c7:20:cb:c0:6a:19:0c:07:7a:d0:16:cb:90:6e:
                    2b:5f:dd:9b:8e:67:3f:10:1c:85:df:c6:01:37:9a:
                    a1:7e:17:8f:08:48:a8:73:c3:d7:a9:be:a8:87:7c:
                    63:62:82:7a:6b:e7:d8:04:fe:c8:0a:b2:32:96:a7:
                    39:6d:99:4a:41:bd:43:e0:c9:b2:63:de:a0:34:3c:
                    a5:dd:dc:5f:90:ed:ad:e4:01:c0:6a:4b:b6:a1:2e:
                    8c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:9F:79:BC:9E:B7:9E:3C:C8:C8:4B:F6:71:F4:1B:D9:C5:AD:51:B6
            X509v3 Authority Key Identifier:
                keyid:69:12:D0:4A:B0:C3:7A:47:3B:1F:C8:1A:36:9F:C9:AD:5D:9F:FD:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aRLQSrDDekc7H8gaNp_JrV2f_UQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/09b7de-ffb7-4d6b-b414-f21b4f11faf0/1/np95vJ63njzIyEv2cfQb2cWtUbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/09b7de-ffb7-4d6b-b414-f21b4f11faf0/1/aRLQSrDDekc7H8gaNp_JrV2f_UQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.55.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:ab:45:0d:58:f7:22:a2:32:32:d0:f6:78:96:11:76:b6:31:
         b6:34:94:7a:91:05:82:24:21:38:96:45:37:ba:8b:95:ab:e5:
         8b:ed:c8:3a:fd:5a:a4:e3:c6:c8:0b:c2:2b:a3:d0:45:06:c5:
         0a:69:39:70:32:16:73:41:e6:9d:a8:0b:a8:8a:e2:e9:e1:f4:
         e8:0b:df:23:21:8a:5e:eb:af:ef:f3:01:90:c1:d7:5d:87:1c:
         67:65:d1:38:93:c1:83:25:c0:e5:f3:95:1d:8c:61:59:2a:13:
         46:85:b2:0d:49:c2:c4:46:58:b4:60:da:25:20:b3:8e:11:10:
         8d:af:d1:2c:94:83:43:d4:cf:b4:34:83:66:76:0f:4e:ea:ff:
         4a:a2:bb:77:70:d2:ce:c2:70:02:f6:f9:b0:d0:58:05:40:1f:
         fe:a2:07:55:df:88:7c:3c:d5:c1:42:08:aa:24:12:e3:d8:63:
         0f:1a:c7:d3:ef:25:72:b5:6b:84:10:6e:98:33:72:e6:e9:86:
         d1:a0:ee:46:7b:2e:04:25:14:c7:21:b4:29:b2:81:67:a2:98:
         f9:b9:fa:7a:ad:0a:07:77:02:21:a5:4c:d9:31:3b:f5:c6:08:
         d6:72:0e:78:91:e3:7f:25:11:bb:80:f1:e4:8f:f9:e5:fe:79:
         6a:5b:f2:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZI2iM/A7UaKSixV3j8LUabHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MTJkMDRhYjBjMzdhNDczYjFmYzgxYTM2OWZjOWFkNWQ5
ZmZkNDQwHhcNMjQwOTI4MDI0OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTlmNzliYzllYjc5ZTNjYzhjODRiZjY3MWY0MWJkOWM1YWQ1MWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupsroIMRvkT1rtlvCeZWVGPmWjgG
6SOLK8RbQXu+jQszcgVO72akxHzdvOgP1jGz4JyZJ3MVPeIEoXdVeriKB8g3XRLg
idWvcjf04GG3d9fkmlD7xopOAKbOeZDglVqvWa5OifGAh26tsibgn/v+077MrUxA
Ld2hBE7V9AppEDItg4c82I6rYT8vxLdgTT1zH68jqyW/B2MYHpPiM2LLHyBjZOCk
xyDLwGoZDAd60BbLkG4rX92bjmc/EByF38YBN5qhfhePCEioc8PXqb6oh3xjYoJ6
a+fYBP7ICrIylqc5bZlKQb1D4MmyY96gNDyl3dxfkO2t5AHAaku2oS6MVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6febyet548yMhL9nH0G9nFrVG2MB8GA1UdIwQY
MBaAFGkS0Eqww3pHOx/IGjafya1dn/1EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVJMUVNyRERla2M3SDhnYU5wX0pyVjJmX1VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi8wOWI3ZGUtZmZiNy00ZDZiLWI0MTQt
ZjIxYjRmMTFmYWYwLzEvbnA5NXZKNjNuanpJeUV2MmNmUWIyY1d0VWJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi8wOWI3ZGUtZmZiNy00ZDZiLWI0MTQtZjIxYjRmMTFmYWYw
LzEvYVJMUVNyRERla2M3SDhnYU5wX0pyVjJmX1VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZzekMA0G
CSqGSIb3DQEBCwUAA4IBAQBqq0UNWPciojIy0PZ4lhF2tjG2NJR6kQWCJCE4lkU3
uouVq+WL7cg6/Vqk48bIC8Iro9BFBsUKaTlwMhZzQeadqAuoiuLp4fToC98jIYpe
66/v8wGQwdddhxxnZdE4k8GDJcDl85UdjGFZKhNGhbINScLERli0YNolILOOERCN
r9EslIND1M+0NINmdg9O6v9Kort3cNLOwnAC9vmw0FgFQB/+ogdV34h8PNXBQgiq
JBLj2GMPGsfT7yVytWuEEG6YM3Lm6YbRoO5Gey4EJRTHIbQpsoFnopj5ufp6rQoH
dwIhpUzZMTv1xgjWcg54keN/JRG7gPHkj/nl/nlqW/KI
-----END CERTIFICATE-----