Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Df5Tol_Hlrw6G48nVA3Bprs_ri0.roa
File:                     Df5Tol_Hlrw6G48nVA3Bprs_ri0.roa (raw, json)
Hash identifier:          73klIWGR0Vr0Tj0crQOtPhJ/STAxgW+c4NzOQH//ocU=
Subject key identifier:   0D:FE:53:A2:5F:C7:96:BC:3A:1B:8F:27:54:0D:C1:A6:BB:3F:AE:2D
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0195B2AC490F84958292D4453B279E1539FA
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Df5Tol_Hlrw6G48nVA3Bprs_ri0.roa
Signing time:             Thu 20 Mar 2025 08:29:50 +0000
ROA not before:           Thu 20 Mar 2025 08:29:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137409
IP address blocks:        103.227.87.0/24 maxlen: 24
                          2a0f:31c1::/32 maxlen: 48
                          2a10:67c2:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b2:ac:49:0f:84:95:82:92:d4:45:3b:27:9e:15:39:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 20 08:29:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0dfe53a25fc796bc3a1b8f27540dc1a6bb3fae2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b2:9f:0c:4d:f9:e0:97:cf:3a:4a:d4:87:11:
                    39:b7:60:37:c7:63:44:93:54:c3:00:c7:13:1f:4c:
                    8a:f3:a1:9c:fb:a8:08:a6:2e:ca:57:8f:0c:d0:a8:
                    f0:d8:e2:c3:d5:75:b5:50:96:5b:13:7e:ab:a0:25:
                    50:92:bd:e3:08:d2:53:5a:f9:84:6e:53:33:42:f7:
                    c7:a2:20:1e:c7:e9:d2:33:4a:75:ff:cc:fc:97:11:
                    8d:6c:36:09:f5:c4:50:93:1a:be:93:7d:45:e5:88:
                    32:5f:4e:9c:3a:13:90:7e:4c:82:5c:6d:86:83:b0:
                    5c:7f:30:5e:8f:16:6d:38:f0:41:7e:3e:3d:44:26:
                    91:27:eb:61:0a:1f:18:e4:01:33:2c:38:ba:69:a9:
                    de:29:47:80:16:93:d5:81:1f:39:63:90:d4:01:bf:
                    00:a2:64:ee:be:14:93:9d:52:39:c8:82:81:ce:0b:
                    1e:5d:12:e8:d2:2d:50:32:68:71:86:88:90:5f:3e:
                    1b:91:1f:c6:15:5e:9b:e5:af:af:24:64:43:36:05:
                    38:0f:72:bd:67:8a:08:68:3e:fd:d5:3b:c6:62:e4:
                    c0:de:30:6c:3a:3b:83:d9:df:e4:bb:fe:59:11:56:
                    b6:d6:39:11:5e:cf:21:15:20:83:ed:49:e0:c3:2c:
                    a6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:FE:53:A2:5F:C7:96:BC:3A:1B:8F:27:54:0D:C1:A6:BB:3F:AE:2D
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Df5Tol_Hlrw6G48nVA3Bprs_ri0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.227.87.0/24
                IPv6:
                  2a0f:31c1::/32
                  2a10:67c2:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:56:d2:67:23:09:6e:94:3e:9d:fd:ba:49:6e:54:f2:ab:b6:
         52:74:ca:51:96:df:12:97:d6:62:f6:71:3c:03:b7:00:f5:6a:
         b9:76:8d:e4:3a:15:0e:c1:42:7a:68:e4:c0:30:44:2a:3a:bd:
         fb:17:9a:3a:e6:39:5c:ef:59:00:c2:75:9c:04:0e:6d:bf:34:
         31:97:58:f7:a3:b7:91:18:bf:dd:52:30:1f:01:70:d6:c5:9b:
         f3:bd:f7:be:bc:b1:1f:74:f9:a4:67:0a:59:fe:13:b5:df:71:
         b8:cc:61:e7:75:9b:a9:2d:2f:39:70:75:7a:0c:35:80:ea:92:
         0e:f9:1c:fb:c8:9f:45:22:5b:45:a6:f0:7b:65:3b:af:18:40:
         20:c0:c6:2c:54:7e:ff:e4:e8:62:23:d6:60:80:df:ea:22:3f:
         5f:50:57:bc:fd:e5:03:3d:5e:28:96:15:3e:a6:40:1d:a8:8e:
         a1:79:47:82:49:e7:81:15:17:cb:97:a6:40:55:58:40:5c:94:
         2e:54:33:23:7b:d9:88:1b:af:3f:65:7a:7c:44:46:4b:2b:c0:
         7e:12:67:2a:cc:9c:74:16:d1:a9:57:9e:fc:07:d8:4b:0d:bb:
         93:b8:71:82:c5:0b:3e:ac:80:a4:d1:54:25:db:11:fb:46:ed:
         b1:a7:c0:4d
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZWyrEkPhJWCktRFOyeeFTn6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwMzIwMDgyOTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGZlNTNhMjVmYzc5NmJjM2ExYjhmMjc1NDBkYzFhNmJiM2ZhZTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprKfDE354JfPOkrUhxE5t2A3x2NE
k1TDAMcTH0yK86Gc+6gIpi7KV48M0Kjw2OLD1XW1UJZbE36roCVQkr3jCNJTWvmE
blMzQvfHoiAex+nSM0p1/8z8lxGNbDYJ9cRQkxq+k31F5YgyX06cOhOQfkyCXG2G
g7BcfzBejxZtOPBBfj49RCaRJ+thCh8Y5AEzLDi6aaneKUeAFpPVgR85Y5DUAb8A
omTuvhSTnVI5yIKBzgseXRLo0i1QMmhxhoiQXz4bkR/GFV6b5a+vJGRDNgU4D3K9
Z4oIaD791TvGYuTA3jBsOjuD2d/ku/5ZEVa21jkRXs8hFSCD7Ungwyym4wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFA3+U6Jfx5a8OhuPJ1QNwaa7P64tMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvRGY1VG9sX0hscnc2RzQ4blZBM0JwcnNfcmkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQAZ+NXMBYE
AgACMBADBQAqDzHBAwcAKhBnwgACMA0GCSqGSIb3DQEBCwUAA4IBAQA0VtJnIwlu
lD6d/bpJblTyq7ZSdMpRlt8Sl9Zi9nE8A7cA9Wq5do3kOhUOwUJ6aOTAMEQqOr37
F5o65jlc71kAwnWcBA5tvzQxl1j3o7eRGL/dUjAfAXDWxZvzvfe+vLEfdPmkZwpZ
/hO133G4zGHndZupLS85cHV6DDWA6pIO+Rz7yJ9FIltFpvB7ZTuvGEAgwMYsVH7/
5OhiI9ZggN/qIj9fUFe8/eUDPV4olhU+pkAdqI6heUeCSeeBFRfLl6ZAVVhAXJQu
VDMje9mIG68/ZXp8REZLK8B+EmcqzJx0FtGpV578B9hLDbuTuHGCxQs+rICk0VQl
2xH7Ru2xp8BN
-----END CERTIFICATE-----