Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/7e57a3-a181-45df-b4ae-316f6dabffbf/1/F5TXXrd8NTClp9Mlr3N3IWLNtEU.roa
File:                     F5TXXrd8NTClp9Mlr3N3IWLNtEU.roa (raw, json)
Hash identifier:          Rexy4EF+DxmBgECYPidgU6xF/dkxpNRaxP8JMfIz6R8=
Subject key identifier:   17:94:D7:5E:B7:7C:35:30:A5:A7:D3:25:AF:73:77:21:62:CD:B4:45
Certificate issuer:       /CN=46f01771d1cc8fd114c46a616206aa4c59dbdc19
Certificate serial:       018D7498547B9C30B0DC6C5F4C3424C0958B
Authority key identifier: 46:F0:17:71:D1:CC:8F:D1:14:C4:6A:61:62:06:AA:4C:59:DB:DC:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RvAXcdHMj9EUxGphYgaqTFnb3Bk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/7e57a3-a181-45df-b4ae-316f6dabffbf/1/F5TXXrd8NTClp9Mlr3N3IWLNtEU.roa
Signing time:             Sun 04 Feb 2024 14:49:16 +0000
ROA not before:           Sun 04 Feb 2024 14:49:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61102
IP address blocks:        103.95.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/7e57a3-a181-45df-b4ae-316f6dabffbf/1/RvAXcdHMj9EUxGphYgaqTFnb3Bk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/7e57a3-a181-45df-b4ae-316f6dabffbf/1/RvAXcdHMj9EUxGphYgaqTFnb3Bk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RvAXcdHMj9EUxGphYgaqTFnb3Bk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:74:98:54:7b:9c:30:b0:dc:6c:5f:4c:34:24:c0:95:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46f01771d1cc8fd114c46a616206aa4c59dbdc19
        Validity
            Not Before: Feb  4 14:49:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1794d75eb77c3530a5a7d325af73772162cdb445
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:65:13:c8:2d:76:ff:b9:7d:68:5b:e2:44:1c:
                    5f:0d:fe:4d:91:4e:6b:c7:32:11:13:a5:46:0b:69:
                    b6:dc:2a:9b:cd:db:b4:2d:9a:f5:fb:42:e2:47:1d:
                    66:92:cf:30:bd:0b:7a:a0:64:c0:a3:17:e9:eb:0f:
                    ac:d2:e1:e0:a6:0b:81:e8:7f:83:85:b4:2b:31:02:
                    35:a3:25:d7:21:fb:e5:26:93:07:a3:62:ae:b9:2a:
                    0d:bb:0a:1c:72:e7:1f:d2:fd:bd:82:f9:fc:59:02:
                    51:7f:2e:eb:cb:11:75:b5:37:c9:b3:4a:e0:f6:f2:
                    56:fd:66:85:ef:12:99:03:a4:1a:91:39:be:a0:87:
                    9e:d9:b2:79:c3:1d:ec:e4:7e:57:89:dc:36:d1:ba:
                    48:4e:97:ea:cf:19:d0:05:bc:08:e4:2c:28:b9:db:
                    3b:6d:24:9a:38:41:b5:63:66:30:da:46:3e:25:6d:
                    04:c0:0a:7f:73:25:16:cc:da:d3:35:d0:8a:fb:6a:
                    73:5d:68:9c:92:ae:d6:f6:08:19:20:7e:ef:17:7f:
                    7d:1f:23:b4:43:e5:16:05:04:52:88:0a:f9:fc:f1:
                    ac:c6:33:a3:db:87:d4:98:94:24:2d:d2:73:57:f9:
                    34:b3:c0:de:b2:b6:62:4a:7c:8b:40:f6:ee:2a:7a:
                    1e:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:94:D7:5E:B7:7C:35:30:A5:A7:D3:25:AF:73:77:21:62:CD:B4:45
            X509v3 Authority Key Identifier:
                keyid:46:F0:17:71:D1:CC:8F:D1:14:C4:6A:61:62:06:AA:4C:59:DB:DC:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RvAXcdHMj9EUxGphYgaqTFnb3Bk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/7e57a3-a181-45df-b4ae-316f6dabffbf/1/F5TXXrd8NTClp9Mlr3N3IWLNtEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/7e57a3-a181-45df-b4ae-316f6dabffbf/1/RvAXcdHMj9EUxGphYgaqTFnb3Bk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.95.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:3f:e6:4e:71:dd:68:a7:49:96:fc:0d:ac:dd:6f:d9:1d:88:
         32:86:b4:9e:4e:55:47:c1:62:98:49:d9:57:ed:57:23:eb:83:
         44:a1:84:24:51:de:4b:a8:ca:1b:d2:d6:0a:bb:af:30:97:12:
         50:3d:55:fb:42:cb:18:bb:e8:93:a2:a3:9b:a2:18:3d:1d:6d:
         3e:6b:c7:cf:ff:d3:85:a2:79:b8:27:d0:31:03:fb:62:a1:44:
         2d:c5:73:90:07:42:1b:8f:88:6f:7a:cc:73:f1:0a:86:44:01:
         21:e8:94:99:28:85:b9:e9:51:44:3b:1c:ab:3a:94:cf:c6:1f:
         5a:bb:76:8b:b4:9c:18:1e:2b:9f:0d:45:35:7b:68:b1:4a:1a:
         65:4b:65:33:1e:4a:40:dc:b2:a8:04:51:0e:46:57:c5:b5:c1:
         ca:78:80:9f:73:51:ca:f7:19:45:27:ee:67:af:bf:71:fc:fd:
         46:be:02:21:1e:dd:22:7f:68:3c:37:2e:fe:f9:96:9f:10:76:
         3c:a6:80:58:dc:77:30:e3:41:9b:57:d5:0a:a5:56:29:24:37:
         32:31:0c:28:66:29:e6:01:7e:80:67:e3:c5:8c:f0:94:61:cc:
         91:33:1d:07:de:69:c9:fd:28:e1:2e:04:56:9b:53:66:ba:ab:
         a1:85:39:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY10mFR7nDCw3GxfTDQkwJWLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZjAxNzcxZDFjYzhmZDExNGM0NmE2MTYyMDZhYTRjNTlk
YmRjMTkwHhcNMjQwMjA0MTQ0OTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzk0ZDc1ZWI3N2MzNTMwYTVhN2QzMjVhZjczNzcyMTYyY2RiNDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA62UTyC12/7l9aFviRBxfDf5NkU5r
xzIRE6VGC2m23Cqbzdu0LZr1+0LiRx1mks8wvQt6oGTAoxfp6w+s0uHgpguB6H+D
hbQrMQI1oyXXIfvlJpMHo2KuuSoNuwoccucf0v29gvn8WQJRfy7ryxF1tTfJs0rg
9vJW/WaF7xKZA6QakTm+oIee2bJ5wx3s5H5Xidw20bpITpfqzxnQBbwI5Cwouds7
bSSaOEG1Y2Yw2kY+JW0EwAp/cyUWzNrTNdCK+2pzXWickq7W9ggZIH7vF399HyO0
Q+UWBQRSiAr5/PGsxjOj24fUmJQkLdJzV/k0s8DesrZiSnyLQPbuKnoezwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBeU1163fDUwpafTJa9zdyFizbRFMB8GA1UdIwQY
MBaAFEbwF3HRzI/RFMRqYWIGqkxZ29wZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnZBWGNkSE1qOUVVeEdwaFlnYXFURm5iM0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC83ZTU3YTMtYTE4MS00NWRmLWI0YWUt
MzE2ZjZkYWJmZmJmLzEvRjVUWFhyZDhOVENscDlNbHIzTjNJV0xOdEVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC83ZTU3YTMtYTE4MS00NWRmLWI0YWUtMzE2ZjZkYWJmZmJm
LzEvUnZBWGNkSE1qOUVVeEdwaFlnYXFURm5iM0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ192MA0G
CSqGSIb3DQEBCwUAA4IBAQArP+ZOcd1op0mW/A2s3W/ZHYgyhrSeTlVHwWKYSdlX
7Vcj64NEoYQkUd5LqMob0tYKu68wlxJQPVX7QssYu+iToqObohg9HW0+a8fP/9OF
onm4J9AxA/tioUQtxXOQB0Ibj4hvesxz8QqGRAEh6JSZKIW56VFEOxyrOpTPxh9a
u3aLtJwYHiufDUU1e2ixShplS2UzHkpA3LKoBFEORlfFtcHKeICfc1HK9xlFJ+5n
r79x/P1GvgIhHt0if2g8Ny7++ZafEHY8poBY3Hcw40GbV9UKpVYpJDcyMQwoZinm
AX6AZ+PFjPCUYcyRMx0H3mnJ/SjhLgRWm1NmuquhhTlA
-----END CERTIFICATE-----