Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/7e57a3-a181-45df-b4ae-316f6dabffbf/1/Kr1JfHzxtvWj4tiYEDQfnL5MHv0.roa
File:                     Kr1JfHzxtvWj4tiYEDQfnL5MHv0.roa (raw, json)
Hash identifier:          dVY4E1R4EAZbCYRmZe//zeEJx70rYLMLNdAVeCcdcfI=
Subject key identifier:   2A:BD:49:7C:7C:F1:B6:F5:A3:E2:D8:98:10:34:1F:9C:BE:4C:1E:FD
Certificate issuer:       /CN=46f01771d1cc8fd114c46a616206aa4c59dbdc19
Certificate serial:       01942748278CE91BF5C7A024D0DF56C1337C
Authority key identifier: 46:F0:17:71:D1:CC:8F:D1:14:C4:6A:61:62:06:AA:4C:59:DB:DC:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RvAXcdHMj9EUxGphYgaqTFnb3Bk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/7e57a3-a181-45df-b4ae-316f6dabffbf/1/Kr1JfHzxtvWj4tiYEDQfnL5MHv0.roa
Signing time:             Thu 02 Jan 2025 13:50:27 +0000
ROA not before:           Thu 02 Jan 2025 13:50:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61102
IP address blocks:        103.95.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/7e57a3-a181-45df-b4ae-316f6dabffbf/1/RvAXcdHMj9EUxGphYgaqTFnb3Bk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/7e57a3-a181-45df-b4ae-316f6dabffbf/1/RvAXcdHMj9EUxGphYgaqTFnb3Bk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RvAXcdHMj9EUxGphYgaqTFnb3Bk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 04:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:27:8c:e9:1b:f5:c7:a0:24:d0:df:56:c1:33:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46f01771d1cc8fd114c46a616206aa4c59dbdc19
        Validity
            Not Before: Jan  2 13:50:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2abd497c7cf1b6f5a3e2d89810341f9cbe4c1efd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:16:7a:b2:1f:4e:23:7f:4a:69:52:fb:58:1c:
                    a3:da:b5:ca:d4:78:bd:4f:eb:e7:53:30:58:c1:5c:
                    e2:11:32:cc:3c:bc:9d:22:a9:5f:3c:6b:38:8e:ed:
                    93:bf:a6:96:05:34:b7:6e:b3:3f:9d:bd:ef:0d:fa:
                    57:36:6e:3a:8d:2f:a5:04:60:b9:18:e6:4e:fd:eb:
                    a1:d2:48:94:df:6e:3f:de:db:90:62:cf:39:e0:d0:
                    2d:8e:d9:0c:51:c4:85:ca:7e:a5:63:c9:ab:72:12:
                    91:49:12:72:5e:2e:82:5e:ec:3c:50:61:9c:20:8d:
                    ac:10:9a:d1:e9:b4:da:05:1b:c8:f1:31:bd:f9:ad:
                    36:49:19:7f:4c:cf:39:a4:5d:a3:23:8e:15:04:f2:
                    95:d4:f1:95:25:53:a4:4a:7f:1c:b6:b2:ae:5d:d0:
                    b1:a8:23:ab:1c:57:7b:00:0c:1d:44:fa:6c:1e:ab:
                    e1:92:0f:6a:21:0f:6b:db:32:40:44:e9:5b:0a:c9:
                    eb:43:3b:d2:dc:b2:86:24:f3:c5:7c:68:6e:d3:fe:
                    b0:84:11:53:f8:41:76:5a:e7:1c:3e:3b:49:17:2a:
                    57:05:1c:64:d9:e5:0f:c4:52:0f:8f:a4:bd:e0:cf:
                    eb:de:47:3b:58:50:3e:b3:69:03:6e:bd:90:33:ed:
                    1c:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:BD:49:7C:7C:F1:B6:F5:A3:E2:D8:98:10:34:1F:9C:BE:4C:1E:FD
            X509v3 Authority Key Identifier:
                keyid:46:F0:17:71:D1:CC:8F:D1:14:C4:6A:61:62:06:AA:4C:59:DB:DC:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RvAXcdHMj9EUxGphYgaqTFnb3Bk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/7e57a3-a181-45df-b4ae-316f6dabffbf/1/Kr1JfHzxtvWj4tiYEDQfnL5MHv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/7e57a3-a181-45df-b4ae-316f6dabffbf/1/RvAXcdHMj9EUxGphYgaqTFnb3Bk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.95.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:97:7a:3a:aa:66:0b:57:70:96:8b:f2:a6:8f:74:1e:3f:c9:
         f9:2a:72:41:d6:8e:ad:6f:ff:9b:df:78:79:24:7d:29:90:63:
         e6:76:e0:44:5d:38:39:98:b6:15:03:89:57:54:5a:5b:04:6e:
         51:3f:1c:5a:a1:de:57:42:c1:64:64:ff:e1:f6:b1:d4:76:e2:
         21:43:08:ce:46:a5:4b:0e:21:2a:26:13:4c:62:cd:d4:0e:b5:
         6b:e9:cf:e5:d3:51:ae:ff:d7:c4:59:dc:44:5a:bc:ea:d5:73:
         de:ad:73:c4:33:f4:ae:d7:84:df:4c:3f:d5:f8:6c:5c:c9:a4:
         b8:e9:c3:7a:78:22:48:41:ec:8c:64:35:86:c0:d2:81:aa:f3:
         54:27:07:c8:a9:db:2a:8d:3f:76:5b:54:d2:77:26:62:39:3e:
         df:f3:19:9d:95:9b:06:16:34:61:74:22:4b:70:a2:fd:f1:4c:
         f3:da:cd:9b:09:ac:7d:5c:19:b7:82:8d:6a:4f:de:59:99:ac:
         2f:a1:d4:9f:ef:d9:7e:f8:67:3f:8b:00:fa:4b:84:51:c6:e7:
         93:db:ef:11:25:02:3a:51:fb:e6:e1:25:a9:6c:40:82:9f:fa:
         12:53:e1:3e:17:da:ac:40:c7:d0:ab:64:dc:35:93:e5:1e:03:
         d1:bb:11:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSCeM6Rv1x6Ak0N9WwTN8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZjAxNzcxZDFjYzhmZDExNGM0NmE2MTYyMDZhYTRjNTlk
YmRjMTkwHhcNMjUwMTAyMTM1MDI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWJkNDk3YzdjZjFiNmY1YTNlMmQ4OTgxMDM0MWY5Y2JlNGMxZWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohZ6sh9OI39KaVL7WByj2rXK1Hi9
T+vnUzBYwVziETLMPLydIqlfPGs4ju2Tv6aWBTS3brM/nb3vDfpXNm46jS+lBGC5
GOZO/euh0kiU324/3tuQYs854NAtjtkMUcSFyn6lY8mrchKRSRJyXi6CXuw8UGGc
II2sEJrR6bTaBRvI8TG9+a02SRl/TM85pF2jI44VBPKV1PGVJVOkSn8ctrKuXdCx
qCOrHFd7AAwdRPpsHqvhkg9qIQ9r2zJAROlbCsnrQzvS3LKGJPPFfGhu0/6whBFT
+EF2WuccPjtJFypXBRxk2eUPxFIPj6S94M/r3kc7WFA+s2kDbr2QM+0cCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCq9SXx88bb1o+LYmBA0H5y+TB79MB8GA1UdIwQY
MBaAFEbwF3HRzI/RFMRqYWIGqkxZ29wZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnZBWGNkSE1qOUVVeEdwaFlnYXFURm5iM0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC83ZTU3YTMtYTE4MS00NWRmLWI0YWUt
MzE2ZjZkYWJmZmJmLzEvS3IxSmZIenh0dldqNHRpWUVEUWZuTDVNSHYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC83ZTU3YTMtYTE4MS00NWRmLWI0YWUtMzE2ZjZkYWJmZmJm
LzEvUnZBWGNkSE1qOUVVeEdwaFlnYXFURm5iM0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ192MA0G
CSqGSIb3DQEBCwUAA4IBAQCPl3o6qmYLV3CWi/Kmj3QeP8n5KnJB1o6tb/+b33h5
JH0pkGPmduBEXTg5mLYVA4lXVFpbBG5RPxxaod5XQsFkZP/h9rHUduIhQwjORqVL
DiEqJhNMYs3UDrVr6c/l01Gu/9fEWdxEWrzq1XPerXPEM/Su14TfTD/V+GxcyaS4
6cN6eCJIQeyMZDWGwNKBqvNUJwfIqdsqjT92W1TSdyZiOT7f8xmdlZsGFjRhdCJL
cKL98Uzz2s2bCax9XBm3go1qT95ZmawvodSf79l++Gc/iwD6S4RRxueT2+8RJQI6
Ufvm4SWpbECCn/oSU+E+F9qsQMfQq2TcNZPlHgPRuxFk
-----END CERTIFICATE-----