Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/T1s3hEODtpMgwadXSJbNrv0Sqg0.roa
File:                     T1s3hEODtpMgwadXSJbNrv0Sqg0.roa (raw, json)
Hash identifier:          Zrw5RkYcwk7uRZLcIYfMJf6aekACXsJnzpEyuxrgbk8=
Subject key identifier:   4F:5B:37:84:43:83:B6:93:20:C1:A7:57:48:96:CD:AE:FD:12:AA:0D
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018E0EE2B1080489FC77929CF0E5C575189B
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/T1s3hEODtpMgwadXSJbNrv0Sqg0.roa
Signing time:             Tue 05 Mar 2024 13:52:01 +0000
ROA not before:           Tue 05 Mar 2024 13:52:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        103.82.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0e:e2:b1:08:04:89:fc:77:92:9c:f0:e5:c5:75:18:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Mar  5 13:52:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f5b37844383b69320c1a7574896cdaefd12aa0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:2e:cf:f5:de:22:10:5e:1c:24:b0:1a:57:8c:
                    aa:80:1e:7f:4f:03:45:08:e4:62:c7:e0:e0:f1:6d:
                    07:ad:86:63:51:ca:e1:14:a9:df:74:a9:43:5e:45:
                    b0:23:91:eb:9f:a7:8c:d3:59:0d:67:0b:7d:30:29:
                    41:f7:72:ac:92:36:e0:f2:e4:2c:06:f5:35:03:3c:
                    b4:37:09:40:b9:6b:d6:0e:35:41:48:95:cc:e6:d8:
                    5e:54:8a:59:c3:d7:94:3b:7a:7e:ff:30:1d:9d:b5:
                    c1:cc:22:6d:5c:b0:28:92:80:d3:8f:f7:8e:53:0a:
                    2e:65:af:36:91:b6:42:57:25:16:1a:d1:be:fd:d7:
                    ae:14:85:e2:08:61:2d:2a:d9:ac:8b:03:58:f8:25:
                    31:49:2f:b3:20:2e:6e:0f:b3:b3:bd:ba:06:8b:4a:
                    75:ba:12:55:ca:4f:06:d3:ec:d7:61:67:ec:cc:7a:
                    cf:e3:81:3a:6a:43:2c:bf:c8:3f:40:3f:2d:83:b6:
                    47:f5:79:47:53:b0:54:af:34:84:7e:ab:e8:02:f1:
                    45:fb:f9:8f:07:30:e2:7e:10:28:85:6d:ca:de:0f:
                    22:86:d5:e7:fe:32:a8:03:34:8e:fb:5b:00:92:da:
                    2d:d1:c4:6e:f4:e5:46:1b:14:7c:e9:bc:35:26:ba:
                    dc:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:5B:37:84:43:83:B6:93:20:C1:A7:57:48:96:CD:AE:FD:12:AA:0D
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/T1s3hEODtpMgwadXSJbNrv0Sqg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.82.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:83:e5:31:70:76:fd:05:12:56:ce:d4:a8:8c:18:14:9f:3e:
         f9:9a:40:cc:8d:39:b2:ef:91:21:c0:49:ce:bf:38:94:7a:42:
         83:dd:9d:4c:52:39:a5:1f:bc:0a:5c:24:e5:26:55:1c:8d:8f:
         19:20:69:e9:a6:a3:a3:d3:92:b1:b1:d7:5e:8a:26:40:c4:89:
         c3:18:c5:62:b5:7f:ef:d4:cf:0d:db:a7:bd:46:16:2f:26:96:
         bb:a7:b9:25:f8:53:f3:74:c6:98:85:c6:e9:5d:1a:a6:cc:d0:
         fa:aa:e1:85:92:46:26:f3:a0:73:00:4c:9d:51:b0:85:6c:01:
         56:bf:38:3d:15:39:c3:a8:53:48:19:c9:08:e8:3e:aa:2b:fd:
         12:df:cc:d7:de:8d:55:5a:75:77:e0:e8:d3:fe:78:89:48:84:
         fb:68:10:bf:25:47:6e:df:95:0a:10:c2:42:3e:33:52:6b:96:
         fd:fd:10:2e:67:00:79:e6:54:f3:4f:3d:26:02:a3:7c:2d:84:
         c6:69:e8:7c:d3:38:c5:0c:85:b0:ec:1b:80:5f:b6:57:4c:61:
         44:d4:28:ea:f3:30:72:9b:4d:37:4d:10:fc:66:c5:26:67:6f:
         4d:ae:5f:be:81:4e:6d:7e:b5:b3:c7:cd:5f:d9:4d:aa:d8:40:
         a2:82:0d:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4O4rEIBIn8d5Kc8OXFdRibMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMzA1MTM1MjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjViMzc4NDQzODNiNjkzMjBjMWE3NTc0ODk2Y2RhZWZkMTJhYTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjS7P9d4iEF4cJLAaV4yqgB5/TwNF
CORix+Dg8W0HrYZjUcrhFKnfdKlDXkWwI5Hrn6eM01kNZwt9MClB93Kskjbg8uQs
BvU1Azy0NwlAuWvWDjVBSJXM5theVIpZw9eUO3p+/zAdnbXBzCJtXLAokoDTj/eO
UwouZa82kbZCVyUWGtG+/deuFIXiCGEtKtmsiwNY+CUxSS+zIC5uD7OzvboGi0p1
uhJVyk8G0+zXYWfszHrP44E6akMsv8g/QD8tg7ZH9XlHU7BUrzSEfqvoAvFF+/mP
BzDifhAohW3K3g8ihtXn/jKoAzSO+1sAktot0cRu9OVGGxR86bw1JrrcwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE9bN4RDg7aTIMGnV0iWza79EqoNMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvVDFzM2hFT0R0cE1nd2FkWFNKYk5ydjBTcWcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ1JmMA0G
CSqGSIb3DQEBCwUAA4IBAQA6g+UxcHb9BRJWztSojBgUnz75mkDMjTmy75EhwEnO
vziUekKD3Z1MUjmlH7wKXCTlJlUcjY8ZIGnppqOj05KxsddeiiZAxInDGMVitX/v
1M8N26e9RhYvJpa7p7kl+FPzdMaYhcbpXRqmzND6quGFkkYm86BzAEydUbCFbAFW
vzg9FTnDqFNIGckI6D6qK/0S38zX3o1VWnV34OjT/niJSIT7aBC/JUdu35UKEMJC
PjNSa5b9/RAuZwB55lTzTz0mAqN8LYTGaeh80zjFDIWw7BuAX7ZXTGFE1Cjq8zBy
m003TRD8ZsUmZ29Nrl++gU5tfrWzx81f2U2q2ECigg0g
-----END CERTIFICATE-----