Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/P7RJoaRIWKf_bMbITBqWxB7_98A.roa
File:                     P7RJoaRIWKf_bMbITBqWxB7_98A.roa (raw, json)
Hash identifier:          96c6JUc4S3gEtVv0u9h0OF+A/AH93f/xqLeQtfdbyjs=
Subject key identifier:   3F:B4:49:A1:A4:48:58:A7:FF:6C:C6:C8:4C:1A:96:C4:1E:FF:F7:C0
Certificate issuer:       /CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
Certificate serial:       018CC7933FADF75F7A2192AC298A3052D9C8
Authority key identifier: E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/P7RJoaRIWKf_bMbITBqWxB7_98A.roa
Signing time:             Tue 02 Jan 2024 00:29:25 +0000
ROA not before:           Tue 02 Jan 2024 00:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        212.103.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:3f:ad:f7:5f:7a:21:92:ac:29:8a:30:52:d9:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
        Validity
            Not Before: Jan  2 00:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fb449a1a44858a7ff6cc6c84c1a96c41efff7c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:fa:d3:12:c9:e3:d7:5a:d8:f2:5e:da:27:80:
                    71:51:5a:21:36:e7:47:1d:e2:47:53:ae:71:85:f5:
                    70:bf:54:24:bc:ef:e5:b0:1f:b5:20:5a:10:cd:e6:
                    bb:8e:68:5c:ff:34:0b:f6:cd:e7:f2:b2:fc:46:71:
                    1e:e5:1f:91:38:cd:b9:ba:af:ae:18:77:5c:02:4c:
                    72:25:22:f5:a0:83:3a:f8:5c:c5:ec:6c:a4:e0:7e:
                    85:4d:99:7c:93:c3:c7:f2:9a:9d:ba:28:19:f9:16:
                    e7:33:09:c6:d8:6c:8d:7e:f7:74:c8:e2:92:94:07:
                    38:1b:d6:e1:aa:f2:c0:a5:54:2f:33:f4:5e:28:95:
                    5c:4a:2e:d1:c4:e6:09:4e:15:41:3b:ee:da:e6:1d:
                    ae:f8:0b:5a:01:e9:e5:c1:83:fd:0c:7c:55:f0:0b:
                    ea:5a:a9:d7:db:e2:b7:bb:e3:71:cc:7d:25:e8:4c:
                    1b:60:c7:e3:aa:5e:f5:6b:49:2f:74:db:b7:b2:01:
                    ef:ea:4a:08:bb:32:88:14:36:de:79:96:5d:d4:ad:
                    62:9f:72:c1:71:15:3a:11:12:36:10:c8:a4:7a:13:
                    2f:54:69:f6:c4:48:3e:36:57:a5:bc:f9:e3:56:51:
                    8b:e4:ed:16:60:44:1f:df:1b:51:2c:d0:c6:7e:37:
                    25:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:B4:49:A1:A4:48:58:A7:FF:6C:C6:C8:4C:1A:96:C4:1E:FF:F7:C0
            X509v3 Authority Key Identifier:
                keyid:E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/P7RJoaRIWKf_bMbITBqWxB7_98A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.103.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:d2:7f:24:d3:63:7d:6d:e4:0c:cc:d9:30:71:0f:05:e4:84:
         2e:65:b2:6c:df:4d:3e:aa:02:cf:b7:d9:55:1f:90:00:cd:8a:
         63:e9:bc:91:59:92:63:57:da:22:00:4a:f4:e7:ac:26:e0:4f:
         a7:1b:75:c6:b7:09:a8:d1:f1:4f:43:d0:e4:2b:55:db:2d:a3:
         52:18:68:6a:c9:c8:54:d7:a1:31:07:94:be:c8:29:a4:f6:85:
         5c:8f:42:37:67:ac:fc:b2:8b:c8:7c:a7:5d:fb:f7:89:7e:55:
         a5:9a:3f:67:72:79:09:aa:6a:37:b4:0c:c8:f2:75:18:60:57:
         0b:af:51:4e:82:4b:bd:20:40:be:66:a1:4f:b8:cd:d9:df:6c:
         8b:73:0d:33:98:77:58:24:35:2e:5e:35:d8:70:50:2d:f0:c0:
         af:22:f0:d1:6d:97:54:80:a8:82:78:cf:97:e5:14:49:a1:6c:
         a9:a1:25:bd:ee:12:c6:e3:41:36:b3:b5:44:b2:4e:9c:55:60:
         c6:1d:89:0c:5c:25:ed:29:9a:84:7b:fb:43:ae:48:af:dc:40:
         2f:78:62:d4:05:35:45:3f:65:db:53:a3:db:5d:07:5e:f9:d9:
         11:23:ab:76:7c:a7:05:b1:b8:1c:42:0a:c5:30:86:bf:4e:7d:
         c9:11:30:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHkz+t9196IZKsKYowUtnIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDBjNDlhMGU5N2UwZDVmM2NlZDNiN2I2YjlmNzJjYTBj
YjUzZDYwHhcNMjQwMTAyMDAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmI0NDlhMWE0NDg1OGE3ZmY2Y2M2Yzg0YzFhOTZjNDFlZmZmN2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPrTEsnj11rY8l7aJ4BxUVohNudH
HeJHU65xhfVwv1QkvO/lsB+1IFoQzea7jmhc/zQL9s3n8rL8RnEe5R+ROM25uq+u
GHdcAkxyJSL1oIM6+FzF7Gyk4H6FTZl8k8PH8pqduigZ+RbnMwnG2GyNfvd0yOKS
lAc4G9bhqvLApVQvM/ReKJVcSi7RxOYJThVBO+7a5h2u+AtaAenlwYP9DHxV8Avq
WqnX2+K3u+NxzH0l6EwbYMfjql71a0kvdNu3sgHv6koIuzKIFDbeeZZd1K1in3LB
cRU6ERI2EMikehMvVGn2xEg+NlelvPnjVlGL5O0WYEQf3xtRLNDGfjcl9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+0SaGkSFin/2zGyEwalsQe//fAMB8GA1UdIwQY
MBaAFOLQxJoOl+DV887Tt7a59yygy1PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEt
NDY5MGEwMDcxNDFmLzEvUDdSSm9hUklXS2ZfYk1iSVRCcVd4QjdfOThBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEtNDY5MGEwMDcxNDFm
LzEvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GcpMA0G
CSqGSIb3DQEBCwUAA4IBAQBj0n8k02N9beQMzNkwcQ8F5IQuZbJs300+qgLPt9lV
H5AAzYpj6byRWZJjV9oiAEr056wm4E+nG3XGtwmo0fFPQ9DkK1XbLaNSGGhqychU
16ExB5S+yCmk9oVcj0I3Z6z8sovIfKdd+/eJflWlmj9ncnkJqmo3tAzI8nUYYFcL
r1FOgku9IEC+ZqFPuM3Z32yLcw0zmHdYJDUuXjXYcFAt8MCvIvDRbZdUgKiCeM+X
5RRJoWypoSW97hLG40E2s7VEsk6cVWDGHYkMXCXtKZqEe/tDrkiv3EAveGLUBTVF
P2XbU6PbXQde+dkRI6t2fKcFsbgcQgrFMIa/Tn3JETC0
-----END CERTIFICATE-----