Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/0aa4dd-3faa-4b3c-b4c0-93d17a29c0a9/1/KGvd9Dk5_a_R1xkL2TWSdydfpdk.roa
File:                     KGvd9Dk5_a_R1xkL2TWSdydfpdk.roa (raw, json)
Hash identifier:          HlescFWLzPsD70c5CcwFp2ufdRCBYWVscapXjHm9XI4=
Subject key identifier:   28:6B:DD:F4:39:39:FD:AF:D1:D7:19:0B:D9:35:92:77:27:5F:A5:D9
Certificate issuer:       /CN=97ccc0ecdceb7c4da912e1d792bd16e622af4a46
Certificate serial:       0194ACBEC5822CA296CF44982E6D07805C4F
Authority key identifier: 97:CC:C0:EC:DC:EB:7C:4D:A9:12:E1:D7:92:BD:16:E6:22:AF:4A:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l8zA7NzrfE2pEuHXkr0W5iKvSkY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/0aa4dd-3faa-4b3c-b4c0-93d17a29c0a9/1/KGvd9Dk5_a_R1xkL2TWSdydfpdk.roa
Signing time:             Tue 28 Jan 2025 11:49:31 +0000
ROA not before:           Tue 28 Jan 2025 11:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203835
IP address blocks:        103.215.98.0/23 maxlen: 23
                          185.254.160.0/22 maxlen: 22
                          2a0c:4fc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/0aa4dd-3faa-4b3c-b4c0-93d17a29c0a9/1/l8zA7NzrfE2pEuHXkr0W5iKvSkY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/0aa4dd-3faa-4b3c-b4c0-93d17a29c0a9/1/l8zA7NzrfE2pEuHXkr0W5iKvSkY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l8zA7NzrfE2pEuHXkr0W5iKvSkY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:be:c5:82:2c:a2:96:cf:44:98:2e:6d:07:80:5c:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ccc0ecdceb7c4da912e1d792bd16e622af4a46
        Validity
            Not Before: Jan 28 11:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=286bddf43939fdafd1d7190bd9359277275fa5d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:59:60:81:7f:72:88:d7:bf:ea:5c:1f:d2:be:
                    a5:d4:1d:be:af:30:17:3e:ec:a1:54:e0:42:db:1f:
                    87:c6:c8:e2:7a:88:26:4d:1f:e2:01:ee:40:c1:f0:
                    d4:a0:10:9b:ad:a3:69:5c:12:f3:35:cc:75:92:88:
                    0b:7a:27:6d:3f:bb:9e:98:c8:f0:77:d6:62:58:cc:
                    9f:41:b8:f0:10:d3:78:3e:39:0e:f3:ea:99:2e:4a:
                    f4:41:98:5e:a4:64:62:07:26:6e:f5:7e:44:0a:fa:
                    17:ed:fa:c1:5a:83:ad:f7:7c:37:02:1e:2d:53:d3:
                    1b:47:49:06:d5:2a:f5:bd:0f:f2:33:4a:57:06:33:
                    d8:75:73:32:e6:ae:fe:3f:37:f4:c3:e3:7d:78:c0:
                    d5:f5:ae:1f:81:43:e7:a9:93:ef:ce:c9:19:33:35:
                    ff:fd:78:c9:28:18:ea:16:60:8c:8e:97:94:b4:a1:
                    f5:6b:9f:4a:17:7f:30:7f:e8:2c:8d:21:4b:f7:3f:
                    32:90:50:cd:15:30:41:aa:ce:17:bf:40:4b:4a:01:
                    9c:79:6f:90:16:aa:54:32:83:fc:a7:95:60:f0:00:
                    8f:84:2d:79:52:ae:2a:f4:d9:d3:c1:fb:05:f3:3f:
                    de:63:77:af:99:dc:c9:d8:a5:17:a8:e5:a4:4d:fb:
                    26:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:6B:DD:F4:39:39:FD:AF:D1:D7:19:0B:D9:35:92:77:27:5F:A5:D9
            X509v3 Authority Key Identifier:
                keyid:97:CC:C0:EC:DC:EB:7C:4D:A9:12:E1:D7:92:BD:16:E6:22:AF:4A:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l8zA7NzrfE2pEuHXkr0W5iKvSkY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/0aa4dd-3faa-4b3c-b4c0-93d17a29c0a9/1/KGvd9Dk5_a_R1xkL2TWSdydfpdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/0aa4dd-3faa-4b3c-b4c0-93d17a29c0a9/1/l8zA7NzrfE2pEuHXkr0W5iKvSkY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.215.98.0/23
                  185.254.160.0/22
                IPv6:
                  2a0c:4fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a3:f2:00:52:8e:21:82:f9:27:d2:0a:78:fd:1d:62:2f:80:ab:
         b9:04:d1:08:9b:d6:bd:79:25:86:84:9b:e5:55:44:9b:28:b1:
         e9:9c:49:4f:b0:12:c0:d0:38:0e:15:67:6a:a4:dd:56:da:4e:
         86:ac:9f:ff:0e:4a:32:28:4a:48:12:b5:3d:27:79:3a:df:0f:
         9e:ea:ff:4a:56:8f:a4:54:56:82:e0:15:61:18:ca:c3:94:bb:
         10:74:17:06:36:78:f9:08:f1:6b:83:b4:0f:4e:10:52:86:6d:
         4f:a7:d7:dd:de:dc:07:bb:f5:e8:c4:75:d0:5d:54:66:f0:ee:
         39:4c:4b:79:e9:70:83:94:73:0d:6d:47:31:0d:80:e7:19:82:
         39:d5:37:9e:87:81:6f:4f:45:e0:09:50:42:99:64:02:62:7e:
         49:e0:b6:17:4b:46:1e:15:bb:ef:2b:17:f9:28:11:38:32:5a:
         13:ca:a7:c4:b8:26:c2:1b:5d:a1:5c:4f:7c:29:2e:20:a0:fc:
         df:ce:40:6b:54:91:34:cc:03:e6:63:02:6b:77:06:e5:3c:68:
         83:cf:a6:d7:39:60:f1:0d:e6:c4:e5:7c:5b:0e:bd:71:82:9c:
         3d:f3:55:1f:38:d1:eb:38:0e:34:a7:66:6e:91:8b:67:32:23:
         85:78:8d:94
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZSsvsWCLKKWz0SYLm0HgFxPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3Y2NjMGVjZGNlYjdjNGRhOTEyZTFkNzkyYmQxNmU2MjJh
ZjRhNDYwHhcNMjUwMTI4MTE0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODZiZGRmNDM5MzlmZGFmZDFkNzE5MGJkOTM1OTI3NzI3NWZhNWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1lggX9yiNe/6lwf0r6l1B2+rzAX
PuyhVOBC2x+HxsjieogmTR/iAe5AwfDUoBCbraNpXBLzNcx1kogLeidtP7uemMjw
d9ZiWMyfQbjwENN4PjkO8+qZLkr0QZhepGRiByZu9X5ECvoX7frBWoOt93w3Ah4t
U9MbR0kG1Sr1vQ/yM0pXBjPYdXMy5q7+Pzf0w+N9eMDV9a4fgUPnqZPvzskZMzX/
/XjJKBjqFmCMjpeUtKH1a59KF38wf+gsjSFL9z8ykFDNFTBBqs4Xv0BLSgGceW+Q
FqpUMoP8p5Vg8ACPhC15Uq4q9NnTwfsF8z/eY3evmdzJ2KUXqOWkTfsmOwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFChr3fQ5Of2v0dcZC9k1kncnX6XZMB8GA1UdIwQY
MBaAFJfMwOzc63xNqRLh15K9FuYir0pGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDh6QTdOenJmRTJwRXVIWGtyMFc1aUt2U2tZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8wYWE0ZGQtM2ZhYS00YjNjLWI0YzAt
OTNkMTdhMjljMGE5LzEvS0d2ZDlEazVfYV9SMXhrTDJUV1NkeWRmcGRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8wYWE0ZGQtM2ZhYS00YjNjLWI0YzAtOTNkMTdhMjljMGE5
LzEvbDh6QTdOenJmRTJwRXVIWGtyMFc1aUt2U2tZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBZ9diAwQC
uf6gMA0EAgACMAcDBQMqDE/AMA0GCSqGSIb3DQEBCwUAA4IBAQCj8gBSjiGC+SfS
Cnj9HWIvgKu5BNEIm9a9eSWGhJvlVUSbKLHpnElPsBLA0DgOFWdqpN1W2k6GrJ//
DkoyKEpIErU9J3k63w+e6v9KVo+kVFaC4BVhGMrDlLsQdBcGNnj5CPFrg7QPThBS
hm1Pp9fd3twHu/XoxHXQXVRm8O45TEt56XCDlHMNbUcxDYDnGYI51Teeh4FvT0Xg
CVBCmWQCYn5J4LYXS0YeFbvvKxf5KBE4MloTyqfEuCbCG12hXE98KS4goPzfzkBr
VJE0zAPmYwJrdwblPGiDz6bXOWDxDebE5XxbDr1xgpw981UfONHrOA40p2ZukYtn
MiOFeI2U
-----END CERTIFICATE-----