Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/feb3ba-ee90-4f03-9e00-f6179a910b15/1/p1AsoEVibIBc5GSYOKWOqvzfe9A.roa
File:                     p1AsoEVibIBc5GSYOKWOqvzfe9A.roa (raw, json)
Hash identifier:          9YCwPbovSC4G7wRa/T0wb0foArbuSZovUbbJuBkzhV8=
Subject key identifier:   A7:50:2C:A0:45:62:6C:80:5C:E4:64:98:38:A5:8E:AA:FC:DF:7B:D0
Certificate issuer:       /CN=26bddae04dbcb1f82f55b078307ba4b084b994bb
Certificate serial:       018CC64B23005D23F645773B8C7798B68A25
Authority key identifier: 26:BD:DA:E0:4D:BC:B1:F8:2F:55:B0:78:30:7B:A4:B0:84:B9:94:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jr3a4E28sfgvVbB4MHuksIS5lLs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/feb3ba-ee90-4f03-9e00-f6179a910b15/1/p1AsoEVibIBc5GSYOKWOqvzfe9A.roa
Signing time:             Mon 01 Jan 2024 18:31:02 +0000
ROA not before:           Mon 01 Jan 2024 18:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43233
IP address blocks:        103.231.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/feb3ba-ee90-4f03-9e00-f6179a910b15/1/Jr3a4E28sfgvVbB4MHuksIS5lLs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/feb3ba-ee90-4f03-9e00-f6179a910b15/1/Jr3a4E28sfgvVbB4MHuksIS5lLs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jr3a4E28sfgvVbB4MHuksIS5lLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:23:00:5d:23:f6:45:77:3b:8c:77:98:b6:8a:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26bddae04dbcb1f82f55b078307ba4b084b994bb
        Validity
            Not Before: Jan  1 18:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7502ca045626c805ce4649838a58eaafcdf7bd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:57:bc:7e:32:0d:7b:40:92:63:96:22:cb:81:
                    6e:9a:e6:da:42:6d:f2:05:33:22:62:3f:0a:dc:55:
                    fb:e4:31:71:42:41:0b:13:60:a3:a1:fe:a7:25:fd:
                    50:9b:2b:40:3b:9a:e4:70:88:b6:cc:a2:73:32:b3:
                    02:e6:5c:ab:94:12:d4:16:96:71:87:c1:3d:a8:f2:
                    e3:e7:d4:0a:e2:6e:b0:f0:a8:64:e3:e7:95:b4:4c:
                    40:c6:74:8f:c0:68:5e:a9:40:08:00:d3:3c:08:c6:
                    a3:e7:d1:11:dc:b6:9c:9d:41:fd:1e:5b:cc:d4:94:
                    1c:f8:71:d2:75:6b:ff:62:90:0b:69:f0:72:61:00:
                    6a:af:48:03:cc:14:f8:b5:29:57:2d:ea:14:31:b3:
                    50:cf:6f:84:8c:f5:f1:20:ca:66:cf:c2:6c:43:2b:
                    ef:10:4b:1f:fc:db:f3:a8:ee:29:1a:50:71:ae:6b:
                    69:f0:0c:ae:11:71:40:99:ee:49:12:49:e2:e0:22:
                    24:99:47:18:d1:ee:f2:9b:15:06:e9:fa:b6:db:65:
                    6a:a7:5b:b9:75:04:aa:02:4a:e5:5d:45:1a:ac:55:
                    f3:56:73:b6:cc:f4:f2:c1:b7:f7:6f:23:51:47:f5:
                    44:c6:fe:d4:4c:57:a6:61:a5:32:4f:d0:43:8a:77:
                    43:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:50:2C:A0:45:62:6C:80:5C:E4:64:98:38:A5:8E:AA:FC:DF:7B:D0
            X509v3 Authority Key Identifier:
                keyid:26:BD:DA:E0:4D:BC:B1:F8:2F:55:B0:78:30:7B:A4:B0:84:B9:94:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jr3a4E28sfgvVbB4MHuksIS5lLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/feb3ba-ee90-4f03-9e00-f6179a910b15/1/p1AsoEVibIBc5GSYOKWOqvzfe9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/feb3ba-ee90-4f03-9e00-f6179a910b15/1/Jr3a4E28sfgvVbB4MHuksIS5lLs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.231.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:be:52:ae:3a:4e:c3:29:92:db:08:04:c5:cf:db:6c:d0:91:
         ac:96:69:f3:5c:8f:12:f6:eb:a4:a6:e0:e8:18:c3:a4:99:8d:
         e2:06:b1:1a:df:a7:89:33:e0:02:4f:f8:ab:96:e6:d0:08:db:
         b1:9b:b8:7b:19:8a:89:c7:7d:e7:1c:73:de:16:cb:6c:b3:f7:
         1f:84:a0:1d:12:b0:17:d8:56:03:98:9c:4e:7e:d6:39:43:52:
         3a:b7:a3:6f:72:1b:82:cd:8e:82:17:d0:69:2a:76:4e:bd:92:
         7f:09:ae:f7:27:c7:14:8d:e9:6a:86:6d:46:93:50:dd:0b:a2:
         75:ca:22:e4:ac:4b:9f:69:ca:2c:45:e2:35:24:e9:19:d8:c2:
         ed:e4:e8:40:19:ef:77:62:76:35:82:40:35:a8:42:84:94:72:
         ad:69:02:cf:8e:b8:5e:c8:7d:e4:4c:0a:a4:51:b1:8a:d5:d7:
         e9:63:19:16:40:58:a5:5a:7f:93:45:c7:1f:43:c6:3c:44:44:
         b5:dc:90:ca:c9:fb:8d:23:9c:f3:6a:86:3a:b0:7e:5e:fa:0c:
         a5:5a:f9:75:52:16:58:c3:a0:7d:3d:0c:38:29:0f:8b:dc:9a:
         17:02:a6:ed:22:de:92:b3:e0:6a:ef:12:03:53:31:38:d1:17:
         6e:2d:90:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSyMAXSP2RXc7jHeYtoolMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YmRkYWUwNGRiY2IxZjgyZjU1YjA3ODMwN2JhNGIwODRi
OTk0YmIwHhcNMjQwMTAxMTgzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzUwMmNhMDQ1NjI2YzgwNWNlNDY0OTgzOGE1OGVhYWZjZGY3YmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVe8fjINe0CSY5Yiy4FumubaQm3y
BTMiYj8K3FX75DFxQkELE2Cjof6nJf1QmytAO5rkcIi2zKJzMrMC5lyrlBLUFpZx
h8E9qPLj59QK4m6w8Khk4+eVtExAxnSPwGheqUAIANM8CMaj59ER3LacnUH9HlvM
1JQc+HHSdWv/YpALafByYQBqr0gDzBT4tSlXLeoUMbNQz2+EjPXxIMpmz8JsQyvv
EEsf/NvzqO4pGlBxrmtp8AyuEXFAme5JEkni4CIkmUcY0e7ymxUG6fq222Vqp1u5
dQSqAkrlXUUarFXzVnO2zPTywbf3byNRR/VExv7UTFemYaUyT9BDindDQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdQLKBFYmyAXORkmDiljqr833vQMB8GA1UdIwQY
MBaAFCa92uBNvLH4L1WweDB7pLCEuZS7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnIzYTRFMjhzZmd2VmJCNE1IdWtzSVM1bExzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9mZWIzYmEtZWU5MC00ZjAzLTllMDAt
ZjYxNzlhOTEwYjE1LzEvcDFBc29FVmliSUJjNUdTWU9LV09xdnpmZTlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9mZWIzYmEtZWU5MC00ZjAzLTllMDAtZjYxNzlhOTEwYjE1
LzEvSnIzYTRFMjhzZmd2VmJCNE1IdWtzSVM1bExzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ+eLMA0G
CSqGSIb3DQEBCwUAA4IBAQBnvlKuOk7DKZLbCATFz9ts0JGslmnzXI8S9uukpuDo
GMOkmY3iBrEa36eJM+ACT/irlubQCNuxm7h7GYqJx33nHHPeFstss/cfhKAdErAX
2FYDmJxOftY5Q1I6t6NvchuCzY6CF9BpKnZOvZJ/Ca73J8cUjelqhm1Gk1DdC6J1
yiLkrEufacosReI1JOkZ2MLt5OhAGe93YnY1gkA1qEKElHKtaQLPjrheyH3kTAqk
UbGK1dfpYxkWQFilWn+TRccfQ8Y8RES13JDKyfuNI5zzaoY6sH5e+gylWvl1UhZY
w6B9PQw4KQ+L3JoXAqbtIt6Ss+Bq7xIDUzE40RduLZDK
-----END CERTIFICATE-----