Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1wpYbJjMVS82TVxPAOVX6pCPGKQ.roa
File:                     1wpYbJjMVS82TVxPAOVX6pCPGKQ.roa (raw, json)
Hash identifier:          3xvTuCB41F6sdLRUmzqEl3VOI6ssNS6IFJHIQv00iw4=
Subject key identifier:   D7:0A:58:6C:98:CC:55:2F:36:4D:5C:4F:00:E5:57:EA:90:8F:18:A4
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       0194ADB01841EE5E0E77DF60E4DBAE37F182
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1wpYbJjMVS82TVxPAOVX6pCPGKQ.roa
Signing time:             Tue 28 Jan 2025 16:13:06 +0000
ROA not before:           Tue 28 Jan 2025 16:13:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20326
IP address blocks:        103.110.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ad:b0:18:41:ee:5e:0e:77:df:60:e4:db:ae:37:f1:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Jan 28 16:13:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d70a586c98cc552f364d5c4f00e557ea908f18a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:5b:f5:54:90:37:b9:36:5b:b7:60:fc:d5:a4:
                    d5:88:b1:95:19:c1:3a:05:b0:91:8c:11:a3:c9:04:
                    58:19:52:a2:c5:c3:27:1c:5c:19:45:3c:0a:5a:93:
                    a1:e6:8b:18:f2:09:32:94:67:0d:bb:6d:f6:64:ee:
                    e5:dc:5b:83:7f:c6:f2:0a:be:95:3c:ea:b6:24:76:
                    e6:43:35:81:c3:17:28:12:38:9b:21:88:c7:70:db:
                    68:50:a0:9a:cc:4a:15:55:dd:fc:cb:8e:c1:c6:30:
                    ca:1f:e7:82:eb:b4:ab:df:e7:b8:2a:69:83:ce:89:
                    71:70:3c:6d:ee:9b:91:29:24:a6:07:6a:d6:f8:fb:
                    58:ec:4c:98:9f:6a:35:dc:37:6f:82:92:96:0b:a7:
                    e5:67:69:2a:2f:65:80:08:a6:48:e5:93:de:b9:8b:
                    3f:ef:9f:3e:e2:8c:34:e2:4d:39:0c:80:e7:91:09:
                    5c:29:73:50:a2:36:bc:c7:1f:08:21:7c:5f:74:99:
                    48:64:91:fe:ab:d6:63:3a:7a:4a:84:77:0f:07:47:
                    0b:d5:87:fc:cf:d0:ba:61:d5:29:c6:52:c5:bc:2a:
                    1b:c9:7e:65:7d:12:5c:05:be:b9:0a:b7:d6:cd:79:
                    12:31:c9:80:ce:75:41:75:36:7d:7a:2c:71:17:2c:
                    a4:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:0A:58:6C:98:CC:55:2F:36:4D:5C:4F:00:E5:57:EA:90:8F:18:A4
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1wpYbJjMVS82TVxPAOVX6pCPGKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.110.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:d2:c5:c8:72:cf:b8:db:3a:f1:49:38:d4:f9:c9:bd:eb:de:
         7a:a5:75:01:0f:18:9e:08:9a:ae:32:93:c3:b6:55:9c:a9:2e:
         6c:49:bb:ab:f0:f0:3b:d5:1f:32:5c:c2:e5:cf:0f:fe:e3:03:
         e5:83:ce:9b:65:73:fb:5b:02:32:c9:11:25:49:8d:d0:73:dd:
         0d:1d:84:99:04:36:07:6c:b3:2f:98:b6:d7:44:13:b5:14:d0:
         24:2a:71:14:d4:0f:25:85:1c:10:93:cc:47:a0:cc:ee:ba:b9:
         3c:15:22:00:26:1c:98:80:16:58:4f:17:b3:f2:36:3d:85:bc:
         ac:cf:e2:7a:e3:70:91:d7:e5:be:e6:d8:4d:60:5b:6f:62:aa:
         2b:4f:ec:67:64:90:24:35:0c:8a:f7:49:61:32:20:bb:f7:39:
         9f:44:50:b4:5e:e9:4b:e6:6a:ea:78:df:47:44:76:4d:58:cf:
         82:f4:99:90:bf:ec:7a:8c:03:9b:e1:ca:20:e2:de:eb:7f:12:
         25:1b:d2:58:c5:51:71:54:36:3a:39:cb:6e:9d:db:ca:cf:c5:
         2d:13:7f:50:7b:2e:7e:c0:b3:a3:e1:4a:28:e9:a2:5c:a5:34:
         90:96:d9:e2:2b:57:9d:59:fb:d3:02:28:6e:c5:56:bd:99:73:
         27:eb:ae:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZStsBhB7l4Od99g5NuuN/GCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjUwMTI4MTYxMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzBhNTg2Yzk4Y2M1NTJmMzY0ZDVjNGYwMGU1NTdlYTkwOGYxOGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1v1VJA3uTZbt2D81aTViLGVGcE6
BbCRjBGjyQRYGVKixcMnHFwZRTwKWpOh5osY8gkylGcNu232ZO7l3FuDf8byCr6V
POq2JHbmQzWBwxcoEjibIYjHcNtoUKCazEoVVd38y47BxjDKH+eC67Sr3+e4KmmD
zolxcDxt7puRKSSmB2rW+PtY7EyYn2o13DdvgpKWC6flZ2kqL2WACKZI5ZPeuYs/
758+4ow04k05DIDnkQlcKXNQoja8xx8IIXxfdJlIZJH+q9ZjOnpKhHcPB0cL1Yf8
z9C6YdUpxlLFvCobyX5lfRJcBb65CrfWzXkSMcmAznVBdTZ9eixxFyykpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNcKWGyYzFUvNk1cTwDlV+qQjxikMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvMXdwWWJKak1WUzgyVFZ4UEFPVlg2cENQR0tRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ25AMA0G
CSqGSIb3DQEBCwUAA4IBAQBR0sXIcs+42zrxSTjU+cm96956pXUBDxieCJquMpPD
tlWcqS5sSbur8PA71R8yXMLlzw/+4wPlg86bZXP7WwIyyRElSY3Qc90NHYSZBDYH
bLMvmLbXRBO1FNAkKnEU1A8lhRwQk8xHoMzuurk8FSIAJhyYgBZYTxez8jY9hbys
z+J643CR1+W+5thNYFtvYqorT+xnZJAkNQyK90lhMiC79zmfRFC0XulL5mrqeN9H
RHZNWM+C9JmQv+x6jAOb4cog4t7rfxIlG9JYxVFxVDY6OctundvKz8UtE39Qey5+
wLOj4Uoo6aJcpTSQltniK1edWfvTAihuxVa9mXMn664u
-----END CERTIFICATE-----