Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/NyqyG7fPk-uaBV3NXtzHh7POROs.roa
File:                     NyqyG7fPk-uaBV3NXtzHh7POROs.roa (raw, json)
Hash identifier:          qLY68+vvoU/SWf1iD3VPHA3MqaHYRinOutWS8NLVROo=
Subject key identifier:   37:2A:B2:1B:B7:CF:93:EB:9A:05:5D:CD:5E:DC:C7:87:B3:CE:44:EB
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       0194E1BC9647F7A3CB37DA0F982077E65BC5
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/NyqyG7fPk-uaBV3NXtzHh7POROs.roa
Signing time:             Fri 07 Feb 2025 18:47:00 +0000
ROA not before:           Fri 07 Feb 2025 18:47:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26383
IP address blocks:        103.110.65.0/24 maxlen: 24
                          103.146.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:e1:bc:96:47:f7:a3:cb:37:da:0f:98:20:77:e6:5b:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Feb  7 18:47:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=372ab21bb7cf93eb9a055dcd5edcc787b3ce44eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:19:6e:02:dc:26:28:f5:11:c7:19:ec:84:2d:
                    3f:7a:a3:15:ea:88:ac:91:98:c5:25:e1:f2:fe:a1:
                    97:07:06:1e:2f:71:60:03:ae:a9:99:a1:61:f3:c7:
                    c8:fd:cc:6a:c8:7a:59:f2:07:3e:39:b0:09:11:07:
                    52:ed:ff:32:ca:46:d2:6f:1f:ca:8b:da:b1:96:3c:
                    fd:7e:7e:de:aa:08:50:b5:15:b4:2e:7c:9b:a1:f5:
                    12:3d:93:77:24:10:b3:1b:af:02:ab:16:bf:52:e2:
                    2e:76:86:a4:22:d3:fc:89:76:a9:9c:a6:e7:68:d6:
                    57:1a:c2:f4:ab:11:93:15:9d:ad:f3:d7:fa:e9:84:
                    82:55:af:53:f9:12:23:58:5c:ae:52:60:cc:c2:88:
                    a2:91:61:c8:25:ca:20:cc:34:28:77:16:52:8f:11:
                    63:01:13:3d:50:0d:ec:a6:c8:c3:b7:78:61:75:01:
                    cb:85:63:b2:eb:1b:25:5f:72:6b:dd:26:ae:62:e2:
                    36:d9:23:5a:42:41:93:44:a0:27:8e:d9:6c:bc:64:
                    6e:72:b7:fe:21:ee:f8:9f:62:9d:34:2c:ec:4b:5b:
                    72:7d:fc:3b:19:7b:b7:8a:ea:da:89:3e:db:9d:ad:
                    dd:f7:48:bf:20:a9:0e:08:cf:a8:4a:12:41:9c:0b:
                    17:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:2A:B2:1B:B7:CF:93:EB:9A:05:5D:CD:5E:DC:C7:87:B3:CE:44:EB
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/NyqyG7fPk-uaBV3NXtzHh7POROs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.110.65.0/24
                  103.146.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:98:b4:2f:47:79:ec:9b:68:05:d6:b0:7e:c7:ea:cf:d7:3c:
         85:f0:5c:ac:6c:68:8e:05:cd:86:f5:03:8d:ed:0a:85:15:2b:
         71:7c:47:1c:63:b2:f6:e1:24:8c:b8:53:94:ea:bf:6b:cb:dd:
         cb:58:0d:55:9d:d7:27:23:1d:13:b9:0b:d1:8f:ad:c8:e9:0b:
         5a:58:f7:5b:81:cf:52:d4:9c:57:58:41:30:f2:7c:8f:c7:d0:
         13:6d:68:d5:74:a8:f9:63:9b:9f:df:60:02:8b:8b:81:11:c9:
         b3:63:6d:62:8e:4a:28:26:41:bb:11:f2:75:a0:c1:36:9a:9b:
         a4:4b:e1:aa:97:56:37:0d:ab:aa:5b:b3:76:5a:5f:8e:96:1e:
         b2:c2:a4:ef:be:c7:b7:d7:09:b1:44:ae:82:17:06:cb:ae:62:
         5f:2b:41:de:f5:8f:f1:0f:ad:0c:95:1d:25:8a:b7:9e:7a:bb:
         34:09:95:c6:2b:ca:a6:78:78:c3:59:99:0b:a0:ee:eb:92:ed:
         51:26:68:36:1c:14:5b:b6:b6:13:9d:44:f5:08:93:f7:20:2d:
         8a:09:82:ba:cc:88:c3:36:05:6c:83:52:d4:46:32:77:5c:99:
         de:27:5d:f6:0c:4b:e1:09:7e:5c:c7:1f:e8:36:79:b3:ae:0f:
         1b:e1:2b:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZThvJZH96PLN9oPmCB35lvFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjUwMjA3MTg0NzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzJhYjIxYmI3Y2Y5M2ViOWEwNTVkY2Q1ZWRjYzc4N2IzY2U0NGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxluAtwmKPURxxnshC0/eqMV6ois
kZjFJeHy/qGXBwYeL3FgA66pmaFh88fI/cxqyHpZ8gc+ObAJEQdS7f8yykbSbx/K
i9qxljz9fn7eqghQtRW0LnybofUSPZN3JBCzG68Cqxa/UuIudoakItP8iXapnKbn
aNZXGsL0qxGTFZ2t89f66YSCVa9T+RIjWFyuUmDMwoiikWHIJcogzDQodxZSjxFj
ARM9UA3spsjDt3hhdQHLhWOy6xslX3Jr3SauYuI22SNaQkGTRKAnjtlsvGRucrf+
Ie74n2KdNCzsS1tyffw7GXu3iuraiT7bna3d90i/IKkOCM+oShJBnAsXvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDcqshu3z5PrmgVdzV7cx4ezzkTrMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvTnlxeUc3ZlBrLXVhQlYzTlh0ekhoN1BPUk9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ25BAwQA
Z5J3MA0GCSqGSIb3DQEBCwUAA4IBAQCKmLQvR3nsm2gF1rB+x+rP1zyF8FysbGiO
Bc2G9QON7QqFFStxfEccY7L24SSMuFOU6r9ry93LWA1VndcnIx0TuQvRj63I6Qta
WPdbgc9S1JxXWEEw8nyPx9ATbWjVdKj5Y5uf32ACi4uBEcmzY21ijkooJkG7EfJ1
oME2mpukS+Gql1Y3DauqW7N2Wl+Olh6ywqTvvse31wmxRK6CFwbLrmJfK0He9Y/x
D60MlR0lireeers0CZXGK8qmeHjDWZkLoO7rku1RJmg2HBRbtrYTnUT1CJP3IC2K
CYK6zIjDNgVsg1LURjJ3XJneJ132DEvhCX5cxx/oNnmzrg8b4SvA
-----END CERTIFICATE-----