Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/RoaSxBr_-xssvvDubAoAhMyxaAg.roa
File:                     RoaSxBr_-xssvvDubAoAhMyxaAg.roa (raw, json)
Hash identifier:          UZpuMn+RNpVxxnZxp21D39sq8CTTXmab0fgVUeNycsQ=
Subject key identifier:   46:86:92:C4:1A:FF:FB:1B:2C:BE:F0:EE:6C:0A:00:84:CC:B1:68:08
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       0196439044BC25A443B0F3EEC31AD5CBC1A1
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/RoaSxBr_-xssvvDubAoAhMyxaAg.roa
Signing time:             Thu 17 Apr 2025 11:44:10 +0000
ROA not before:           Thu 17 Apr 2025 11:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        103.27.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:43:90:44:bc:25:a4:43:b0:f3:ee:c3:1a:d5:cb:c1:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Apr 17 11:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=468692c41afffb1b2cbef0ee6c0a0084ccb16808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:39:65:21:9a:fc:be:72:cf:00:a9:fa:fe:c9:
                    7f:68:5f:88:bb:0f:74:f7:3d:70:f1:4f:01:ec:64:
                    24:1b:53:d2:98:d2:b3:fc:1f:27:ee:63:7b:be:89:
                    9a:2a:bd:e9:e6:71:72:63:57:79:81:7b:2b:42:0d:
                    22:f6:b1:b6:9f:82:86:71:6a:19:b0:01:5c:2c:77:
                    e5:f0:7c:ae:4e:41:04:fd:6f:f7:a2:be:c8:9b:19:
                    d6:31:a9:e3:de:e2:a0:30:59:4f:51:c6:a5:86:e3:
                    5e:a7:27:7e:49:7c:30:82:69:93:ae:8f:eb:57:20:
                    bc:36:95:b7:cd:c9:1b:76:fe:a7:02:53:bc:17:5c:
                    2e:f5:a6:0e:af:d6:55:f5:5f:20:a9:7f:21:12:d4:
                    27:29:51:98:d1:d9:1b:3a:f8:a2:b5:75:7b:5c:a2:
                    ab:31:8d:9b:b9:ea:fe:63:d6:9f:77:80:25:e0:34:
                    f0:7c:a3:0f:7e:e3:e5:da:e3:af:bc:05:7c:75:cc:
                    54:84:8e:ad:5c:0c:be:8f:01:c2:a6:ec:1a:9a:84:
                    f3:2a:86:00:e9:d2:6a:55:f1:09:0d:05:ee:63:b2:
                    95:30:a5:a8:ce:b8:3a:46:f8:85:13:b7:22:b9:39:
                    80:c8:c3:6d:3a:49:ca:a1:73:11:c0:fa:ff:67:5a:
                    8d:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:86:92:C4:1A:FF:FB:1B:2C:BE:F0:EE:6C:0A:00:84:CC:B1:68:08
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/RoaSxBr_-xssvvDubAoAhMyxaAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.27.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:72:69:b4:ea:8d:e3:f5:76:57:e5:f9:bf:b3:98:20:be:6c:
         86:2a:df:9e:4c:05:20:6a:49:70:d7:d9:24:b7:b8:b2:e9:8d:
         02:47:d7:b5:37:06:ce:1a:0a:28:74:ec:7d:f7:34:e2:c3:2c:
         a8:00:2a:42:91:b9:b0:97:b0:15:89:cc:4d:89:11:94:53:52:
         54:74:0e:0d:6e:54:a1:8a:75:c3:f9:72:82:38:b3:af:f2:87:
         09:ab:d2:4a:bc:ba:16:7a:f1:f7:9b:03:c9:eb:be:19:d8:66:
         c7:d0:51:6b:06:a6:fc:1c:77:8f:c7:fb:d2:2b:60:9f:7f:60:
         61:3a:a2:24:a8:2f:97:e1:ad:d0:21:3e:fb:f3:9c:94:74:a9:
         af:06:2f:77:1c:dd:70:d8:05:5a:8c:bd:8a:91:c3:a0:d3:39:
         ee:6a:9c:5b:69:09:08:a8:09:67:d1:a9:85:54:29:c9:80:86:
         f6:23:aa:d3:7b:da:88:42:92:6a:2a:d6:e9:3d:34:5e:eb:24:
         c1:a8:c3:ef:c9:d6:95:58:7d:b7:68:d4:a6:1a:79:c4:cd:d4:
         aa:9d:36:6c:93:8f:40:f1:48:c0:b8:8e:11:c6:b0:56:ae:ab:
         d0:36:5b:1b:9e:c4:07:56:f3:35:95:03:f1:ca:04:a5:1f:61:
         af:f8:1c:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZDkES8JaRDsPPuwxrVy8GhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjUwNDE3MTE0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Njg2OTJjNDFhZmZmYjFiMmNiZWYwZWU2YzBhMDA4NGNjYjE2ODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszllIZr8vnLPAKn6/sl/aF+Iuw90
9z1w8U8B7GQkG1PSmNKz/B8n7mN7vomaKr3p5nFyY1d5gXsrQg0i9rG2n4KGcWoZ
sAFcLHfl8HyuTkEE/W/3or7ImxnWManj3uKgMFlPUcalhuNepyd+SXwwgmmTro/r
VyC8NpW3zckbdv6nAlO8F1wu9aYOr9ZV9V8gqX8hEtQnKVGY0dkbOviitXV7XKKr
MY2buer+Y9afd4Al4DTwfKMPfuPl2uOvvAV8dcxUhI6tXAy+jwHCpuwamoTzKoYA
6dJqVfEJDQXuY7KVMKWozrg6RviFE7ciuTmAyMNtOknKoXMRwPr/Z1qNmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEaGksQa//sbLL7w7mwKAITMsWgIMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvUm9hU3hCcl8teHNzdnZEdWJBb0FoTXl4YUFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZxufMA0G
CSqGSIb3DQEBCwUAA4IBAQCqcmm06o3j9XZX5fm/s5ggvmyGKt+eTAUgaklw19kk
t7iy6Y0CR9e1NwbOGgoodOx99zTiwyyoACpCkbmwl7AVicxNiRGUU1JUdA4NblSh
inXD+XKCOLOv8ocJq9JKvLoWevH3mwPJ674Z2GbH0FFrBqb8HHePx/vSK2Cff2Bh
OqIkqC+X4a3QIT7785yUdKmvBi93HN1w2AVajL2KkcOg0znuapxbaQkIqAln0amF
VCnJgIb2I6rTe9qIQpJqKtbpPTRe6yTBqMPvydaVWH23aNSmGnnEzdSqnTZsk49A
8UjAuI4RxrBWrqvQNlsbnsQHVvM1lQPxygSlH2Gv+Bx1
-----END CERTIFICATE-----