Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/oMfkKGXFcnmSViJxvMVaXYN-WMc.roa
File:                     oMfkKGXFcnmSViJxvMVaXYN-WMc.roa (raw, json)
Hash identifier:          dHmlqEj0EtV9pApFZVhgBPJ1DnVEoibHvmv/oANdXq0=
Subject key identifier:   A0:C7:E4:28:65:C5:72:79:92:56:22:71:BC:C5:5A:5D:83:7E:58:C7
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       0194B7EE2A988AE7B2D05F127B8C5C3B6EE6
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/oMfkKGXFcnmSViJxvMVaXYN-WMc.roa
Signing time:             Thu 30 Jan 2025 15:57:06 +0000
ROA not before:           Thu 30 Jan 2025 15:57:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215590
IP address blocks:        103.110.66.0/24 maxlen: 24
                          103.110.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b7:ee:2a:98:8a:e7:b2:d0:5f:12:7b:8c:5c:3b:6e:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Jan 30 15:57:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0c7e42865c5727992562271bcc55a5d837e58c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c0:c4:db:3f:72:68:09:6f:fe:69:52:02:6f:
                    7f:c6:d2:1e:07:35:7d:d6:4d:ab:3f:03:1f:24:71:
                    9a:d1:3e:df:66:dd:53:07:21:3d:fc:59:56:86:3b:
                    d7:de:98:ec:3f:de:b9:24:df:c2:37:89:e6:d1:1f:
                    fd:c4:f6:5b:a6:cb:a5:b6:35:9d:2b:5c:c6:90:0d:
                    ec:03:11:6f:89:41:c5:36:e6:be:47:65:d0:3f:2e:
                    3a:4e:af:46:a8:75:06:56:4d:2c:f7:23:88:3d:49:
                    63:2f:53:a2:ad:c9:9f:92:47:b4:8b:36:b1:c6:00:
                    ed:22:a9:16:f8:74:dd:94:31:79:83:f1:78:5c:11:
                    59:b0:0e:9f:b8:eb:64:ab:3b:d0:fe:b4:63:f4:c9:
                    3f:4d:69:62:27:ca:43:c9:2b:37:58:bd:50:8a:ff:
                    3a:ac:d1:52:a0:9c:38:83:ee:ce:8e:1b:a1:95:80:
                    0c:ab:e6:9c:13:24:69:6e:2d:15:a2:ab:03:71:a9:
                    b6:1d:a6:a2:a9:ee:2b:4e:94:fa:c0:54:cd:c5:8a:
                    ca:e5:5e:62:4f:97:20:73:b2:72:fa:b6:5a:0b:e9:
                    81:d9:4c:08:21:8c:5d:d7:e8:01:e6:2e:6a:47:20:
                    ef:f6:37:1b:00:cf:22:1f:d8:20:5c:be:49:54:8a:
                    4c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:C7:E4:28:65:C5:72:79:92:56:22:71:BC:C5:5A:5D:83:7E:58:C7
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/oMfkKGXFcnmSViJxvMVaXYN-WMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.110.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:12:aa:21:1b:9b:1c:fb:81:03:17:31:81:13:c5:aa:94:fc:
         71:c7:58:de:47:8c:60:4d:db:f2:4e:6d:73:6d:04:7c:c9:5c:
         38:69:d6:25:46:c4:10:f3:01:04:e4:a0:16:ac:80:fe:0d:10:
         3b:c0:e6:81:8e:b9:9b:fa:a3:fd:b3:6f:56:64:bf:9b:6d:80:
         a8:c7:6b:9e:fe:39:32:06:cb:09:32:c7:ff:0c:78:1e:69:92:
         24:f1:2a:ee:5c:24:2b:c9:1c:4e:ba:7b:47:6c:62:d6:1c:fb:
         8d:95:7d:bd:2a:ca:f2:47:45:aa:73:58:b3:e9:4f:01:01:68:
         00:80:8c:46:6b:db:a3:6e:ac:6c:0f:ff:fa:d3:38:de:b0:0b:
         9d:f3:c4:99:d0:a6:69:1b:01:31:e9:fd:f0:ba:c2:f6:e6:e3:
         1e:69:cc:18:8c:f3:08:08:ae:73:de:6e:9f:83:b7:5b:e2:29:
         f0:65:bd:5a:3a:00:f3:9b:a0:63:ee:10:27:96:01:51:1e:a9:
         d0:cf:6a:4f:53:3a:9b:19:89:f3:83:1d:f1:e8:cd:ad:b8:7b:
         b9:f4:69:78:6c:03:28:e9:f3:c4:50:f0:37:0f:24:7a:0e:7c:
         a2:3c:c2:60:dd:5e:47:50:42:5a:6c:a6:49:95:4e:1a:a4:5c:
         e4:85:c8:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS37iqYiuey0F8Se4xcO27mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjUwMTMwMTU1NzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGM3ZTQyODY1YzU3Mjc5OTI1NjIyNzFiY2M1NWE1ZDgzN2U1OGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycDE2z9yaAlv/mlSAm9/xtIeBzV9
1k2rPwMfJHGa0T7fZt1TByE9/FlWhjvX3pjsP965JN/CN4nm0R/9xPZbpsultjWd
K1zGkA3sAxFviUHFNua+R2XQPy46Tq9GqHUGVk0s9yOIPUljL1Oircmfkke0izax
xgDtIqkW+HTdlDF5g/F4XBFZsA6fuOtkqzvQ/rRj9Mk/TWliJ8pDySs3WL1Qiv86
rNFSoJw4g+7OjhuhlYAMq+acEyRpbi0VoqsDcam2Haaiqe4rTpT6wFTNxYrK5V5i
T5cgc7Jy+rZaC+mB2UwIIYxd1+gB5i5qRyDv9jcbAM8iH9ggXL5JVIpM4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKDH5ChlxXJ5klYicbzFWl2DfljHMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvb01ma0tHWEZjbm1TVmlKeHZNVmFYWU4tV01jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZ25CMA0G
CSqGSIb3DQEBCwUAA4IBAQApEqohG5sc+4EDFzGBE8WqlPxxx1jeR4xgTdvyTm1z
bQR8yVw4adYlRsQQ8wEE5KAWrID+DRA7wOaBjrmb+qP9s29WZL+bbYCox2ue/jky
BssJMsf/DHgeaZIk8SruXCQryRxOuntHbGLWHPuNlX29KsryR0Wqc1iz6U8BAWgA
gIxGa9ujbqxsD//60zjesAud88SZ0KZpGwEx6f3wusL25uMeacwYjPMICK5z3m6f
g7db4inwZb1aOgDzm6Bj7hAnlgFRHqnQz2pPUzqbGYnzgx3x6M2tuHu59Gl4bAMo
6fPEUPA3DyR6DnyiPMJg3V5HUEJabKZJlU4apFzkhcjK
-----END CERTIFICATE-----