Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/x8NPIEVh-hX7bUWPN3FLD1-GPVA.roa
File:                     x8NPIEVh-hX7bUWPN3FLD1-GPVA.roa (raw, json)
Hash identifier:          +8VxXbd4nC+5YIUVTaRWUHZ7Qys3C5AuJplw/wMujCE=
Subject key identifier:   C7:C3:4F:20:45:61:FA:15:FB:6D:45:8F:37:71:4B:0F:5F:86:3D:50
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       0194B6ADBC51212A8DED1211867095C6E353
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/x8NPIEVh-hX7bUWPN3FLD1-GPVA.roa
Signing time:             Thu 30 Jan 2025 10:07:06 +0000
ROA not before:           Thu 30 Jan 2025 10:07:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26383
IP address blocks:        103.110.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b6:ad:bc:51:21:2a:8d:ed:12:11:86:70:95:c6:e3:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Jan 30 10:07:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7c34f204561fa15fb6d458f37714b0f5f863d50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:f9:8f:9c:b9:3f:13:b3:15:72:8c:80:ff:2a:
                    45:61:b6:4f:56:5e:59:75:de:7d:81:62:fd:4f:e8:
                    7a:cf:25:5c:a2:3b:7a:fe:2d:f2:3a:aa:64:1d:4e:
                    98:a2:44:84:99:bb:ab:ee:7f:08:84:6f:f7:c7:df:
                    e3:27:2e:ef:65:a6:11:eb:01:74:9b:19:6b:4f:24:
                    60:0c:11:45:19:a2:39:a0:31:2a:c4:a1:33:6e:93:
                    99:88:3a:15:2d:8a:7f:21:8f:73:b7:1b:fa:3f:15:
                    39:d5:3f:52:ec:3b:ce:1d:94:bc:48:77:ca:e4:fc:
                    5c:84:92:f5:9c:71:c0:c1:f7:31:14:fa:5a:bb:36:
                    88:06:e3:69:c0:99:06:a5:9c:1a:87:cd:98:bf:e9:
                    0b:fa:eb:4f:d6:26:b3:e8:aa:eb:e0:a5:2a:07:f8:
                    02:96:cc:95:b4:6e:20:f2:6f:1c:fe:1c:6f:ed:4f:
                    e6:21:5d:9b:9a:01:97:93:07:2e:ce:3e:c8:f3:98:
                    2f:9e:6f:7a:1b:d8:13:8d:c0:c3:a8:59:f9:d3:1b:
                    6b:05:82:74:20:b8:83:93:08:23:5a:47:79:86:0a:
                    78:5b:24:83:69:10:6f:71:53:ed:6f:c3:ca:34:2f:
                    ed:43:7d:20:53:d6:35:0b:11:e6:ec:58:cc:2f:79:
                    ce:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:C3:4F:20:45:61:FA:15:FB:6D:45:8F:37:71:4B:0F:5F:86:3D:50
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/x8NPIEVh-hX7bUWPN3FLD1-GPVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.110.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:1e:fe:25:71:c5:6a:2b:73:11:ca:00:66:ed:8c:ac:6c:88:
         21:dd:97:c9:1e:37:b6:7f:78:da:d9:c2:21:29:db:d2:95:1d:
         a2:45:4b:e3:c4:0a:13:4a:79:d9:3d:75:6a:96:96:86:1c:e7:
         67:e1:a5:e9:8b:91:3c:18:ba:a3:1a:16:41:1c:0f:f3:3f:52:
         c9:0c:8f:2a:1f:c3:e0:e0:6c:8a:4e:23:43:d3:58:cf:d0:86:
         a0:99:8d:60:50:a5:38:67:c0:9a:3d:62:64:d9:cd:44:74:ba:
         c2:b6:2b:ac:1f:3c:00:4f:ab:b2:d4:b5:6d:1e:e4:81:09:50:
         9c:e7:02:a4:49:b5:ef:51:ca:94:e8:da:57:78:c4:48:51:31:
         93:c2:1e:7d:b5:6b:93:1c:e9:c7:13:fd:a8:d8:0f:9b:31:ee:
         ff:5d:38:5e:f9:c2:fa:ba:ae:66:af:ca:ba:39:d0:7d:24:0e:
         ac:10:df:e8:36:6f:17:2e:86:7d:f3:e6:8b:31:2e:1f:2b:cb:
         b1:5e:34:dc:fa:6f:dc:85:89:35:b6:59:80:d4:c5:25:e9:f1:
         a0:9e:7b:97:3c:e9:95:6b:9b:b9:95:de:84:d9:ee:33:3a:aa:
         49:0b:58:38:21:85:b8:0a:ba:16:01:62:5d:fa:77:c1:5b:f3:
         f0:b3:08:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS2rbxRISqN7RIRhnCVxuNTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjUwMTMwMTAwNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2MzNGYyMDQ1NjFmYTE1ZmI2ZDQ1OGYzNzcxNGIwZjVmODYzZDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8PmPnLk/E7MVcoyA/ypFYbZPVl5Z
dd59gWL9T+h6zyVcojt6/i3yOqpkHU6YokSEmbur7n8IhG/3x9/jJy7vZaYR6wF0
mxlrTyRgDBFFGaI5oDEqxKEzbpOZiDoVLYp/IY9ztxv6PxU51T9S7DvOHZS8SHfK
5PxchJL1nHHAwfcxFPpauzaIBuNpwJkGpZwah82Yv+kL+utP1iaz6Krr4KUqB/gC
lsyVtG4g8m8c/hxv7U/mIV2bmgGXkwcuzj7I85gvnm96G9gTjcDDqFn50xtrBYJ0
ILiDkwgjWkd5hgp4WySDaRBvcVPtb8PKNC/tQ30gU9Y1CxHm7FjML3nOMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMfDTyBFYfoV+21FjzdxSw9fhj1QMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEveDhOUElFVmgtaFg3YlVXUE4zRkxEMS1HUFZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ25BMA0G
CSqGSIb3DQEBCwUAA4IBAQBcHv4lccVqK3MRygBm7YysbIgh3ZfJHje2f3ja2cIh
KdvSlR2iRUvjxAoTSnnZPXVqlpaGHOdn4aXpi5E8GLqjGhZBHA/zP1LJDI8qH8Pg
4GyKTiND01jP0IagmY1gUKU4Z8CaPWJk2c1EdLrCtiusHzwAT6uy1LVtHuSBCVCc
5wKkSbXvUcqU6NpXeMRIUTGTwh59tWuTHOnHE/2o2A+bMe7/XThe+cL6uq5mr8q6
OdB9JA6sEN/oNm8XLoZ98+aLMS4fK8uxXjTc+m/chYk1tlmA1MUl6fGgnnuXPOmV
a5u5ld6E2e4zOqpJC1g4IYW4CroWAWJd+nfBW/Pwswiw
-----END CERTIFICATE-----