Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/p3M73OoGD9buUawchbT1DwZAzUY.roa
File:                     p3M73OoGD9buUawchbT1DwZAzUY.roa (raw, json)
Hash identifier:          t2aTk41zlDg1+YGHykd+Yym0vvkKsBqrjYlj87pz5NY=
Subject key identifier:   A7:73:3B:DC:EA:06:0F:D6:EE:51:AC:1C:85:B4:F5:0F:06:40:CD:46
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       0194886326EDCCBC88E6E0F0A0F1505FB7B0
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/p3M73OoGD9buUawchbT1DwZAzUY.roa
Signing time:             Tue 21 Jan 2025 10:23:06 +0000
ROA not before:           Tue 21 Jan 2025 10:23:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49392
IP address blocks:        103.145.20.0/24 maxlen: 24
                          194.165.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 13:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:88:63:26:ed:cc:bc:88:e6:e0:f0:a0:f1:50:5f:b7:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan 21 10:23:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7733bdcea060fd6ee51ac1c85b4f50f0640cd46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:76:26:99:19:6d:01:45:de:e0:e7:5c:9b:4e:
                    3a:13:af:8e:97:a9:9a:6f:16:f8:b5:80:78:44:47:
                    ec:f6:9e:7d:cc:af:03:0c:0a:c6:e8:b3:0f:48:c5:
                    19:7f:6f:f2:d6:fb:34:5c:f7:d7:a8:d7:3b:b1:70:
                    b9:06:13:9b:1f:4c:d1:f1:92:83:6c:35:69:13:b9:
                    63:83:43:15:81:92:88:08:37:63:f0:b3:22:01:7b:
                    a9:1d:44:66:99:4e:42:bb:33:f0:b0:32:87:ec:1c:
                    e9:1b:c5:56:8e:64:a9:15:41:d7:a3:34:88:1c:6e:
                    24:8d:d7:59:78:a0:5a:dc:28:00:43:68:49:07:32:
                    30:41:5d:4a:bb:52:3f:e8:f8:90:4d:c6:a9:77:34:
                    9d:ec:bd:48:28:bb:e4:19:8d:ec:4b:b8:88:bf:01:
                    a7:c4:db:3b:f7:68:96:4e:9a:da:64:a5:ad:73:d5:
                    f8:f3:8e:2d:0e:64:dd:80:91:13:64:59:bf:8f:55:
                    36:d0:fc:86:41:47:7c:c6:d8:1d:6e:ed:d7:b0:da:
                    82:91:60:31:2d:40:1f:b6:f9:b7:f4:ce:3d:b5:a3:
                    07:a8:ff:d8:af:12:86:55:64:9d:b3:c8:1e:cd:14:
                    61:88:a0:20:df:ac:2b:16:1d:bc:7d:43:7d:3d:63:
                    18:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:73:3B:DC:EA:06:0F:D6:EE:51:AC:1C:85:B4:F5:0F:06:40:CD:46
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/p3M73OoGD9buUawchbT1DwZAzUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.145.20.0/24
                  194.165.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:0a:e0:85:13:fa:39:a9:af:66:7e:ca:5f:e8:95:c7:69:f0:
         93:05:55:50:55:63:26:18:52:02:30:d4:ba:f5:50:a2:fc:c5:
         2d:5d:26:a2:16:7b:0b:be:fb:2f:6d:54:e7:33:cf:52:c4:bc:
         16:8f:6d:5f:d8:09:9f:d0:d6:b8:eb:2b:a6:c2:bb:8e:72:9b:
         d1:e4:95:32:90:17:87:c5:b5:ea:05:4c:ee:7f:d7:52:5c:69:
         a2:b7:c1:3d:4a:b9:a0:9d:56:d0:bf:3b:3f:38:7a:9a:9c:46:
         ab:ad:ec:1e:62:9f:c9:13:83:2e:29:8e:49:9f:ba:d3:dc:37:
         ba:8b:72:e8:46:3f:51:35:0e:5f:aa:a9:65:cf:35:45:31:36:
         fc:71:39:4d:ce:7b:72:ea:d2:f9:9c:12:91:4c:e5:49:9b:35:
         f8:64:2e:b4:75:76:c2:55:ee:fd:00:8b:c6:3f:a8:44:46:fe:
         61:e6:d4:59:5c:9f:ca:de:d6:d0:ec:d3:84:60:44:d1:3f:48:
         fc:a8:b9:f1:09:db:ee:e3:4f:c8:49:3e:cd:80:8e:b7:20:01:
         99:a9:26:78:93:ac:f2:9a:51:69:8a:e5:34:13:92:34:bc:5c:
         5a:14:32:e7:a1:33:4a:70:73:6c:f6:83:18:d3:a4:f8:54:38:
         d7:bb:34:83
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSIYybtzLyI5uDwoPFQX7ewMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMTIxMTAyMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzczM2JkY2VhMDYwZmQ2ZWU1MWFjMWM4NWI0ZjUwZjA2NDBjZDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13YmmRltAUXe4Odcm046E6+Ol6ma
bxb4tYB4REfs9p59zK8DDArG6LMPSMUZf2/y1vs0XPfXqNc7sXC5BhObH0zR8ZKD
bDVpE7ljg0MVgZKICDdj8LMiAXupHURmmU5CuzPwsDKH7BzpG8VWjmSpFUHXozSI
HG4kjddZeKBa3CgAQ2hJBzIwQV1Ku1I/6PiQTcapdzSd7L1IKLvkGY3sS7iIvwGn
xNs792iWTpraZKWtc9X4844tDmTdgJETZFm/j1U20PyGQUd8xtgdbu3XsNqCkWAx
LUAftvm39M49taMHqP/YrxKGVWSds8gezRRhiKAg36wrFh28fUN9PWMYdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKdzO9zqBg/W7lGsHIW09Q8GQM1GMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvcDNNNzNPb0dEOWJ1VWF3Y2hiVDFEd1pBelVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ5EUAwQA
wqUDMA0GCSqGSIb3DQEBCwUAA4IBAQBVCuCFE/o5qa9mfspf6JXHafCTBVVQVWMm
GFICMNS69VCi/MUtXSaiFnsLvvsvbVTnM89SxLwWj21f2Amf0Na46yumwruOcpvR
5JUykBeHxbXqBUzuf9dSXGmit8E9SrmgnVbQvzs/OHqanEarreweYp/JE4MuKY5J
n7rT3De6i3LoRj9RNQ5fqqllzzVFMTb8cTlNznty6tL5nBKRTOVJmzX4ZC60dXbC
Ve79AIvGP6hERv5h5tRZXJ/K3tbQ7NOEYETRP0j8qLnxCdvu40/IST7NgI63IAGZ
qSZ4k6zymlFpiuU0E5I0vFxaFDLnoTNKcHNs9oMY06T4VDjXuzSD
-----END CERTIFICATE-----