Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/imLX_iKSVxIt55dbqRMupQNb-6o.roa
File:                     imLX_iKSVxIt55dbqRMupQNb-6o.roa (raw, json)
Hash identifier:          OviNWocn0RhLkHHteMWnzyr2rnMguzIPeb1JC9urBc0=
Subject key identifier:   8A:62:D7:FE:22:92:57:12:2D:E7:97:5B:A9:13:2E:A5:03:5B:FB:AA
Certificate issuer:       /CN=75e05bc21b2a6f1033711ffca6491c6c30ce5a4a
Certificate serial:       0194258F957AE4CB26F52CF5ED09014DCA5D
Authority key identifier: 75:E0:5B:C2:1B:2A:6F:10:33:71:1F:FC:A6:49:1C:6C:30:CE:5A:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/imLX_iKSVxIt55dbqRMupQNb-6o.roa
Signing time:             Thu 02 Jan 2025 05:49:14 +0000
ROA not before:           Thu 02 Jan 2025 05:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198198
IP address blocks:        103.244.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:95:7a:e4:cb:26:f5:2c:f5:ed:09:01:4d:ca:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75e05bc21b2a6f1033711ffca6491c6c30ce5a4a
        Validity
            Not Before: Jan  2 05:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a62d7fe229257122de7975ba9132ea5035bfbaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e3:ae:84:7a:ae:b9:86:d3:aa:a3:8f:88:5c:
                    7d:ac:19:63:0d:f5:c8:40:05:71:11:94:4d:72:9b:
                    bf:c4:20:7a:27:70:a4:4e:4a:e7:2b:c7:2c:ce:bd:
                    5f:01:56:ab:c5:3f:ee:ad:39:2b:24:13:f8:4b:e3:
                    02:e7:ca:4e:61:2a:e7:41:15:c1:05:86:3b:1a:df:
                    0c:a9:cd:4d:af:13:f4:43:18:41:ab:d3:80:ef:a3:
                    63:8a:7d:99:2d:61:39:3a:3d:c2:22:f2:0e:14:2e:
                    5d:b6:13:24:ca:9d:04:ee:21:07:9f:84:ff:12:a0:
                    c0:ee:1f:fd:40:df:5d:33:fb:be:3b:ad:cc:45:76:
                    79:ae:d1:1d:79:7c:0b:c1:17:dc:30:e3:4a:e7:d4:
                    bc:2e:b1:ad:cc:33:e7:a8:d2:f0:b4:fe:76:60:5d:
                    bb:94:1e:b0:3e:51:cf:ff:b5:b7:40:7d:80:46:d2:
                    a8:84:df:25:ec:31:e6:03:2d:11:09:ee:c7:76:92:
                    39:12:47:c1:6a:bc:84:15:3a:99:2a:a4:20:80:a4:
                    c7:cd:4a:29:7b:46:03:21:8d:d8:36:42:86:e1:93:
                    73:6f:e6:5c:da:52:83:cb:ff:04:b2:76:f5:b1:61:
                    dc:e4:69:9c:51:34:92:ea:0c:67:c1:f6:75:29:1f:
                    95:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:62:D7:FE:22:92:57:12:2D:E7:97:5B:A9:13:2E:A5:03:5B:FB:AA
            X509v3 Authority Key Identifier:
                keyid:75:E0:5B:C2:1B:2A:6F:10:33:71:1F:FC:A6:49:1C:6C:30:CE:5A:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/imLX_iKSVxIt55dbqRMupQNb-6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.244.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:5c:fe:0f:19:4b:d3:ab:c9:82:a5:e7:79:c8:ec:8c:5d:3c:
         02:ec:c9:57:a2:30:ab:16:d9:ed:57:25:4c:a4:dd:60:7f:76:
         dc:b5:b1:3d:bf:e0:e0:83:fb:79:6d:2e:ea:34:83:f8:14:d8:
         be:7a:44:a5:17:2f:f5:df:f8:0e:d4:45:ff:6e:93:7f:06:ea:
         63:a0:2d:e1:11:04:c1:38:cc:fe:b8:22:a4:56:2f:62:93:01:
         c8:e5:36:b1:08:4d:c5:4d:3b:e2:27:21:b1:df:93:e7:cb:3c:
         f6:5f:2f:0c:d6:41:9d:5e:b2:5e:4d:79:cb:e3:e7:77:6b:94:
         df:d6:b1:58:f9:58:87:88:b7:03:fd:63:78:81:6f:5b:63:36:
         0a:5f:e1:4a:d5:06:85:bf:de:4d:e4:64:dc:29:da:77:b2:0e:
         29:79:d5:f8:ff:80:e4:b3:cc:65:10:8e:f4:fc:a8:69:c6:f4:
         5b:df:4e:b8:78:5b:59:6c:68:0d:fd:7d:6f:fb:48:c0:21:38:
         a8:06:a6:ba:22:b8:21:9e:c7:a2:81:5c:ef:f7:16:69:d5:2e:
         29:62:ec:62:75:4a:05:41:e1:41:24:bf:f4:85:95:a0:8e:27:
         17:e1:f8:f9:c7:8e:14:28:05:fd:3a:79:6a:4b:0e:6b:d1:61:
         88:79:f3:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj5V65Msm9Sz17QkBTcpdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZTA1YmMyMWIyYTZmMTAzMzcxMWZmY2E2NDkxYzZjMzBj
ZTVhNGEwHhcNMjUwMTAyMDU0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTYyZDdmZTIyOTI1NzEyMmRlNzk3NWJhOTEzMmVhNTAzNWJmYmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOOuhHquuYbTqqOPiFx9rBljDfXI
QAVxEZRNcpu/xCB6J3CkTkrnK8cszr1fAVarxT/urTkrJBP4S+MC58pOYSrnQRXB
BYY7Gt8Mqc1NrxP0QxhBq9OA76Njin2ZLWE5Oj3CIvIOFC5dthMkyp0E7iEHn4T/
EqDA7h/9QN9dM/u+O63MRXZ5rtEdeXwLwRfcMONK59S8LrGtzDPnqNLwtP52YF27
lB6wPlHP/7W3QH2ARtKohN8l7DHmAy0RCe7HdpI5EkfBaryEFTqZKqQggKTHzUop
e0YDIY3YNkKG4ZNzb+Zc2lKDy/8Esnb1sWHc5GmcUTSS6gxnwfZ1KR+V6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIpi1/4iklcSLeeXW6kTLqUDW/uqMB8GA1UdIwQY
MBaAFHXgW8IbKm8QM3Ef/KZJHGwwzlpKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGVCYndoc3FieEF6Y1JfOHBra2NiRERPV2tvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8yYjQ5MzQtNGVhMi00NWMxLWFlMDct
ZDQ1YWI3ZGYyZGUxLzEvaW1MWF9pS1NWeEl0NTVkYnFSTXVwUU5iLTZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8yYjQ5MzQtNGVhMi00NWMxLWFlMDctZDQ1YWI3ZGYyZGUx
LzEvZGVCYndoc3FieEF6Y1JfOHBra2NiRERPV2tvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCZ/TsMA0G
CSqGSIb3DQEBCwUAA4IBAQBJXP4PGUvTq8mCped5yOyMXTwC7MlXojCrFtntVyVM
pN1gf3bctbE9v+Dgg/t5bS7qNIP4FNi+ekSlFy/13/gO1EX/bpN/BupjoC3hEQTB
OMz+uCKkVi9ikwHI5TaxCE3FTTviJyGx35Pnyzz2Xy8M1kGdXrJeTXnL4+d3a5Tf
1rFY+ViHiLcD/WN4gW9bYzYKX+FK1QaFv95N5GTcKdp3sg4pedX4/4Dks8xlEI70
/KhpxvRb3064eFtZbGgN/X1v+0jAITioBqa6IrghnseigVzv9xZp1S4pYuxidUoF
QeFBJL/0hZWgjicX4fj5x44UKAX9OnlqSw5r0WGIefNm
-----END CERTIFICATE-----