Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/IO7QSPPuGyLnj7FysZ1JCpysRik.roa
File:                     IO7QSPPuGyLnj7FysZ1JCpysRik.roa (raw, json)
Hash identifier:          TTblECOpPN00kRkW/pSJRAAADqAGw3FRwcT16z8W2dQ=
Subject key identifier:   20:EE:D0:48:F3:EE:1B:22:E7:8F:B1:72:B1:9D:49:0A:9C:AC:46:29
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0192A66346B279DAF2FC7F5ECE7736975477
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/IO7QSPPuGyLnj7FysZ1JCpysRik.roa
Signing time:             Sat 19 Oct 2024 20:06:16 +0000
ROA not before:           Sat 19 Oct 2024 20:06:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151734
IP address blocks:        103.47.56.0/24 maxlen: 24
                          103.47.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:a6:63:46:b2:79:da:f2:fc:7f:5e:ce:77:36:97:54:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Oct 19 20:06:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20eed048f3ee1b22e78fb172b19d490a9cac4629
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:34:5b:10:84:34:e7:28:fa:69:89:7f:63:22:
                    42:3f:0f:b3:3f:be:5e:be:6c:9f:a4:e6:8c:94:90:
                    28:d3:c8:49:1d:e8:12:04:8d:1d:4a:2f:b3:08:5b:
                    4d:55:77:f9:18:bd:05:d2:6b:28:6d:7a:f0:16:66:
                    0f:d3:c3:be:c7:a5:ee:c7:7e:2b:8a:55:f1:40:ff:
                    19:a7:cb:53:4b:f4:14:47:5d:c8:7e:53:a0:1b:8f:
                    ff:4a:bb:d5:70:38:4a:2c:92:f9:50:db:24:82:80:
                    b6:44:51:11:df:2e:08:f4:f4:9b:12:c1:48:ff:f4:
                    6c:5b:34:60:02:18:5c:cd:44:3f:e6:04:30:9b:f2:
                    ca:c3:4b:88:63:83:1d:b1:85:7c:8b:28:8c:c2:4f:
                    6e:49:64:64:62:19:6e:f0:8f:03:a4:98:6c:44:a6:
                    d9:13:a1:2e:38:27:f2:e1:fd:ef:1a:b7:12:01:7b:
                    71:85:7b:46:0c:3e:30:37:20:f5:76:3e:b1:67:94:
                    e3:d4:a9:67:f5:54:b4:3f:3c:d0:93:cf:1a:27:11:
                    cf:9b:58:12:a7:fd:04:6d:7e:cc:46:81:5a:1f:90:
                    23:95:70:1d:aa:0e:55:14:84:b4:a1:9c:5e:77:6a:
                    ac:6d:d9:95:bb:b4:3e:61:a1:e0:41:58:2e:3c:4a:
                    f0:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:EE:D0:48:F3:EE:1B:22:E7:8F:B1:72:B1:9D:49:0A:9C:AC:46:29
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/IO7QSPPuGyLnj7FysZ1JCpysRik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.47.56.0/24
                  103.47.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:c9:9d:aa:36:48:dd:94:57:16:55:73:67:b1:83:f5:b3:25:
         37:b8:98:88:16:5d:3f:78:51:a6:55:4f:68:0f:6e:f9:0e:da:
         a2:db:0d:6c:e7:22:53:2b:25:1f:3d:f5:5c:45:27:81:64:14:
         58:a9:36:8d:60:38:b6:ef:89:f0:ea:70:5c:6b:b5:fc:d0:fb:
         bc:a4:2b:54:86:e2:b5:4a:97:e9:d4:04:03:69:5a:77:af:75:
         42:5d:28:e2:e7:3f:1a:a7:a2:b3:6c:9d:25:ea:38:a8:c9:d6:
         fd:36:bf:66:e5:66:87:55:8a:c2:60:c6:77:d7:32:b8:58:48:
         e7:0d:4c:01:78:fc:26:88:a8:ed:ce:3e:27:bf:a5:18:d2:f2:
         41:3a:1b:62:9a:57:83:19:50:0f:dd:83:40:72:13:96:0f:24:
         be:a9:6a:3e:22:b4:ed:14:7e:c3:d1:4a:06:bd:57:82:d2:ff:
         11:f1:53:33:db:67:9b:e4:d6:65:3a:08:b4:1e:b2:97:a5:9f:
         d5:e0:b9:1c:7b:ca:44:56:cc:2c:e9:53:7e:6d:d4:bb:0d:86:
         08:b0:fe:bf:30:d1:7a:56:a1:20:31:ca:50:26:3c:78:d2:78:
         3e:30:bf:33:65:89:ae:33:0f:06:8c:ac:16:60:4f:25:56:57:
         3b:ff:f8:24
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZKmY0ayedry/H9eznc2l1R3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQxMDE5MjAwNjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGVlZDA0OGYzZWUxYjIyZTc4ZmIxNzJiMTlkNDkwYTljYWM0NjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2jRbEIQ05yj6aYl/YyJCPw+zP75e
vmyfpOaMlJAo08hJHegSBI0dSi+zCFtNVXf5GL0F0msobXrwFmYP08O+x6Xux34r
ilXxQP8Zp8tTS/QUR13IflOgG4//SrvVcDhKLJL5UNskgoC2RFER3y4I9PSbEsFI
//RsWzRgAhhczUQ/5gQwm/LKw0uIY4MdsYV8iyiMwk9uSWRkYhlu8I8DpJhsRKbZ
E6EuOCfy4f3vGrcSAXtxhXtGDD4wNyD1dj6xZ5Tj1Kln9VS0PzzQk88aJxHPm1gS
p/0EbX7MRoFaH5AjlXAdqg5VFIS0oZxed2qsbdmVu7Q+YaHgQVguPErwNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCDu0Ejz7hsi54+xcrGdSQqcrEYpMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvSU83UVNQUHVHeUxuajdGeXNaMUpDcHlzUmlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZy84AwQA
Zy87MA0GCSqGSIb3DQEBCwUAA4IBAQAsyZ2qNkjdlFcWVXNnsYP1syU3uJiIFl0/
eFGmVU9oD275Dtqi2w1s5yJTKyUfPfVcRSeBZBRYqTaNYDi274nw6nBca7X80Pu8
pCtUhuK1Spfp1AQDaVp3r3VCXSji5z8ap6KzbJ0l6jioydb9Nr9m5WaHVYrCYMZ3
1zK4WEjnDUwBePwmiKjtzj4nv6UY0vJBOhtimleDGVAP3YNAchOWDyS+qWo+IrTt
FH7D0UoGvVeC0v8R8VMz22eb5NZlOgi0HrKXpZ/V4Lkce8pEVsws6VN+bdS7DYYI
sP6/MNF6VqEgMcpQJjx40ng+ML8zZYmuMw8GjKwWYE8lVlc7//gk
-----END CERTIFICATE-----