Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/_qokDXRfGxwIaNjjuwS_B9fRSxQ.roa
File:                     _qokDXRfGxwIaNjjuwS_B9fRSxQ.roa (raw, json)
Hash identifier:          qzG04NZv84Xd0Ess93Ia0gcMapmqZn3grwHL7jiaUYk=
Subject key identifier:   FE:AA:24:0D:74:5F:1B:1C:08:68:D8:E3:BB:04:BF:07:D7:D1:4B:14
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019480087A375B9F85D1D1BACA760B29DBD4
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/_qokDXRfGxwIaNjjuwS_B9fRSxQ.roa
Signing time:             Sun 19 Jan 2025 19:27:06 +0000
ROA not before:           Sun 19 Jan 2025 19:27:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     151734
IP address blocks:        103.47.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:80:08:7a:37:5b:9f:85:d1:d1:ba:ca:76:0b:29:db:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan 19 19:27:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=feaa240d745f1b1c0868d8e3bb04bf07d7d14b14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:24:76:70:69:63:21:1d:c8:08:70:2e:a1:b3:
                    e3:09:e8:57:60:2f:de:72:76:f3:dc:b3:80:ff:04:
                    54:45:c7:0b:b8:f0:93:12:08:a0:f8:6c:94:11:a1:
                    25:8a:f8:29:44:2e:30:cf:31:c4:ff:53:c0:81:83:
                    85:fb:3e:cf:46:83:39:81:58:c0:66:f7:1c:d9:25:
                    22:c9:b7:e1:0c:d3:97:5e:32:ed:28:60:cf:50:40:
                    20:fd:b5:79:bb:99:f9:aa:d9:4a:82:b0:6f:db:5c:
                    a3:f3:ef:8c:68:d6:f8:e2:43:da:78:f5:1d:f3:8e:
                    dc:d0:c7:ab:3c:38:38:51:cc:c8:6f:5a:50:df:74:
                    cf:6c:0e:9d:2d:60:f1:51:07:e8:a3:70:09:a5:26:
                    df:bf:a3:49:a5:48:78:f7:20:3e:6d:98:df:4f:54:
                    b9:d6:db:48:73:d6:ad:cc:52:97:9f:d3:f7:c8:25:
                    87:00:b7:cd:fa:4e:42:eb:9b:60:75:62:cf:f8:48:
                    a4:a9:ab:86:e9:ca:15:c4:17:7b:14:e4:d2:c7:ff:
                    b1:f6:ed:a7:7f:48:99:e8:d6:88:e7:1c:d6:68:18:
                    c0:a6:1c:de:05:5c:6d:a8:d2:e9:58:6f:49:9e:b0:
                    7a:e8:39:8c:6d:bd:6d:ec:7d:fe:0a:11:02:40:30:
                    79:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:AA:24:0D:74:5F:1B:1C:08:68:D8:E3:BB:04:BF:07:D7:D1:4B:14
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/_qokDXRfGxwIaNjjuwS_B9fRSxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.47.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:9d:55:e7:42:9f:e2:8c:d3:0b:70:25:ab:d1:a2:8e:73:a7:
         c4:67:d8:83:38:d3:5e:d2:90:ed:78:f7:8f:06:b0:58:87:70:
         7c:eb:83:a6:73:0a:7d:97:bb:3a:46:44:5a:b4:fd:72:f6:f6:
         64:b6:68:d7:83:24:2d:4a:b0:08:fb:38:6a:2c:0b:40:6a:32:
         90:4a:f2:eb:33:eb:2a:e0:b7:c4:72:f8:31:44:41:6b:38:92:
         4c:a8:d9:6b:29:96:39:c2:7d:63:a5:f2:d1:09:b5:8d:1f:ec:
         77:f9:57:97:e5:9f:73:bd:60:2a:48:b2:84:97:cb:84:3c:72:
         c5:28:2d:a8:a4:64:9a:ce:40:53:ba:4c:18:2a:38:35:46:8c:
         b1:d8:57:d2:ea:c5:59:14:36:36:10:c9:8e:fe:f3:d3:7d:b0:
         b2:a2:ff:48:19:5e:c5:9d:53:de:db:7c:81:6c:56:b0:4c:2d:
         a3:ec:f1:27:7e:64:d0:5c:2b:67:ae:29:af:10:4d:73:9c:e3:
         92:cd:b7:e8:12:95:06:2e:26:3c:75:db:6b:66:3c:38:ee:bb:
         62:4a:fe:b7:32:c3:76:6e:27:1f:7e:41:96:a1:c5:f5:1e:53:
         48:cd:87:8d:7c:99:d8:1b:2f:41:25:4e:ed:0f:42:77:f3:a6:
         6f:34:52:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSACHo3W5+F0dG6ynYLKdvUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwMTE5MTkyNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWFhMjQwZDc0NWYxYjFjMDg2OGQ4ZTNiYjA0YmYwN2Q3ZDE0YjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiR2cGljIR3ICHAuobPjCehXYC/e
cnbz3LOA/wRURccLuPCTEgig+GyUEaElivgpRC4wzzHE/1PAgYOF+z7PRoM5gVjA
Zvcc2SUiybfhDNOXXjLtKGDPUEAg/bV5u5n5qtlKgrBv21yj8++MaNb44kPaePUd
847c0MerPDg4UczIb1pQ33TPbA6dLWDxUQfoo3AJpSbfv6NJpUh49yA+bZjfT1S5
1ttIc9atzFKXn9P3yCWHALfN+k5C65tgdWLP+EikqauG6coVxBd7FOTSx/+x9u2n
f0iZ6NaI5xzWaBjAphzeBVxtqNLpWG9JnrB66DmMbb1t7H3+ChECQDB5nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6qJA10XxscCGjY47sEvwfX0UsUMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvX3Fva0RYUmZHeHdJYU5qanV3U19COWZSU3hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZy87MA0G
CSqGSIb3DQEBCwUAA4IBAQAsnVXnQp/ijNMLcCWr0aKOc6fEZ9iDONNe0pDtePeP
BrBYh3B864Omcwp9l7s6RkRatP1y9vZktmjXgyQtSrAI+zhqLAtAajKQSvLrM+sq
4LfEcvgxREFrOJJMqNlrKZY5wn1jpfLRCbWNH+x3+VeX5Z9zvWAqSLKEl8uEPHLF
KC2opGSazkBTukwYKjg1Royx2FfS6sVZFDY2EMmO/vPTfbCyov9IGV7FnVPe23yB
bFawTC2j7PEnfmTQXCtnrimvEE1znOOSzbfoEpUGLiY8ddtrZjw47rtiSv63MsN2
bicffkGWocX1HlNIzYeNfJnYGy9BJU7tD0J386ZvNFLP
-----END CERTIFICATE-----