Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/ClsMReouduSjS03K8nzGnBAT1j8.roa
File:                     ClsMReouduSjS03K8nzGnBAT1j8.roa (raw, json)
Hash identifier:          3M4n8Qu2j3Hb0FRu3V0+ASy2+7C1hEcc4eOZm5j48vc=
Subject key identifier:   0A:5B:0C:45:EA:2E:76:E4:A3:4B:4D:CA:F2:7C:C6:9C:10:13:D6:3F
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       01920FDF0C9B96CCA1666B4F584B23734D9F
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/ClsMReouduSjS03K8nzGnBAT1j8.roa
Signing time:             Fri 20 Sep 2024 14:38:48 +0000
ROA not before:           Fri 20 Sep 2024 14:38:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50053
IP address blocks:        103.102.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0f:df:0c:9b:96:cc:a1:66:6b:4f:58:4b:23:73:4d:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: Sep 20 14:38:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a5b0c45ea2e76e4a34b4dcaf27cc69c1013d63f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:61:b1:ad:e8:24:7a:4b:bd:30:3c:c8:31:b7:
                    75:d5:c4:e4:9b:66:74:c4:be:d7:29:b4:6f:10:67:
                    cd:3d:c0:4b:40:27:5e:ed:0d:eb:f9:4b:98:27:c9:
                    58:b7:1f:f3:ca:02:1f:ad:2d:7f:0b:e1:d1:ac:a6:
                    25:0d:fb:7e:39:04:73:7a:59:69:36:f0:6d:9e:31:
                    6a:da:5b:9d:bb:78:82:f2:b9:b4:93:04:ee:d2:11:
                    e7:e4:e7:20:88:63:b4:7d:9a:71:81:36:45:44:78:
                    21:32:96:32:35:e1:22:c5:41:5a:76:00:90:bc:b3:
                    36:32:b7:a4:65:1c:50:e9:75:3f:69:81:04:a4:69:
                    31:e7:40:fc:45:9c:45:43:b8:27:c1:81:fa:33:90:
                    23:b9:8d:9b:99:ef:ff:57:8c:e4:a2:49:ed:41:ef:
                    b0:c4:b1:ff:a5:7f:2c:a1:ca:85:89:b0:52:96:23:
                    fe:b7:a8:59:17:41:53:e2:ad:7e:49:60:3a:02:53:
                    7a:56:4f:ed:9d:cf:8e:7a:3f:3c:01:77:a6:a7:f4:
                    6b:d2:88:2e:bf:0e:e7:e6:95:27:3d:c0:50:73:df:
                    cd:66:74:00:5f:ce:61:f3:21:b5:2c:d0:41:a7:2b:
                    28:14:dc:69:50:39:aa:fe:8d:2b:1d:f0:06:a6:42:
                    a8:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:5B:0C:45:EA:2E:76:E4:A3:4B:4D:CA:F2:7C:C6:9C:10:13:D6:3F
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/ClsMReouduSjS03K8nzGnBAT1j8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.102.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:de:63:b7:74:fc:75:67:7a:d4:27:ae:32:13:9b:f9:02:86:
         fd:3c:41:c9:6d:09:96:85:cb:7a:04:8d:13:e1:ea:1f:c3:a7:
         7b:3f:41:a7:78:a9:cc:c0:40:60:99:9f:41:f7:88:af:e3:08:
         8d:fe:67:81:c5:ba:30:7b:5d:c2:e6:53:d6:33:15:b7:90:c6:
         94:37:06:39:9f:ef:a4:77:ce:cb:65:c7:e2:13:50:d6:3b:0b:
         91:52:08:97:e5:77:c3:91:10:be:df:6d:bb:7e:3d:4d:ed:9a:
         77:ed:bd:9b:1c:3c:ea:b3:fd:12:60:4a:76:35:c9:e3:26:1e:
         ab:16:06:78:47:a0:48:32:10:34:5a:ef:53:3f:29:cb:7c:13:
         2d:ad:db:fe:bb:e7:21:62:75:fb:19:60:08:12:42:5d:c3:ad:
         5e:c3:d4:3f:77:d7:b1:79:a2:e3:d6:46:da:4e:ce:bc:73:36:
         df:dc:f5:02:58:4f:ab:fc:e8:4c:9b:61:4d:2b:1a:0d:3d:8d:
         fe:3f:77:26:b3:60:20:c7:74:a4:46:e8:29:49:71:3e:ba:69:
         de:44:09:55:74:f3:d8:00:0c:1f:bd:ad:98:92:66:85:26:a6:
         51:9a:bf:9e:91:6d:96:93:95:6b:2f:9c:f7:9d:ee:0e:b6:15:
         b7:da:dd:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIP3wyblsyhZmtPWEsjc02fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjQwOTIwMTQzODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTViMGM0NWVhMmU3NmU0YTM0YjRkY2FmMjdjYzY5YzEwMTNkNjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WGxregkeku9MDzIMbd11cTkm2Z0
xL7XKbRvEGfNPcBLQCde7Q3r+UuYJ8lYtx/zygIfrS1/C+HRrKYlDft+OQRzellp
NvBtnjFq2ludu3iC8rm0kwTu0hHn5OcgiGO0fZpxgTZFRHghMpYyNeEixUFadgCQ
vLM2MrekZRxQ6XU/aYEEpGkx50D8RZxFQ7gnwYH6M5AjuY2bme//V4zkokntQe+w
xLH/pX8socqFibBSliP+t6hZF0FT4q1+SWA6AlN6Vk/tnc+Oej88AXemp/Rr0ogu
vw7n5pUnPcBQc9/NZnQAX85h8yG1LNBBpysoFNxpUDmq/o0rHfAGpkKoYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApbDEXqLnbko0tNyvJ8xpwQE9Y/MB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEvQ2xzTVJlb3VkdVNqUzAzSzhuekduQkFUMWo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ2bkMA0G
CSqGSIb3DQEBCwUAA4IBAQAw3mO3dPx1Z3rUJ64yE5v5Aob9PEHJbQmWhct6BI0T
4eofw6d7P0GneKnMwEBgmZ9B94iv4wiN/meBxbowe13C5lPWMxW3kMaUNwY5n++k
d87LZcfiE1DWOwuRUgiX5XfDkRC+3227fj1N7Zp37b2bHDzqs/0SYEp2NcnjJh6r
FgZ4R6BIMhA0Wu9TPynLfBMtrdv+u+chYnX7GWAIEkJdw61ew9Q/d9exeaLj1kba
Ts68czbf3PUCWE+r/OhMm2FNKxoNPY3+P3cms2Agx3SkRugpSXE+umneRAlVdPPY
AAwfva2YkmaFJqZRmr+ekW2Wk5VrL5z3ne4OthW32t2V
-----END CERTIFICATE-----