Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/Mw4DzLJ9A153q_gtADK6A3kEnBY.roa
File:                     Mw4DzLJ9A153q_gtADK6A3kEnBY.roa (raw, json)
Hash identifier:          9HhbT3XmjLkyekKYjCbpBZ8eHIVc8Kvm9P+X8Pv5KiY=
Subject key identifier:   33:0E:03:CC:B2:7D:03:5E:77:AB:F8:2D:00:32:BA:03:79:04:9C:16
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       019422FB0E46378A84A5460163442E4DBF43
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/Mw4DzLJ9A153q_gtADK6A3kEnBY.roa
Signing time:             Wed 01 Jan 2025 17:47:45 +0000
ROA not before:           Wed 01 Jan 2025 17:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50053
IP address blocks:        103.102.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:0e:46:37:8a:84:a5:46:01:63:44:2e:4d:bf:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: Jan  1 17:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=330e03ccb27d035e77abf82d0032ba0379049c16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:af:09:3f:1e:b5:e3:ed:5a:e5:54:af:1f:da:
                    d2:7b:52:3a:dd:1f:a4:24:6a:0f:01:fd:fc:99:d9:
                    89:32:58:33:1b:65:78:6f:03:94:f5:ce:cb:6c:0a:
                    93:39:b7:17:70:a4:e0:5f:32:36:22:69:55:ae:20:
                    2d:ba:a0:45:be:89:dd:91:d7:d6:64:7b:2d:a4:d3:
                    f7:8e:09:1e:0a:0b:5c:de:e7:2a:cf:ad:a8:b2:32:
                    d5:b5:33:ed:b1:55:1e:b1:55:e3:02:bf:98:f2:48:
                    7d:98:da:de:3f:ee:fd:b8:cc:e9:34:07:0b:e3:b1:
                    30:17:69:a3:9e:29:ed:7a:69:b1:c1:13:6e:c7:f9:
                    61:b5:9e:db:aa:80:a2:7f:f1:84:71:6d:2d:ad:57:
                    5d:a5:ed:b5:06:c6:21:e8:97:de:6e:c5:06:0c:c9:
                    5f:73:cb:00:89:b6:e2:52:b4:0b:8b:d8:5b:79:92:
                    8f:b8:d9:64:c7:fa:31:bf:56:e9:f2:1a:b0:c4:8c:
                    af:66:7e:a7:5b:07:93:3f:2b:f0:3c:74:42:de:81:
                    6d:36:24:8f:34:3c:03:53:38:65:6f:b4:c2:25:89:
                    f0:8c:00:67:2f:ff:11:f2:24:d5:e6:2d:de:e1:b6:
                    8e:da:d9:4b:1e:10:ce:6f:52:a9:4e:c8:7d:66:59:
                    2d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:0E:03:CC:B2:7D:03:5E:77:AB:F8:2D:00:32:BA:03:79:04:9C:16
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/Mw4DzLJ9A153q_gtADK6A3kEnBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.102.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:e5:b0:5c:eb:e6:3f:0c:fe:63:75:b5:a2:42:2c:55:6b:ee:
         ac:75:5b:4c:e8:bb:f6:e3:e5:04:96:62:f7:cb:d7:4e:f7:10:
         52:54:ea:be:f3:bb:eb:a4:40:66:0f:5e:c8:b9:b9:bb:33:63:
         09:51:3e:77:b5:da:d8:e7:2e:59:cf:58:af:a2:fd:07:dd:d8:
         03:e8:3a:6e:91:f3:e1:af:de:5a:62:ef:cb:0b:09:aa:4d:2a:
         8e:bc:c6:27:b6:d8:29:14:85:4b:d7:bc:32:f7:77:d5:b1:6c:
         ff:24:47:13:5e:e8:1d:47:27:aa:7f:94:76:40:ca:89:f1:21:
         94:34:8f:7c:3a:1f:56:cc:ee:8f:e9:97:8f:a1:fe:fa:b1:11:
         f7:ae:a2:a3:e0:42:fa:ce:74:7d:a9:4d:13:97:28:52:e8:01:
         9f:85:59:8b:a5:b6:eb:45:2f:7e:e6:92:57:d4:92:37:f4:f9:
         7d:8c:31:1c:7e:dc:8c:d7:0b:d4:0c:b9:8a:bc:8d:c8:a2:27:
         a7:26:96:79:27:b7:15:1e:fd:c0:2f:0f:94:52:6b:fb:71:99:
         eb:f7:4a:71:0f:02:da:3a:b0:e3:c3:57:89:17:ee:f3:21:b0:
         1c:9f:2e:d7:59:18:e8:de:f7:19:68:81:9f:e1:b4:99:13:0e:
         15:c0:48:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+w5GN4qEpUYBY0QuTb9DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjUwMTAxMTc0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzBlMDNjY2IyN2QwMzVlNzdhYmY4MmQwMDMyYmEwMzc5MDQ5YzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAma8JPx614+1a5VSvH9rSe1I63R+k
JGoPAf38mdmJMlgzG2V4bwOU9c7LbAqTObcXcKTgXzI2ImlVriAtuqBFvondkdfW
ZHstpNP3jgkeCgtc3ucqz62osjLVtTPtsVUesVXjAr+Y8kh9mNreP+79uMzpNAcL
47EwF2mjnintemmxwRNux/lhtZ7bqoCif/GEcW0trVddpe21BsYh6JfebsUGDMlf
c8sAibbiUrQLi9hbeZKPuNlkx/oxv1bp8hqwxIyvZn6nWweTPyvwPHRC3oFtNiSP
NDwDUzhlb7TCJYnwjABnL/8R8iTV5i3e4baO2tlLHhDOb1KpTsh9ZlktLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMOA8yyfQNed6v4LQAyugN5BJwWMB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEvTXc0RHpMSjlBMTUzcV9ndEFESzZBM2tFbkJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ2bkMA0G
CSqGSIb3DQEBCwUAA4IBAQAv5bBc6+Y/DP5jdbWiQixVa+6sdVtM6Lv24+UElmL3
y9dO9xBSVOq+87vrpEBmD17Iubm7M2MJUT53tdrY5y5Zz1ivov0H3dgD6DpukfPh
r95aYu/LCwmqTSqOvMYnttgpFIVL17wy93fVsWz/JEcTXugdRyeqf5R2QMqJ8SGU
NI98Oh9WzO6P6ZePof76sRH3rqKj4EL6znR9qU0TlyhS6AGfhVmLpbbrRS9+5pJX
1JI39Pl9jDEcftyM1wvUDLmKvI3IoienJpZ5J7cVHv3ALw+UUmv7cZnr90pxDwLa
OrDjw1eJF+7zIbAcny7XWRjo3vcZaIGf4bSZEw4VwEj+
-----END CERTIFICATE-----