Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/gWkZHgIkZd9yenAGLfTyA3gKWR4.roa
File:                     gWkZHgIkZd9yenAGLfTyA3gKWR4.roa (raw, json)
Hash identifier:          l54n2yyzmR2WNOmjMKZ/OpFoKCDgQWPMUC6iItLiMEs=
Subject key identifier:   81:69:19:1E:02:24:65:DF:72:7A:70:06:2D:F4:F2:03:78:0A:59:1E
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       019422FB0F08C6EF30A204E451D05DD088B5
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/gWkZHgIkZd9yenAGLfTyA3gKWR4.roa
Signing time:             Wed 01 Jan 2025 17:47:46 +0000
ROA not before:           Wed 01 Jan 2025 17:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58061
IP address blocks:        103.102.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:0f:08:c6:ef:30:a2:04:e4:51:d0:5d:d0:88:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: Jan  1 17:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8169191e022465df727a70062df4f203780a591e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:5a:59:df:3d:15:a2:8e:e0:9b:b7:e3:7d:66:
                    67:ea:25:5f:a3:0f:ac:f6:91:9a:8d:5e:26:0f:47:
                    ce:3d:8f:77:97:fa:d9:93:db:c5:d5:1c:cd:dc:8c:
                    16:6e:7d:37:f6:07:90:a3:e8:98:d1:a9:4c:de:6c:
                    32:4d:bc:5b:34:33:17:18:6f:aa:a6:75:c1:7b:fa:
                    f0:05:fe:06:cf:49:24:fe:87:d0:c4:6c:37:88:8b:
                    55:e5:0b:30:5b:24:2e:ee:62:9c:9e:4c:63:8d:01:
                    12:3f:6a:dd:ff:50:59:1c:8c:f8:63:3f:6b:4d:dc:
                    dd:7e:62:c9:e0:3e:44:ae:3b:71:80:12:99:93:d0:
                    81:b6:6f:3c:54:94:2e:37:85:7d:67:0d:c9:04:24:
                    13:92:6c:6d:34:72:65:9f:4f:3a:50:6a:55:7f:7f:
                    72:65:11:91:7e:ef:33:4f:89:a8:d7:cf:4a:48:19:
                    93:58:5a:28:8e:52:78:8b:38:60:dd:ad:93:29:1c:
                    fd:93:ee:c4:e1:c9:cf:c1:15:b6:8c:71:b5:87:a8:
                    98:cc:a0:47:7e:cf:31:cb:ff:dd:d5:75:0a:16:00:
                    97:0a:ec:5f:1f:a2:c3:8b:65:1e:09:73:8d:87:d7:
                    63:a4:b5:ef:bd:4e:f0:77:31:df:67:24:6f:c7:d0:
                    49:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:69:19:1E:02:24:65:DF:72:7A:70:06:2D:F4:F2:03:78:0A:59:1E
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/gWkZHgIkZd9yenAGLfTyA3gKWR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.102.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:40:a9:d2:30:44:83:3c:a1:3d:cc:4c:ef:3a:4f:7f:a7:d5:
         69:eb:b4:a2:5b:5e:2b:33:0f:4d:10:58:0a:1e:c6:0d:10:13:
         8e:ab:15:72:50:f7:02:fd:c3:ba:23:ec:5f:6a:81:b7:25:f7:
         86:a1:4e:5d:8f:b5:66:da:65:61:c6:7b:62:0c:bf:c2:e5:c6:
         ca:7e:14:83:91:6c:42:61:77:8e:04:7f:7a:f2:73:49:c4:6e:
         fe:fe:7c:87:66:f4:0a:bd:ba:72:02:45:51:57:07:05:bf:8b:
         eb:ce:55:4c:45:dc:34:77:48:08:fc:90:b1:9f:21:1b:0d:de:
         22:aa:a7:c1:80:36:11:84:20:20:6a:47:c0:63:da:0e:f0:07:
         f8:8b:5f:bb:06:85:e3:ad:4f:5c:04:da:0b:08:34:a9:d9:22:
         59:8b:7c:31:78:19:e7:14:06:d2:c7:e0:f5:95:82:b5:f9:cf:
         c7:b8:b2:83:cb:7a:b9:fd:3b:d3:79:6c:fc:c5:40:75:b2:88:
         65:95:f5:33:2c:b3:76:5f:d2:1a:a9:17:56:09:47:73:aa:3d:
         84:26:9d:fb:49:2f:db:6b:7c:f5:b2:19:c0:8f:d6:5c:81:74:
         a7:0f:a6:83:fa:fc:d7:5f:f5:01:06:fc:3a:35:78:86:a7:49:
         de:42:4b:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+w8Ixu8wogTkUdBd0Ii1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjUwMTAxMTc0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTY5MTkxZTAyMjQ2NWRmNzI3YTcwMDYyZGY0ZjIwMzc4MGE1OTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3VpZ3z0Voo7gm7fjfWZn6iVfow+s
9pGajV4mD0fOPY93l/rZk9vF1RzN3IwWbn039geQo+iY0alM3mwyTbxbNDMXGG+q
pnXBe/rwBf4Gz0kk/ofQxGw3iItV5QswWyQu7mKcnkxjjQESP2rd/1BZHIz4Yz9r
TdzdfmLJ4D5ErjtxgBKZk9CBtm88VJQuN4V9Zw3JBCQTkmxtNHJln086UGpVf39y
ZRGRfu8zT4mo189KSBmTWFoojlJ4izhg3a2TKRz9k+7E4cnPwRW2jHG1h6iYzKBH
fs8xy//d1XUKFgCXCuxfH6LDi2UeCXONh9djpLXvvU7wdzHfZyRvx9BJDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIFpGR4CJGXfcnpwBi308gN4ClkeMB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEvZ1drWkhnSWtaZDl5ZW5BR0xmVHlBM2dLV1I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ2blMA0G
CSqGSIb3DQEBCwUAA4IBAQBAQKnSMESDPKE9zEzvOk9/p9Vp67SiW14rMw9NEFgK
HsYNEBOOqxVyUPcC/cO6I+xfaoG3JfeGoU5dj7Vm2mVhxntiDL/C5cbKfhSDkWxC
YXeOBH968nNJxG7+/nyHZvQKvbpyAkVRVwcFv4vrzlVMRdw0d0gI/JCxnyEbDd4i
qqfBgDYRhCAgakfAY9oO8Af4i1+7BoXjrU9cBNoLCDSp2SJZi3wxeBnnFAbSx+D1
lYK1+c/HuLKDy3q5/TvTeWz8xUB1sohllfUzLLN2X9IaqRdWCUdzqj2EJp37SS/b
a3z1shnAj9ZcgXSnD6aD+vzXX/UBBvw6NXiGp0neQkuO
-----END CERTIFICATE-----