Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/8mfWKUaTIk1RDd44sNUtQ4HsM2s.roa
File:                     8mfWKUaTIk1RDd44sNUtQ4HsM2s.roa (raw, json)
Hash identifier:          GuIpyglmMkqHqRdMJ131I6La+nXiqbtWAj+MwrMR+Yc=
Subject key identifier:   F2:67:D6:29:46:93:22:4D:51:0D:DE:38:B0:D5:2D:43:81:EC:33:6B
Certificate issuer:       /CN=27c007e5082b8e8d8289018718cfd527a7893e5e
Certificate serial:       019425FC13F9A7A383BDAE6989B9B452C019
Authority key identifier: 27:C0:07:E5:08:2B:8E:8D:82:89:01:87:18:CF:D5:27:A7:89:3E:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/8mfWKUaTIk1RDd44sNUtQ4HsM2s.roa
Signing time:             Thu 02 Jan 2025 07:47:44 +0000
ROA not before:           Thu 02 Jan 2025 07:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215606
IP address blocks:        103.241.49.0/24 maxlen: 24
                          2a0a:51c5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:13:f9:a7:a3:83:bd:ae:69:89:b9:b4:52:c0:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c007e5082b8e8d8289018718cfd527a7893e5e
        Validity
            Not Before: Jan  2 07:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f267d6294693224d510dde38b0d52d4381ec336b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:17:e8:f0:9a:c7:d1:0f:50:b5:fb:6d:b7:4d:
                    41:ee:fc:21:5b:f7:06:0d:c5:cc:d9:4d:dd:f6:ed:
                    51:c6:46:f4:04:04:dd:3f:bc:29:7c:6f:67:f3:09:
                    4d:40:a7:46:d5:43:ac:0b:fd:84:13:01:6b:fb:20:
                    ae:1b:23:8e:00:92:48:52:c1:d2:e3:af:e3:c2:ce:
                    27:90:01:9e:52:ab:d6:16:8a:45:53:c3:c5:10:fb:
                    ec:ac:4c:08:ac:63:5b:4c:05:84:5f:c2:39:0e:01:
                    18:6e:71:a5:b7:49:f6:33:9d:13:35:23:56:79:16:
                    da:58:3d:97:a2:66:43:d6:0b:0b:e0:14:66:72:14:
                    09:b6:64:b4:b2:91:d2:da:b5:ec:ee:5f:ac:37:7e:
                    f0:f3:d9:1b:eb:83:c0:78:de:3d:46:8c:60:63:8a:
                    70:39:b4:c0:49:a8:19:59:7b:b7:10:24:38:e7:20:
                    5e:9a:63:b2:9e:f0:03:af:fd:bd:a2:d5:34:20:66:
                    00:c7:a2:f2:af:09:b4:f9:7f:29:42:08:7f:d7:1f:
                    a6:b3:67:de:1f:25:a0:1e:94:5c:72:8c:69:a6:e4:
                    89:3f:8c:d9:00:61:0d:8b:0c:5b:98:32:e0:ad:52:
                    db:0c:e3:f9:da:45:54:dc:7e:90:32:cf:ae:6b:88:
                    95:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:67:D6:29:46:93:22:4D:51:0D:DE:38:B0:D5:2D:43:81:EC:33:6B
            X509v3 Authority Key Identifier:
                keyid:27:C0:07:E5:08:2B:8E:8D:82:89:01:87:18:CF:D5:27:A7:89:3E:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/8mfWKUaTIk1RDd44sNUtQ4HsM2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.241.49.0/24
                IPv6:
                  2a0a:51c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:af:2a:7e:dc:1f:1e:c1:be:51:f8:52:01:40:44:1c:48:7f:
         5f:34:0e:53:ad:46:8b:94:ef:66:3d:c6:aa:01:7d:8f:f6:d6:
         f8:4a:06:fc:83:8a:7b:93:db:02:08:61:ab:72:67:b1:08:f9:
         7a:bb:6d:dd:37:e5:ad:28:63:46:5b:29:ef:b7:c1:f2:d4:b8:
         57:23:61:23:93:b0:56:7c:11:91:37:fa:85:c5:5d:dc:c8:99:
         88:2c:a3:54:b3:a9:40:9e:b9:12:c5:20:eb:26:46:6e:de:21:
         fb:dc:71:68:91:12:ea:bd:59:d2:60:fc:1c:be:cd:e1:13:cb:
         f3:44:4d:2a:2f:68:4e:2b:6f:d1:77:d2:99:3d:b2:7d:22:bc:
         d9:d7:c8:51:b3:c0:f9:47:13:fe:d8:66:c6:d9:74:fc:43:ed:
         ed:8f:8f:22:d9:38:75:56:2c:e1:b6:6c:d9:dc:62:40:6a:25:
         61:7a:30:4e:9a:71:c5:98:b1:4f:96:fa:0c:2d:0f:6f:76:cd:
         9a:1e:b7:5f:e7:98:ff:a4:6a:85:70:ae:dd:63:fa:1b:00:ac:
         49:a8:6b:c5:9f:ac:83:32:8e:ad:78:bb:85:bb:37:63:3e:87:
         1a:9c:87:06:c9:01:a4:02:f9:d6:f0:aa:82:be:c3:70:65:e9:
         2e:24:c1:34
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/BP5p6ODva5pibm0UsAZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzAwN2U1MDgyYjhlOGQ4Mjg5MDE4NzE4Y2ZkNTI3YTc4
OTNlNWUwHhcNMjUwMTAyMDc0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjY3ZDYyOTQ2OTMyMjRkNTEwZGRlMzhiMGQ1MmQ0MzgxZWMzMzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBfo8JrH0Q9Qtfttt01B7vwhW/cG
DcXM2U3d9u1Rxkb0BATdP7wpfG9n8wlNQKdG1UOsC/2EEwFr+yCuGyOOAJJIUsHS
46/jws4nkAGeUqvWFopFU8PFEPvsrEwIrGNbTAWEX8I5DgEYbnGlt0n2M50TNSNW
eRbaWD2XomZD1gsL4BRmchQJtmS0spHS2rXs7l+sN37w89kb64PAeN49RoxgY4pw
ObTASagZWXu3ECQ45yBemmOynvADr/29otU0IGYAx6Lyrwm0+X8pQgh/1x+ms2fe
HyWgHpRccoxppuSJP4zZAGENiwxbmDLgrVLbDOP52kVU3H6QMs+ua4iV8QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPJn1ilGkyJNUQ3eOLDVLUOB7DNrMB8GA1UdIwQY
MBaAFCfAB+UIK46NgokBhxjP1SeniT5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhBSDVRZ3JqbzJDaVFHSEdNX1ZKNmVKUGw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8wNmZlMTQtZDE0Ni00ZTY2LWE4NDEt
MmM2NGMyOTEzNTNlLzEvOG1mV0tVYVRJazFSRGQ0NHNOVXRRNEhzTTJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8wNmZlMTQtZDE0Ni00ZTY2LWE4NDEtMmM2NGMyOTEzNTNl
LzEvSjhBSDVRZ3JqbzJDaVFHSEdNX1ZKNmVKUGw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAZ/ExMA0E
AgACMAcDBQAqClHFMA0GCSqGSIb3DQEBCwUAA4IBAQBiryp+3B8ewb5R+FIBQEQc
SH9fNA5TrUaLlO9mPcaqAX2P9tb4Sgb8g4p7k9sCCGGrcmexCPl6u23dN+WtKGNG
Wynvt8Hy1LhXI2Ejk7BWfBGRN/qFxV3cyJmILKNUs6lAnrkSxSDrJkZu3iH73HFo
kRLqvVnSYPwcvs3hE8vzRE0qL2hOK2/Rd9KZPbJ9IrzZ18hRs8D5RxP+2GbG2XT8
Q+3tj48i2Th1VizhtmzZ3GJAaiVhejBOmnHFmLFPlvoMLQ9vds2aHrdf55j/pGqF
cK7dY/obAKxJqGvFn6yDMo6teLuFuzdjPocanIcGyQGkAvnW8KqCvsNwZekuJME0
-----END CERTIFICATE-----