Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/w817R2rVDrkOr9-q6GQr8_uBTG8.roa
File:                     w817R2rVDrkOr9-q6GQr8_uBTG8.roa (raw, json)
Hash identifier:          so5eeAE+xKfm7ypVrEwvXF5gYCxakMp7mPmxkvthc+4=
Subject key identifier:   C3:CD:7B:47:6A:D5:0E:B9:0E:AF:DF:AA:E8:64:2B:F3:FB:81:4C:6F
Certificate issuer:       /CN=27c007e5082b8e8d8289018718cfd527a7893e5e
Certificate serial:       018DD5280CF55163F4C5A76A3723741FFE40
Authority key identifier: 27:C0:07:E5:08:2B:8E:8D:82:89:01:87:18:CF:D5:27:A7:89:3E:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/w817R2rVDrkOr9-q6GQr8_uBTG8.roa
Signing time:             Fri 23 Feb 2024 08:49:48 +0000
ROA not before:           Fri 23 Feb 2024 08:49:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215606
IP address blocks:        103.241.49.0/24 maxlen: 24
                          2a0a:51c5::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:28:0c:f5:51:63:f4:c5:a7:6a:37:23:74:1f:fe:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c007e5082b8e8d8289018718cfd527a7893e5e
        Validity
            Not Before: Feb 23 08:49:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3cd7b476ad50eb90eafdfaae8642bf3fb814c6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:5c:e0:de:f3:12:e9:3e:62:04:90:1d:de:70:
                    8e:a0:d2:b8:68:f8:30:57:31:2c:22:07:12:9c:29:
                    fa:2d:9b:80:89:61:81:40:04:1a:02:93:8f:af:33:
                    4f:48:1c:34:f5:03:af:08:c7:67:ba:2f:02:f1:6e:
                    5f:54:cb:4a:ef:3f:3a:17:1c:a0:24:0d:36:8d:f8:
                    24:97:78:39:e9:b4:d3:8a:d9:fa:ac:11:3e:e9:fe:
                    26:dd:e7:66:19:85:b5:be:50:18:13:08:81:c2:e7:
                    84:03:e9:cb:00:92:e5:1c:2b:84:8f:99:b8:c2:34:
                    40:92:b9:b3:a4:4e:24:12:9c:2c:b1:68:2a:1a:2d:
                    0e:b9:39:53:a4:7d:b9:22:04:45:b3:e9:8f:15:42:
                    6f:49:c7:6d:f1:c1:3c:94:51:ed:12:53:5f:6a:e5:
                    8d:49:df:21:7d:59:66:a5:31:38:1c:ac:9f:70:2e:
                    c8:32:30:64:f3:81:40:2c:0d:bd:ea:f8:21:f5:49:
                    c1:3e:c9:04:32:09:43:b8:41:2d:da:53:65:20:07:
                    03:3d:c4:53:c0:11:72:fc:f3:4c:6a:77:93:30:c7:
                    43:d7:f4:56:d9:22:0b:6d:db:2b:e1:b5:ad:42:c4:
                    f9:ee:14:0a:e7:04:4b:28:47:bd:87:ab:87:f9:48:
                    ce:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:CD:7B:47:6A:D5:0E:B9:0E:AF:DF:AA:E8:64:2B:F3:FB:81:4C:6F
            X509v3 Authority Key Identifier:
                keyid:27:C0:07:E5:08:2B:8E:8D:82:89:01:87:18:CF:D5:27:A7:89:3E:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/w817R2rVDrkOr9-q6GQr8_uBTG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.241.49.0/24
                IPv6:
                  2a0a:51c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         b9:d5:c3:d5:81:64:42:50:db:b7:2c:b8:83:48:a6:06:94:8e:
         25:f0:13:f2:97:e1:ab:a5:38:4d:e8:b9:54:ed:4d:10:cb:9d:
         d7:41:3b:2e:07:8f:00:d9:8e:45:1a:08:bf:30:13:c8:51:1f:
         84:22:bc:bd:8d:86:46:e4:12:8e:cc:3e:98:c2:27:ae:8b:ce:
         a2:99:5c:5e:ff:5c:34:27:f8:86:99:71:2c:64:2b:ca:94:36:
         5c:f9:28:50:44:89:f5:88:e0:ee:fe:31:6b:0c:43:5b:9b:0f:
         a7:37:32:4d:e2:85:3b:92:60:91:10:9a:01:ad:ce:ab:bd:75:
         09:63:10:ac:3b:1a:f9:0c:17:2e:c4:29:7e:8d:91:84:92:aa:
         5e:30:55:0e:76:79:eb:5c:33:3e:b3:0e:89:69:ff:6e:a3:9e:
         fb:4d:a7:e3:a5:d2:b5:ae:1e:9f:12:4a:30:70:04:2a:e1:3e:
         02:92:b6:87:00:54:8a:e3:58:3b:ab:38:3f:30:31:f1:2b:72:
         13:61:39:78:30:a9:a0:d3:e6:6a:53:fb:69:55:14:af:e3:a4:
         88:12:3b:e2:30:c5:e7:01:01:34:b4:a2:7e:0e:1e:bc:71:15:
         26:45:9d:e5:57:bd:3e:83:2f:23:4e:cf:e3:ab:ef:79:75:cf:
         1f:2d:2c:cb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY3VKAz1UWP0xadqNyN0H/5AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzAwN2U1MDgyYjhlOGQ4Mjg5MDE4NzE4Y2ZkNTI3YTc4
OTNlNWUwHhcNMjQwMjIzMDg0OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2NkN2I0NzZhZDUwZWI5MGVhZmRmYWFlODY0MmJmM2ZiODE0YzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVzg3vMS6T5iBJAd3nCOoNK4aPgw
VzEsIgcSnCn6LZuAiWGBQAQaApOPrzNPSBw09QOvCMdnui8C8W5fVMtK7z86Fxyg
JA02jfgkl3g56bTTitn6rBE+6f4m3edmGYW1vlAYEwiBwueEA+nLAJLlHCuEj5m4
wjRAkrmzpE4kEpwssWgqGi0OuTlTpH25IgRFs+mPFUJvScdt8cE8lFHtElNfauWN
Sd8hfVlmpTE4HKyfcC7IMjBk84FALA296vgh9UnBPskEMglDuEEt2lNlIAcDPcRT
wBFy/PNManeTMMdD1/RW2SILbdsr4bWtQsT57hQK5wRLKEe9h6uH+UjOQwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMPNe0dq1Q65Dq/fquhkK/P7gUxvMB8GA1UdIwQY
MBaAFCfAB+UIK46NgokBhxjP1SeniT5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhBSDVRZ3JqbzJDaVFHSEdNX1ZKNmVKUGw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8wNmZlMTQtZDE0Ni00ZTY2LWE4NDEt
MmM2NGMyOTEzNTNlLzEvdzgxN1IyclZEcmtPcjktcTZHUXI4X3VCVEc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8wNmZlMTQtZDE0Ni00ZTY2LWE4NDEtMmM2NGMyOTEzNTNl
LzEvSjhBSDVRZ3JqbzJDaVFHSEdNX1ZKNmVKUGw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAZ/ExMA0E
AgACMAcDBQAqClHFMA0GCSqGSIb3DQEBCwUAA4IBAQC51cPVgWRCUNu3LLiDSKYG
lI4l8BPyl+GrpThN6LlU7U0Qy53XQTsuB48A2Y5FGgi/MBPIUR+EIry9jYZG5BKO
zD6Ywieui86imVxe/1w0J/iGmXEsZCvKlDZc+ShQRIn1iODu/jFrDENbmw+nNzJN
4oU7kmCREJoBrc6rvXUJYxCsOxr5DBcuxCl+jZGEkqpeMFUOdnnrXDM+sw6Jaf9u
o577TafjpdK1rh6fEkowcAQq4T4CkraHAFSK41g7qzg/MDHxK3ITYTl4MKmg0+Zq
U/tpVRSv46SIEjviMMXnAQE0tKJ+Dh68cRUmRZ3lV70+gy8jTs/jq+95dc8fLSzL
-----END CERTIFICATE-----