Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/Lfi2kFGwKCjTFh-UgGwG9fE3y28.roa
File:                     Lfi2kFGwKCjTFh-UgGwG9fE3y28.roa (raw, json)
Hash identifier:          vsaKPg/3Dci9H1drLTZRN5KQySI72yp3XcQ7k6Dlcjo=
Subject key identifier:   2D:F8:B6:90:51:B0:28:28:D3:16:1F:94:80:6C:06:F5:F1:37:CB:6F
Certificate issuer:       /CN=f2e2810f49b36fdd641c326bd1de4e42d128b046
Certificate serial:       019421441516D233985DAF6F8F37EF43B3B3
Authority key identifier: F2:E2:81:0F:49:B3:6F:DD:64:1C:32:6B:D1:DE:4E:42:D1:28:B0:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/Lfi2kFGwKCjTFh-UgGwG9fE3y28.roa
Signing time:             Wed 01 Jan 2025 09:48:17 +0000
ROA not before:           Wed 01 Jan 2025 09:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34970
IP address blocks:        212.103.22.0/23 maxlen: 24
                          212.103.24.0/24 maxlen: 24
                          212.103.25.0/24 maxlen: 24
                          212.103.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:15:16:d2:33:98:5d:af:6f:8f:37:ef:43:b3:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2e2810f49b36fdd641c326bd1de4e42d128b046
        Validity
            Not Before: Jan  1 09:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2df8b69051b02828d3161f94806c06f5f137cb6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:07:80:cb:2b:6c:15:3e:9d:4e:f6:dd:28:f8:
                    9a:d9:84:f0:4a:56:1e:65:bc:1f:b5:60:26:7e:eb:
                    cb:02:e2:2e:cc:81:95:51:30:e7:a6:ff:0b:82:f5:
                    c8:de:0a:79:cb:1c:0f:b6:c0:c0:0b:66:c0:e1:d1:
                    48:ed:91:b9:b1:9c:8f:05:ad:16:1e:af:25:02:27:
                    17:b3:94:3d:c3:6a:9e:7f:b9:6b:25:4e:e9:2c:22:
                    b7:af:68:84:74:48:0a:6a:d9:c1:b9:ab:f1:2a:50:
                    35:c1:ab:e3:0a:16:bb:b4:81:a9:69:5d:bb:cc:e7:
                    79:34:4b:46:b0:c2:84:c2:47:84:e2:6d:80:38:a9:
                    1c:c7:fd:d3:36:6d:d3:34:28:ed:a0:21:bb:66:81:
                    21:4c:58:9a:13:16:c5:11:23:1f:70:60:dc:55:68:
                    b2:80:e1:27:d3:0b:b7:42:80:b2:b1:5b:da:fa:3f:
                    99:d0:9c:40:c7:32:64:6f:95:f8:84:c8:bf:a1:7e:
                    6c:38:1a:5b:d7:be:f7:ee:dc:8c:77:75:5f:44:df:
                    a4:e3:8a:6c:31:af:75:32:a0:7f:34:e6:cb:c1:65:
                    1e:32:69:16:68:27:3b:49:18:5b:ec:ee:69:3a:90:
                    84:62:6e:ed:bc:39:a9:64:e8:79:56:84:cb:04:ba:
                    37:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:F8:B6:90:51:B0:28:28:D3:16:1F:94:80:6C:06:F5:F1:37:CB:6F
            X509v3 Authority Key Identifier:
                keyid:F2:E2:81:0F:49:B3:6F:DD:64:1C:32:6B:D1:DE:4E:42:D1:28:B0:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/Lfi2kFGwKCjTFh-UgGwG9fE3y28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.103.22.0-212.103.25.255
                  212.103.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:a7:e8:cb:ee:fc:14:e4:e7:76:90:4c:4c:b9:0c:f7:f7:50:
         a3:6e:75:04:d4:65:66:0a:b1:21:78:aa:eb:1d:43:16:53:c4:
         69:70:cf:74:ce:70:01:51:87:ac:db:d3:c8:3d:39:42:06:7a:
         85:10:e7:67:f0:07:79:18:2a:7e:30:5c:40:b3:b7:04:dd:e9:
         37:53:01:56:6d:ac:c2:d3:02:2c:a5:cb:e0:c6:f8:c2:30:61:
         64:af:72:db:1c:23:44:dd:7b:ef:18:ec:88:af:aa:6d:1f:ad:
         c0:09:39:e0:7e:c5:3d:52:2e:a3:c9:b1:60:34:8f:78:e1:95:
         e5:c4:38:0e:f2:22:d0:87:c5:eb:13:18:ae:70:42:61:42:74:
         26:41:45:3b:3e:2b:d7:77:91:e4:36:5d:96:8e:ff:1b:b3:d7:
         48:53:c2:31:b0:66:02:86:49:05:e7:47:95:e3:71:1e:5d:a1:
         e9:d5:62:d9:40:93:78:7a:f6:b7:80:b2:15:b6:b3:93:22:35:
         51:fe:14:44:6c:a2:1d:e6:cd:4c:3e:f4:6b:12:fc:02:b6:f7:
         bb:4a:c5:6f:30:a9:fd:f1:c9:fd:8e:74:c6:0e:bb:19:02:c2:
         65:79:d6:76:df:27:b5:6c:03:74:a6:c6:e3:d3:5a:12:3b:f8:
         9a:f9:c4:97
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQhRBUW0jOYXa9vjzfvQ7OzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZTI4MTBmNDliMzZmZGQ2NDFjMzI2YmQxZGU0ZTQyZDEy
OGIwNDYwHhcNMjUwMTAxMDk0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGY4YjY5MDUxYjAyODI4ZDMxNjFmOTQ4MDZjMDZmNWYxMzdjYjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArweAyytsFT6dTvbdKPia2YTwSlYe
ZbwftWAmfuvLAuIuzIGVUTDnpv8LgvXI3gp5yxwPtsDAC2bA4dFI7ZG5sZyPBa0W
Hq8lAicXs5Q9w2qef7lrJU7pLCK3r2iEdEgKatnBuavxKlA1wavjCha7tIGpaV27
zOd5NEtGsMKEwkeE4m2AOKkcx/3TNm3TNCjtoCG7ZoEhTFiaExbFESMfcGDcVWiy
gOEn0wu3QoCysVva+j+Z0JxAxzJkb5X4hMi/oX5sOBpb17737tyMd3VfRN+k44ps
Ma91MqB/NObLwWUeMmkWaCc7SRhb7O5pOpCEYm7tvDmpZOh5VoTLBLo3AQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFC34tpBRsCgo0xYflIBsBvXxN8tvMB8GA1UdIwQY
MBaAFPLigQ9Js2/dZBwya9HeTkLRKLBGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHVLQkQwbXpiOTFrSERKcjBkNU9RdEVvc0VZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi83OWU5MDUtZmIwZC00YjhiLTkzOTAt
NTBkMmI3MGJjZjMxLzEvTGZpMmtGR3dLQ2pURmgtVWdHd0c5ZkUzeTI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi83OWU5MDUtZmIwZC00YjhiLTkzOTAtNTBkMmI3MGJjZjMx
LzEvOHVLQkQwbXpiOTFrSERKcjBkNU9RdEVvc0VZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAHUZxYD
BAHUZxgDBADUZxwwDQYJKoZIhvcNAQELBQADggEBAFCn6Mvu/BTk53aQTEy5DPf3
UKNudQTUZWYKsSF4qusdQxZTxGlwz3TOcAFRh6zb08g9OUIGeoUQ52fwB3kYKn4w
XECztwTd6TdTAVZtrMLTAiyly+DG+MIwYWSvctscI0Tde+8Y7Iivqm0frcAJOeB+
xT1SLqPJsWA0j3jhleXEOA7yItCHxesTGK5wQmFCdCZBRTs+K9d3keQ2XZaO/xuz
10hTwjGwZgKGSQXnR5XjcR5doenVYtlAk3h69reAshW2s5MiNVH+FERsoh3mzUw+
9GsS/AK297tKxW8wqf3xyf2OdMYOuxkCwmV51nbfJ7VsA3SmxuPTWhI7+Jr5xJc=
-----END CERTIFICATE-----