Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/GflhXTqWr4Djeyjd9NwZhU2nXag.roa
File:                     GflhXTqWr4Djeyjd9NwZhU2nXag.roa (raw, json)
Hash identifier:          5ibceGJkJSxJ7FSXsVV1EgbFL0m/h8ZsoTMhutnbloA=
Subject key identifier:   19:F9:61:5D:3A:96:AF:80:E3:7B:28:DD:F4:DC:19:85:4D:A7:5D:A8
Certificate issuer:       /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial:       0198988F73AD70264BF094364B4DA7F42BA1
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/GflhXTqWr4Djeyjd9NwZhU2nXag.roa
Signing time:             Mon 11 Aug 2025 09:56:34 +0000
ROA not before:           Mon 11 Aug 2025 09:56:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        103.124.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:8f:73:ad:70:26:4b:f0:94:36:4b:4d:a7:f4:2b:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
        Validity
            Not Before: Aug 11 09:56:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19f9615d3a96af80e37b28ddf4dc19854da75da8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:7c:79:17:da:e1:1d:97:5a:f1:ea:9e:f7:1d:
                    4c:9d:2c:60:f5:b4:71:be:ff:a7:ae:0b:dd:96:0d:
                    02:ea:b6:14:12:10:06:ac:4b:c5:c1:68:df:a5:a0:
                    8d:56:8d:89:86:81:db:12:bb:fc:c8:ac:36:e5:38:
                    08:27:66:3a:24:c9:10:a9:22:04:36:bd:76:e9:2c:
                    c6:20:f9:4a:e7:38:f4:72:22:ec:18:27:c4:cb:41:
                    04:59:77:26:12:c7:cb:77:0d:74:3a:c1:31:9d:d2:
                    69:2d:19:59:c8:a3:ae:e6:04:5a:f4:cb:c0:18:a5:
                    bf:44:e0:52:64:45:18:c2:96:0a:55:04:ad:92:58:
                    e8:35:8e:f1:49:51:5f:69:18:cb:1d:3f:9f:eb:86:
                    28:58:b7:bc:6c:99:fe:30:ce:c3:ee:ef:4b:3d:ee:
                    1f:b8:46:1d:30:5f:e4:1b:24:9a:34:72:5f:9b:76:
                    3b:24:1e:47:36:78:73:e0:bb:cb:97:f1:22:be:6a:
                    3e:3f:fd:31:0a:e5:f9:02:a0:5b:bc:77:ec:df:3d:
                    81:c8:5f:46:c5:59:2b:a4:8d:aa:bd:ea:14:f2:11:
                    ad:97:a6:2a:f5:54:1e:38:75:ae:73:4d:98:ad:14:
                    79:3c:59:5b:5c:d9:ae:3e:2d:ee:0a:07:e1:57:d2:
                    6d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:F9:61:5D:3A:96:AF:80:E3:7B:28:DD:F4:DC:19:85:4D:A7:5D:A8
            X509v3 Authority Key Identifier:
                keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/GflhXTqWr4Djeyjd9NwZhU2nXag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.124.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:a5:b1:54:b2:ce:36:c8:d0:ec:35:09:f3:b2:28:ef:cb:a8:
         a5:4e:7a:3f:b7:2b:a1:1c:bd:fc:c3:9a:5a:f1:10:13:4d:5c:
         dc:de:24:21:9f:53:cf:14:fd:8d:29:06:b1:23:74:57:7b:af:
         8a:3c:24:66:a6:88:f8:7b:35:e7:71:7a:56:f2:61:e5:f9:a9:
         f2:a6:e4:d3:67:bc:01:39:de:2e:b4:55:45:d0:14:82:9d:21:
         b1:18:1c:8d:11:2c:25:ce:e7:06:1a:eb:89:02:71:06:cb:3a:
         54:31:5b:0e:81:85:9b:01:ed:1b:57:e9:d5:7b:74:5c:77:1b:
         1a:c9:8f:4e:1a:e0:6c:e7:5b:90:35:23:ea:52:d6:1a:d7:b3:
         68:e5:8c:ed:32:dd:9c:36:68:23:d6:10:e0:95:ac:02:6b:0f:
         9b:93:62:b4:d6:ac:2e:4c:68:ea:fa:ef:2f:56:66:05:d5:da:
         36:ae:34:c7:ee:54:eb:fa:c1:0f:0d:9f:22:9c:54:51:e3:0f:
         50:87:75:2f:b3:79:81:3a:45:d0:bb:cc:26:1d:31:6f:69:1b:
         0f:8f:45:88:c5:46:46:ab:42:45:8e:eb:2d:83:df:4d:0c:21:
         0f:ea:6f:63:7f:2f:27:39:93:e4:45:dc:e5:0e:4f:8e:1d:39:
         d8:73:0c:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiYj3OtcCZL8JQ2S02n9CuhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNGFkNDUzNWFjODhkZDUzNDE5OWYyYTcyNjA5NWFmNzFh
ZmU0NGUwHhcNMjUwODExMDk1NjM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWY5NjE1ZDNhOTZhZjgwZTM3YjI4ZGRmNGRjMTk4NTRkYTc1ZGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1nx5F9rhHZda8eqe9x1MnSxg9bRx
vv+nrgvdlg0C6rYUEhAGrEvFwWjfpaCNVo2JhoHbErv8yKw25TgIJ2Y6JMkQqSIE
Nr126SzGIPlK5zj0ciLsGCfEy0EEWXcmEsfLdw10OsExndJpLRlZyKOu5gRa9MvA
GKW/ROBSZEUYwpYKVQStkljoNY7xSVFfaRjLHT+f64YoWLe8bJn+MM7D7u9LPe4f
uEYdMF/kGySaNHJfm3Y7JB5HNnhz4LvLl/Eivmo+P/0xCuX5AqBbvHfs3z2ByF9G
xVkrpI2qveoU8hGtl6Yq9VQeOHWuc02YrRR5PFlbXNmuPi3uCgfhV9JtNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBn5YV06lq+A43so3fTcGYVNp12oMB8GA1UdIwQY
MBaAFGJK1FNayI3VNBmfKnJgla9xr+ROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTct
ZmI1OTQ5ODA4ZGRjLzEvR2ZsaFhUcVdyNERqZXlqZDlOd1poVTJuWGFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTctZmI1OTQ5ODA4ZGRj
LzEvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ3ylMA0G
CSqGSIb3DQEBCwUAA4IBAQA3pbFUss42yNDsNQnzsijvy6ilTno/tyuhHL38w5pa
8RATTVzc3iQhn1PPFP2NKQaxI3RXe6+KPCRmpoj4ezXncXpW8mHl+anypuTTZ7wB
Od4utFVF0BSCnSGxGByNESwlzucGGuuJAnEGyzpUMVsOgYWbAe0bV+nVe3Rcdxsa
yY9OGuBs51uQNSPqUtYa17No5YztMt2cNmgj1hDglawCaw+bk2K01qwuTGjq+u8v
VmYF1do2rjTH7lTr+sEPDZ8inFRR4w9Qh3Uvs3mBOkXQu8wmHTFvaRsPj0WIxUZG
q0JFjustg99NDCEP6m9jfy8nOZPkRdzlDk+OHTnYcwxQ
-----END CERTIFICATE-----