Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/kdaSrzmnDVsM0RIoAgjgbrOtDPw.roa
File:                     kdaSrzmnDVsM0RIoAgjgbrOtDPw.roa (raw, json)
Hash identifier:          rqvV8WO0X2/bRdhoVD7e6+BEeyw0vjX6G9hkFrs+9Pk=
Subject key identifier:   91:D6:92:AF:39:A7:0D:5B:0C:D1:12:28:02:08:E0:6E:B3:AD:0C:FC
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       019681FAF81C179ED68EAAB5A892091039D0
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/kdaSrzmnDVsM0RIoAgjgbrOtDPw.roa
Signing time:             Tue 29 Apr 2025 14:37:10 +0000
ROA not before:           Tue 29 Apr 2025 14:37:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     264617
IP address blocks:        103.196.10.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:81:fa:f8:1c:17:9e:d6:8e:aa:b5:a8:92:09:10:39:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: Apr 29 14:37:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91d692af39a70d5b0cd112280208e06eb3ad0cfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:67:ad:9d:ea:91:32:14:78:27:2d:c7:69:16:
                    99:67:93:8e:54:6a:30:79:13:37:40:c8:60:54:63:
                    da:df:cd:eb:3e:ab:20:78:77:d7:5a:79:5c:0b:ef:
                    a3:15:79:3d:b8:f5:16:db:e2:75:0e:42:70:82:78:
                    41:18:b0:bf:44:dc:1d:65:86:a8:4b:ae:b9:c7:96:
                    1d:50:3a:23:65:8b:f1:d4:bd:25:2f:cb:c8:07:d8:
                    01:fb:a9:45:2d:c1:87:d7:57:72:b1:3f:95:9c:50:
                    9c:d9:39:16:25:69:b2:5c:67:dd:2e:ea:20:42:66:
                    70:95:a7:95:da:48:2a:d1:fd:60:4b:b1:1b:99:c7:
                    94:e5:65:26:b6:d6:8c:b0:94:15:e6:d0:65:cd:f7:
                    54:22:cd:76:d2:75:50:44:57:0b:0b:01:eb:fc:14:
                    e2:8c:bf:a4:67:86:75:f9:a0:e5:32:a2:91:7c:f9:
                    f6:2a:99:9c:e9:79:37:4f:e8:a9:f9:32:0f:8d:76:
                    27:c4:fc:fd:21:aa:46:36:f6:01:6d:01:62:80:ee:
                    f1:9a:18:85:b9:32:f9:4d:ac:9d:43:68:22:32:fb:
                    7c:18:64:4a:0d:29:bd:05:9c:c0:46:2c:41:51:80:
                    d2:ac:63:5c:c4:6e:cc:b6:66:3f:03:9f:21:ec:6b:
                    b9:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:D6:92:AF:39:A7:0D:5B:0C:D1:12:28:02:08:E0:6E:B3:AD:0C:FC
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/kdaSrzmnDVsM0RIoAgjgbrOtDPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.196.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:af:03:28:ae:f9:73:85:ed:eb:2d:ff:26:f4:70:4c:d9:bc:
         6b:34:44:0a:6d:56:6e:b0:a3:0a:c2:61:b7:d3:4b:c0:de:29:
         b6:66:af:20:b8:ab:ad:cf:1d:02:20:c7:0d:5f:04:85:8b:d5:
         b9:31:cd:c3:64:8d:03:0d:ed:01:55:32:73:ff:a4:d9:fd:02:
         cd:f9:15:65:4b:cb:0c:5c:00:c9:4a:3d:f3:1f:f6:02:23:fc:
         cb:ed:b4:f4:06:7c:33:4c:3e:d5:b0:0f:21:62:c3:a9:1c:a1:
         20:0f:40:09:b7:50:2a:06:27:a4:e4:6d:cb:16:16:a8:c3:8f:
         6d:80:d8:95:c2:d7:81:80:28:96:ce:de:26:97:a5:9d:7a:b4:
         17:e0:19:2d:2c:63:fa:5a:3a:3c:19:52:64:61:b6:e7:9d:2d:
         ac:b3:38:1b:bc:f1:72:9e:d2:64:0d:a7:bf:4f:be:b9:e8:eb:
         16:d3:f2:81:d9:0b:a0:0f:1d:76:dc:e3:2e:47:41:08:2c:5c:
         5f:40:0e:5c:c1:dd:1b:0c:0c:0d:16:bb:56:23:ea:22:f4:db:
         b2:5e:86:fd:08:c3:b5:6f:b5:1e:dc:d1:72:66:07:f8:d0:74:
         b5:fc:01:90:74:d7:a0:5a:5f:b8:8f:1e:2a:45:e6:52:64:16:
         54:a0:0d:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaB+vgcF57Wjqq1qJIJEDnQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjUwNDI5MTQzNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWQ2OTJhZjM5YTcwZDViMGNkMTEyMjgwMjA4ZTA2ZWIzYWQwY2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2etneqRMhR4Jy3HaRaZZ5OOVGow
eRM3QMhgVGPa383rPqsgeHfXWnlcC++jFXk9uPUW2+J1DkJwgnhBGLC/RNwdZYao
S665x5YdUDojZYvx1L0lL8vIB9gB+6lFLcGH11dysT+VnFCc2TkWJWmyXGfdLuog
QmZwlaeV2kgq0f1gS7EbmceU5WUmttaMsJQV5tBlzfdUIs120nVQRFcLCwHr/BTi
jL+kZ4Z1+aDlMqKRfPn2Kpmc6Xk3T+ip+TIPjXYnxPz9IapGNvYBbQFigO7xmhiF
uTL5TaydQ2giMvt8GGRKDSm9BZzARixBUYDSrGNcxG7MtmY/A58h7Gu5uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHWkq85pw1bDNESKAII4G6zrQz8MB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEva2RhU3J6bW5EVnNNMFJJb0Fnamdick90RFB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZ8QKMA0G
CSqGSIb3DQEBCwUAA4IBAQCNrwMorvlzhe3rLf8m9HBM2bxrNEQKbVZusKMKwmG3
00vA3im2Zq8guKutzx0CIMcNXwSFi9W5Mc3DZI0DDe0BVTJz/6TZ/QLN+RVlS8sM
XADJSj3zH/YCI/zL7bT0BnwzTD7VsA8hYsOpHKEgD0AJt1AqBiek5G3LFhaow49t
gNiVwteBgCiWzt4ml6WderQX4BktLGP6Wjo8GVJkYbbnnS2sszgbvPFyntJkDae/
T7656OsW0/KB2QugDx123OMuR0EILFxfQA5cwd0bDAwNFrtWI+oi9NuyXob9CMO1
b7Ue3NFyZgf40HS1/AGQdNegWl+4jx4qReZSZBZUoA0L
-----END CERTIFICATE-----