Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/ZbwUWjs9o76pI3kjzXXqiUmfJWs.roa
File:                     ZbwUWjs9o76pI3kjzXXqiUmfJWs.roa (raw, json)
Hash identifier:          z8UzCAWnCWtYZdQcdAh+iDVTaruSoFX/I30w0uTUKuY=
Subject key identifier:   65:BC:14:5A:3B:3D:A3:BE:A9:23:79:23:CD:75:EA:89:49:9F:25:6B
Certificate issuer:       /CN=5c892aed3833e6100f5e0cf12271fd80b755c361
Certificate serial:       019690B5DA8C9221239896DA6D9D176BBEE7
Authority key identifier: 5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/ZbwUWjs9o76pI3kjzXXqiUmfJWs.roa
Signing time:             Fri 02 May 2025 11:15:59 +0000
ROA not before:           Fri 02 May 2025 11:15:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61112
IP address blocks:        103.76.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:90:b5:da:8c:92:21:23:98:96:da:6d:9d:17:6b:be:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c892aed3833e6100f5e0cf12271fd80b755c361
        Validity
            Not Before: May  2 11:15:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65bc145a3b3da3bea9237923cd75ea89499f256b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:54:ee:fc:79:3a:da:60:c6:09:04:eb:01:9d:
                    63:86:ec:58:fd:d1:d7:dd:e5:44:0b:9e:7f:0d:6c:
                    c7:6d:40:95:76:dd:ca:0c:d2:16:f5:1c:5a:db:23:
                    ab:14:d6:44:cc:61:47:11:ea:72:f7:79:46:a0:c4:
                    a6:15:0e:24:2d:64:a0:d1:16:05:99:80:9c:6e:47:
                    e5:f7:02:9b:4c:86:91:3c:b3:f0:4f:fa:b0:c5:d4:
                    91:05:1b:f3:b0:6f:23:dd:fb:f4:7d:f9:11:58:13:
                    47:77:db:9f:18:ad:e5:10:1f:82:4d:68:5f:3b:f4:
                    65:26:eb:af:f8:94:bf:df:d5:f1:f8:a4:a5:bc:fb:
                    b1:a6:e4:ff:3a:6e:41:39:4f:34:3a:cf:f5:99:62:
                    a9:39:37:2e:77:59:f8:58:de:18:eb:4b:e2:e4:d1:
                    65:d3:ac:56:3c:b2:a3:9e:3b:7a:7e:a1:f2:85:da:
                    2e:8c:4b:a5:61:80:be:e2:72:11:fa:ea:dd:c0:52:
                    9a:16:58:aa:90:35:31:9a:33:49:38:50:c1:a5:cd:
                    d5:7a:fd:ae:54:2a:a8:10:d8:0a:8f:85:25:3f:f3:
                    91:ee:f3:7b:0e:4a:ea:8c:83:66:df:9f:6f:93:b6:
                    98:1e:ef:75:0f:c4:91:38:a5:73:b2:d5:57:70:b6:
                    d8:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:BC:14:5A:3B:3D:A3:BE:A9:23:79:23:CD:75:EA:89:49:9F:25:6B
            X509v3 Authority Key Identifier:
                keyid:5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/ZbwUWjs9o76pI3kjzXXqiUmfJWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.76.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:d1:55:19:c6:e8:45:29:a9:a6:c4:ab:78:b7:ce:c5:13:c8:
         d9:cb:cc:57:2f:48:1b:4d:be:29:8b:0d:e3:87:69:8a:5c:50:
         18:cb:a7:43:31:cf:92:f9:d0:c2:f6:2e:ec:20:a1:d0:2c:07:
         18:8a:f8:bd:06:02:ca:85:ae:02:21:60:a5:bd:a3:d8:8e:bb:
         bf:da:8c:6f:1f:e2:ba:bc:ae:4d:53:15:78:93:b2:3e:8c:3c:
         a6:5a:c9:cc:90:05:1a:fe:fe:c1:37:28:31:a7:fa:16:91:80:
         57:d0:49:0e:00:43:4b:7d:5c:7d:91:9e:22:af:3c:3c:1f:39:
         a6:ab:19:c2:d0:5e:ee:c4:a5:49:d7:0f:1e:90:ae:5b:e8:2c:
         01:1a:f9:5b:38:73:b0:bf:5b:0c:df:6a:e9:41:05:e6:96:0c:
         c0:09:dc:16:b7:25:14:dd:24:30:5e:09:4a:78:5c:75:f5:45:
         7b:af:09:a4:26:2c:09:a4:8e:c1:0f:b1:c5:04:87:db:f5:0a:
         4a:16:64:4d:81:10:bc:c7:fb:6e:e3:66:d0:cd:f5:99:65:ee:
         6f:63:32:16:76:4e:f5:81:9f:b4:77:38:68:a6:f3:af:2f:8c:
         13:f5:40:19:50:3f:73:64:36:5f:ec:00:b3:da:01:aa:ee:20:
         49:ef:0d:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaQtdqMkiEjmJbabZ0Xa77nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjODkyYWVkMzgzM2U2MTAwZjVlMGNmMTIyNzFmZDgwYjc1
NWMzNjEwHhcNMjUwNTAyMTExNTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWJjMTQ1YTNiM2RhM2JlYTkyMzc5MjNjZDc1ZWE4OTQ5OWYyNTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFTu/Hk62mDGCQTrAZ1jhuxY/dHX
3eVEC55/DWzHbUCVdt3KDNIW9Rxa2yOrFNZEzGFHEepy93lGoMSmFQ4kLWSg0RYF
mYCcbkfl9wKbTIaRPLPwT/qwxdSRBRvzsG8j3fv0ffkRWBNHd9ufGK3lEB+CTWhf
O/RlJuuv+JS/39Xx+KSlvPuxpuT/Om5BOU80Os/1mWKpOTcud1n4WN4Y60vi5NFl
06xWPLKjnjt6fqHyhdoujEulYYC+4nIR+urdwFKaFliqkDUxmjNJOFDBpc3Vev2u
VCqoENgKj4UlP/OR7vN7DkrqjINm359vk7aYHu91D8SROKVzstVXcLbYBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGW8FFo7PaO+qSN5I8116olJnyVrMB8GA1UdIwQY
MBaAFFyJKu04M+YQD14M8SJx/YC3VcNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2Ut
M2FhN2RhYTlkM2VjLzEvWmJ3VVdqczlvNzZwSTNranpYWHFpVW1mSldzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2UtM2FhN2RhYTlkM2Vj
LzEvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ0yAMA0G
CSqGSIb3DQEBCwUAA4IBAQBY0VUZxuhFKammxKt4t87FE8jZy8xXL0gbTb4piw3j
h2mKXFAYy6dDMc+S+dDC9i7sIKHQLAcYivi9BgLKha4CIWClvaPYjru/2oxvH+K6
vK5NUxV4k7I+jDymWsnMkAUa/v7BNygxp/oWkYBX0EkOAENLfVx9kZ4irzw8Hzmm
qxnC0F7uxKVJ1w8ekK5b6CwBGvlbOHOwv1sM32rpQQXmlgzACdwWtyUU3SQwXglK
eFx19UV7rwmkJiwJpI7BD7HFBIfb9QpKFmRNgRC8x/tu42bQzfWZZe5vYzIWdk71
gZ+0dzhopvOvL4wT9UAZUD9zZDZf7ACz2gGq7iBJ7w0m
-----END CERTIFICATE-----