Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/KF2Tc_xB4k-8weovL7-Ileoxaso.roa
File:                     KF2Tc_xB4k-8weovL7-Ileoxaso.roa (raw, json)
Hash identifier:          UvTtt91MqUcNlPPlfW77/P41IzB/fbxM+zQVLeOPHOQ=
Subject key identifier:   28:5D:93:73:FC:41:E2:4F:BC:C1:EA:2F:2F:BF:88:95:EA:31:6A:CA
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019695CE55D9A7D5ADD8A15B3C98FC9B1D24
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/KF2Tc_xB4k-8weovL7-Ileoxaso.roa
Signing time:             Sat 03 May 2025 11:00:49 +0000
ROA not before:           Sat 03 May 2025 11:00:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        103.73.35.0/24 maxlen: 24
                          202.71.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:95:ce:55:d9:a7:d5:ad:d8:a1:5b:3c:98:fc:9b:1d:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: May  3 11:00:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=285d9373fc41e24fbcc1ea2f2fbf8895ea316aca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:60:32:e3:b1:aa:4e:ff:e1:2f:d2:9a:f1:6f:
                    e1:25:cf:d5:33:ac:b4:86:2c:16:88:d8:1f:b2:67:
                    79:bc:22:61:95:0b:49:0d:e6:3b:ce:fd:95:17:53:
                    c7:71:30:26:d5:b2:c7:9d:00:a7:2a:50:8a:fb:c4:
                    5c:8d:67:e0:bd:34:ef:38:d8:48:8e:5a:32:70:c5:
                    a0:23:47:6f:18:26:38:f3:ad:7b:fe:2a:a8:8c:1a:
                    57:b4:38:32:9e:2f:02:b7:b3:69:0c:89:e6:00:30:
                    23:91:6c:64:b2:c2:5b:7c:51:89:4e:15:30:97:d9:
                    7a:65:27:26:94:4b:6c:ec:c4:7b:f5:ac:6c:df:3e:
                    1f:e1:af:ff:00:ab:c0:41:ef:d8:4f:2f:5c:61:da:
                    5c:94:57:b8:fe:89:73:bf:08:e2:f7:f2:f4:c5:09:
                    b1:1f:4f:ea:7a:8f:45:96:26:63:20:c6:48:ee:be:
                    82:ea:30:8b:fb:ce:2e:30:a0:51:1a:7e:13:3d:c5:
                    d7:90:4a:1e:6a:67:9d:29:ae:16:95:d9:7c:b3:e7:
                    b5:82:3c:ca:6b:83:b5:1d:88:90:57:fa:20:2c:a8:
                    03:92:85:1d:70:7c:1e:eb:25:ca:ad:4c:19:4b:26:
                    a7:e0:ab:d8:b1:1d:69:b9:bc:91:c1:1f:37:66:3e:
                    02:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:5D:93:73:FC:41:E2:4F:BC:C1:EA:2F:2F:BF:88:95:EA:31:6A:CA
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/KF2Tc_xB4k-8weovL7-Ileoxaso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.73.35.0/24
                  202.71.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:f0:7c:e8:d3:ab:9f:ab:5a:54:55:d7:ff:a8:4f:c4:5c:b8:
         09:84:9d:20:f5:4e:0f:99:1f:f9:fd:87:dc:d7:7a:3f:fb:74:
         c3:9a:03:86:ae:fd:e9:6c:12:75:84:af:a9:cb:94:2a:3e:4d:
         aa:7e:fe:b6:29:65:06:95:d8:57:8d:38:68:7a:f5:73:8e:ee:
         81:42:a0:31:2f:e1:e5:9d:09:17:e0:10:50:dc:d5:5f:a4:02:
         95:96:11:b1:69:eb:49:fb:b9:46:76:78:f9:5e:5a:8d:ab:66:
         d3:75:d1:d8:cb:21:b4:38:ae:8a:2d:63:f6:b8:c1:65:7d:a7:
         bd:15:1e:b7:86:af:9e:86:d2:25:97:32:c6:ee:7d:f3:63:bc:
         ef:59:4f:b4:5d:2a:67:72:bb:38:04:b5:07:49:54:dd:88:5f:
         66:7c:09:21:2d:e2:7d:bc:6f:91:e7:03:18:d8:41:31:85:e3:
         3a:64:b6:c7:7f:06:6c:ad:9c:c8:43:02:62:b1:ed:06:9b:83:
         24:4c:53:38:8d:1a:24:14:51:de:81:06:ca:55:f9:46:57:bb:
         44:09:69:e9:14:8c:67:43:e5:e4:0c:fe:2a:e6:05:f6:5d:ad:
         98:78:d6:d8:94:bc:76:51:7f:97:3b:97:59:69:c1:4f:db:f1:
         c7:07:04:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaVzlXZp9Wt2KFbPJj8mx0kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwNTAzMTEwMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODVkOTM3M2ZjNDFlMjRmYmNjMWVhMmYyZmJmODg5NWVhMzE2YWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGAy47GqTv/hL9Ka8W/hJc/VM6y0
hiwWiNgfsmd5vCJhlQtJDeY7zv2VF1PHcTAm1bLHnQCnKlCK+8RcjWfgvTTvONhI
jloycMWgI0dvGCY48617/iqojBpXtDgyni8Ct7NpDInmADAjkWxkssJbfFGJThUw
l9l6ZScmlEts7MR79axs3z4f4a//AKvAQe/YTy9cYdpclFe4/olzvwji9/L0xQmx
H0/qeo9FliZjIMZI7r6C6jCL+84uMKBRGn4TPcXXkEoeamedKa4Wldl8s+e1gjzK
a4O1HYiQV/ogLKgDkoUdcHwe6yXKrUwZSyan4KvYsR1pubyRwR83Zj4CSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFChdk3P8QeJPvMHqLy+/iJXqMWrKMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvS0YyVGNfeEI0ay04d2Vvdkw3LUlsZW94YXNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ0kjAwQA
ykcNMA0GCSqGSIb3DQEBCwUAA4IBAQB/8Hzo06ufq1pUVdf/qE/EXLgJhJ0g9U4P
mR/5/Yfc13o/+3TDmgOGrv3pbBJ1hK+py5QqPk2qfv62KWUGldhXjThoevVzju6B
QqAxL+HlnQkX4BBQ3NVfpAKVlhGxaetJ+7lGdnj5XlqNq2bTddHYyyG0OK6KLWP2
uMFlfae9FR63hq+ehtIllzLG7n3zY7zvWU+0XSpncrs4BLUHSVTdiF9mfAkhLeJ9
vG+R5wMY2EExheM6ZLbHfwZsrZzIQwJise0Gm4MkTFM4jRokFFHegQbKVflGV7tE
CWnpFIxnQ+XkDP4q5gX2Xa2YeNbYlLx2UX+XO5dZacFP2/HHBwSn
-----END CERTIFICATE-----