Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/5-QMYbv6g-FN-fdVOJNV1HH1m6M.roa
File:                     5-QMYbv6g-FN-fdVOJNV1HH1m6M.roa (raw, json)
Hash identifier:          xV1NRgYtEODMWOlzwhSaxIa7QyWEWgoeYdySvkmH+s4=
Subject key identifier:   E7:E4:0C:61:BB:FA:83:E1:4D:F9:F7:55:38:93:55:D4:71:F5:9B:A3
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       01966E4669CB3578BE75DC9F5AC6E3DCF1ED
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/5-QMYbv6g-FN-fdVOJNV1HH1m6M.roa
Signing time:             Fri 25 Apr 2025 18:47:10 +0000
ROA not before:           Fri 25 Apr 2025 18:47:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213990
IP address blocks:        103.27.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 12:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6e:46:69:cb:35:78:be:75:dc:9f:5a:c6:e3:dc:f1:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Apr 25 18:47:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7e40c61bbfa83e14df9f755389355d471f59ba3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:7a:0d:62:6c:4a:46:61:66:80:76:eb:3c:29:
                    c6:32:5a:74:f9:5e:ad:55:20:be:b3:89:ab:1f:d3:
                    da:e6:af:9f:bc:c5:12:9e:a8:d4:0c:71:49:6f:61:
                    df:1f:ff:e4:62:f5:ee:79:35:b3:f0:09:00:ea:42:
                    3e:2d:84:a9:59:28:ca:f9:06:79:46:88:b8:8d:d7:
                    50:3d:9a:ba:13:31:40:69:cb:e3:fe:fb:cb:8e:dd:
                    da:ee:d8:39:d1:40:15:28:2c:88:56:0a:48:ee:9e:
                    7f:90:d0:d2:45:8c:d6:7b:32:4b:bb:03:09:f7:80:
                    bf:76:99:52:7d:a4:8a:5c:34:5e:02:17:45:aa:24:
                    e1:45:94:0e:5d:ba:ec:8d:3c:da:9d:ae:82:b6:01:
                    7b:2f:52:a9:02:21:46:28:dc:31:25:9a:d8:4a:3c:
                    6b:e3:fe:05:05:ec:0a:c6:cd:45:65:83:a4:5d:df:
                    d0:4d:fa:63:d1:bb:59:f5:73:0d:69:c0:e9:21:c5:
                    c0:6d:e6:b8:a0:b4:ef:4d:92:ea:03:3c:0b:28:19:
                    41:e3:83:fd:8b:66:0c:e8:25:57:a3:ad:44:48:86:
                    08:9b:4f:5a:93:ec:b8:6a:33:f7:1b:ee:83:d8:95:
                    30:9b:dd:c7:5f:c2:c4:38:8a:b3:8f:a5:79:48:e6:
                    8d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:E4:0C:61:BB:FA:83:E1:4D:F9:F7:55:38:93:55:D4:71:F5:9B:A3
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/5-QMYbv6g-FN-fdVOJNV1HH1m6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.27.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:57:67:5d:87:79:5f:44:8d:85:dd:db:7b:29:72:53:7a:ba:
         fa:18:99:cc:07:54:e8:d0:4d:73:c7:b9:75:68:ae:84:5e:6c:
         64:59:a8:a4:25:72:cc:bb:43:54:61:51:37:5c:44:70:67:c5:
         f4:b2:83:21:82:d0:96:38:fa:c3:41:39:ec:71:a3:24:3b:9f:
         31:7b:e2:aa:9a:61:b9:4a:99:86:0c:87:a8:a4:fa:45:39:70:
         6e:42:b9:04:bf:a4:44:29:04:8f:29:f0:8d:6c:41:9a:44:3a:
         37:9c:24:ad:77:d4:e4:0e:6d:66:54:7f:71:dd:10:1f:8a:a1:
         12:d5:3f:75:92:c2:25:e0:d4:69:01:22:76:38:c6:19:f5:6e:
         ba:aa:13:45:12:44:df:15:83:25:55:44:ce:81:2a:ee:cc:a6:
         6c:16:01:b4:14:99:fb:77:f3:24:b7:c4:5f:30:0b:cd:b1:b5:
         0c:62:04:a4:93:27:77:9a:4d:a5:65:f3:90:b9:1d:97:15:a4:
         31:70:9a:53:10:bf:67:63:e8:69:07:a3:d2:eb:31:d4:76:ec:
         e9:50:4e:87:4a:77:d8:e4:68:51:f8:d0:14:5f:1d:50:d9:a8:
         98:24:ea:26:23:c0:70:9a:0f:ba:7d:92:ed:b0:9e:9b:6d:58:
         59:44:dc:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZuRmnLNXi+ddyfWsbj3PHtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjUwNDI1MTg0NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2U0MGM2MWJiZmE4M2UxNGRmOWY3NTUzODkzNTVkNDcxZjU5YmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHoNYmxKRmFmgHbrPCnGMlp0+V6t
VSC+s4mrH9Pa5q+fvMUSnqjUDHFJb2HfH//kYvXueTWz8AkA6kI+LYSpWSjK+QZ5
Roi4jddQPZq6EzFAacvj/vvLjt3a7tg50UAVKCyIVgpI7p5/kNDSRYzWezJLuwMJ
94C/dplSfaSKXDReAhdFqiThRZQOXbrsjTzana6CtgF7L1KpAiFGKNwxJZrYSjxr
4/4FBewKxs1FZYOkXd/QTfpj0btZ9XMNacDpIcXAbea4oLTvTZLqAzwLKBlB44P9
i2YM6CVXo61ESIYIm09ak+y4ajP3G+6D2JUwm93HX8LEOIqzj6V5SOaNYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOfkDGG7+oPhTfn3VTiTVdRx9ZujMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvNS1RTVlidjZnLUZOLWZkVk9KTlYxSEgxbTZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZxueMA0G
CSqGSIb3DQEBCwUAA4IBAQBAV2ddh3lfRI2F3dt7KXJTerr6GJnMB1To0E1zx7l1
aK6EXmxkWaikJXLMu0NUYVE3XERwZ8X0soMhgtCWOPrDQTnscaMkO58xe+KqmmG5
SpmGDIeopPpFOXBuQrkEv6REKQSPKfCNbEGaRDo3nCStd9TkDm1mVH9x3RAfiqES
1T91ksIl4NRpASJ2OMYZ9W66qhNFEkTfFYMlVUTOgSruzKZsFgG0FJn7d/Mkt8Rf
MAvNsbUMYgSkkyd3mk2lZfOQuR2XFaQxcJpTEL9nY+hpB6PS6zHUduzpUE6HSnfY
5GhR+NAUXx1Q2aiYJOomI8Bwmg+6fZLtsJ6bbVhZRNyF
-----END CERTIFICATE-----