Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/7nqYSNRgpsvM-UlPtwo-uw5JdC8.roa
File:                     7nqYSNRgpsvM-UlPtwo-uw5JdC8.roa (raw, json)
Hash identifier:          zbZzHQxFPE9nkpfPwYSh1rCa28pAH7nN65AJIuORwmA=
Subject key identifier:   EE:7A:98:48:D4:60:A6:CB:CC:F9:49:4F:B7:0A:3E:BB:0E:49:74:2F
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       01967C6E11E76F7DD3BF68B08A5D27C65163
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/7nqYSNRgpsvM-UlPtwo-uw5JdC8.roa
Signing time:             Mon 28 Apr 2025 12:45:10 +0000
ROA not before:           Mon 28 Apr 2025 12:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        103.27.156.0/24 maxlen: 24
                          103.27.157.0/24 maxlen: 24
                          103.31.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 16:14:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:6e:11:e7:6f:7d:d3:bf:68:b0:8a:5d:27:c6:51:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Apr 28 12:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee7a9848d460a6cbccf9494fb70a3ebb0e49742f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:2f:20:65:7d:9e:41:c0:b8:95:76:76:17:c7:
                    2d:72:d0:4d:3b:7d:50:21:bf:05:ab:82:bd:6a:43:
                    ac:9a:83:a7:e5:cf:8e:71:0a:d3:9d:83:70:58:b8:
                    96:a0:c9:d5:af:07:8d:da:76:22:6c:22:ea:8c:1f:
                    01:74:af:2b:f8:ab:9d:7c:b5:da:be:b3:e5:81:d7:
                    b9:76:af:79:d4:d5:cd:4e:0a:0d:95:86:48:e6:8b:
                    9c:14:be:9c:91:0b:a4:ed:36:18:a6:ac:03:8a:c4:
                    63:45:f9:f9:20:68:bc:70:cd:ae:de:9e:3c:41:8a:
                    a2:84:fa:2f:52:9a:e1:d4:ca:b9:72:1b:79:cc:32:
                    19:f0:10:ac:bc:cf:71:00:30:38:e1:66:d7:0d:0c:
                    13:e6:f9:e6:72:b8:dc:f1:8c:06:54:c2:c1:08:f2:
                    b6:b8:33:e1:94:1e:ba:02:65:c5:1f:16:01:69:5e:
                    d3:81:8a:74:3c:f2:63:78:a9:4f:20:6e:1e:a7:61:
                    ef:15:93:8b:74:94:5a:0a:70:3c:41:f0:5f:df:63:
                    be:f2:2e:f9:bf:2d:db:f5:f5:85:5e:72:49:5b:bc:
                    1f:70:9e:35:c9:c8:97:d3:fd:fa:9a:d2:5e:80:fb:
                    39:23:19:8f:d0:c8:3a:a6:2a:4f:b9:3c:13:b4:44:
                    9c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:7A:98:48:D4:60:A6:CB:CC:F9:49:4F:B7:0A:3E:BB:0E:49:74:2F
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/7nqYSNRgpsvM-UlPtwo-uw5JdC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.27.156.0/23
                  103.31.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:22:30:2f:24:ca:bc:79:26:33:23:e9:43:a1:2b:5f:8c:1c:
         0f:db:58:fb:46:74:4b:e1:50:17:d0:64:5b:a7:b5:42:2c:0a:
         6a:5d:8e:3c:7d:96:3e:0f:c8:e5:49:f8:79:3f:74:48:f8:bb:
         15:82:c4:5e:60:c8:9a:cd:9e:49:af:4a:1a:bc:40:9e:10:ca:
         4a:df:b7:25:9d:81:53:c2:df:53:18:9f:0d:8f:de:11:2a:2b:
         43:c3:f1:8c:13:8c:78:05:ed:bb:76:82:06:3a:05:d9:d0:d0:
         d2:e6:91:d4:62:d3:9c:ca:84:39:8e:ab:db:19:be:c8:46:a4:
         d8:18:0d:ed:00:04:0f:e9:13:1f:8e:d0:f2:fd:da:c8:c4:c3:
         5b:37:14:2b:89:ba:e4:9f:e8:f3:c6:f7:b4:1c:13:1c:ed:2f:
         71:8f:2d:8b:42:26:f0:24:70:6a:cd:35:7d:9e:79:28:3a:c2:
         5e:42:b2:13:0e:c5:e3:08:f5:4f:ec:fb:89:eb:3e:e3:e8:3b:
         37:a4:6f:5b:1b:39:32:28:c0:f0:90:a4:c4:84:91:06:5a:38:
         ea:93:54:60:7e:18:64:f1:2c:ab:cf:97:76:61:27:9e:f6:3c:
         f1:75:05:c6:04:db:ee:e9:a7:16:9e:f9:8d:53:52:5b:68:ab:
         aa:e8:36:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZ8bhHnb33Tv2iwil0nxlFjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjUwNDI4MTI0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTdhOTg0OGQ0NjBhNmNiY2NmOTQ5NGZiNzBhM2ViYjBlNDk3NDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkS8gZX2eQcC4lXZ2F8ctctBNO31Q
Ib8Fq4K9akOsmoOn5c+OcQrTnYNwWLiWoMnVrweN2nYibCLqjB8BdK8r+KudfLXa
vrPlgde5dq951NXNTgoNlYZI5oucFL6ckQuk7TYYpqwDisRjRfn5IGi8cM2u3p48
QYqihPovUprh1Mq5cht5zDIZ8BCsvM9xADA44WbXDQwT5vnmcrjc8YwGVMLBCPK2
uDPhlB66AmXFHxYBaV7TgYp0PPJjeKlPIG4ep2HvFZOLdJRaCnA8QfBf32O+8i75
vy3b9fWFXnJJW7wfcJ41yciX0/36mtJegPs5IxmP0Mg6pipPuTwTtESc9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO56mEjUYKbLzPlJT7cKPrsOSXQvMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvN25xWVNOUmdwc3ZNLVVsUHR3by11dzVKZEM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBZxucAwQA
Zx9MMA0GCSqGSIb3DQEBCwUAA4IBAQCJIjAvJMq8eSYzI+lDoStfjBwP21j7RnRL
4VAX0GRbp7VCLApqXY48fZY+D8jlSfh5P3RI+LsVgsReYMiazZ5Jr0oavECeEMpK
37clnYFTwt9TGJ8Nj94RKitDw/GME4x4Be27doIGOgXZ0NDS5pHUYtOcyoQ5jqvb
Gb7IRqTYGA3tAAQP6RMfjtDy/drIxMNbNxQribrkn+jzxve0HBMc7S9xjy2LQibw
JHBqzTV9nnkoOsJeQrITDsXjCPVP7PuJ6z7j6Ds3pG9bGzkyKMDwkKTEhJEGWjjq
k1Rgfhhk8Syrz5d2YSee9jzxdQXGBNvu6acWnvmNU1JbaKuq6DZk
-----END CERTIFICATE-----