Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/TatL9OoUWxXZgHGxaDUj4GDLE9o.roa
File:                     TatL9OoUWxXZgHGxaDUj4GDLE9o.roa (raw, json)
Hash identifier:          +7WpBtxQIB4QfQxia/0uvzsc5xW01CueIK7yUh8b2As=
Subject key identifier:   4D:AB:4B:F4:EA:14:5B:15:D9:80:71:B1:68:35:23:E0:60:CB:13:DA
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       01965C9C9FAA4F62B6FF3EC927CC37605585
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/TatL9OoUWxXZgHGxaDUj4GDLE9o.roa
Signing time:             Tue 22 Apr 2025 08:28:10 +0000
ROA not before:           Tue 22 Apr 2025 08:28:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33652
IP address blocks:        103.31.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 14:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5c:9c:9f:aa:4f:62:b6:ff:3e:c9:27:cc:37:60:55:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Apr 22 08:28:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4dab4bf4ea145b15d98071b1683523e060cb13da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:20:99:c6:8b:b7:05:1b:3b:d7:2e:1b:b7:da:
                    a3:aa:49:56:f0:0d:4c:9c:e8:e7:88:3f:64:1c:fd:
                    2b:fd:76:a3:c0:47:81:76:5d:eb:1a:b0:7c:4e:a1:
                    a4:42:36:f8:4e:74:84:02:42:f3:06:51:71:88:f5:
                    1e:ea:49:14:b9:e2:6d:c1:02:a9:46:c6:41:6b:3d:
                    69:14:be:00:8d:3a:07:87:6a:72:70:d3:07:84:42:
                    cd:70:54:4a:ee:ee:09:0b:75:38:fb:02:45:3a:4c:
                    21:cb:0b:72:58:7e:2b:a4:85:1e:0a:7b:46:dd:94:
                    2b:eb:2f:e9:c4:83:e9:e5:74:ef:10:42:08:8d:06:
                    33:ac:f8:d2:e7:fc:6f:6c:a3:c3:ce:cd:fa:6f:ab:
                    62:fc:10:3d:c7:26:36:ad:e9:73:ad:8c:74:20:1d:
                    1b:44:5b:18:33:b3:1f:a1:b3:00:4b:08:3f:cd:7c:
                    a6:12:36:4a:72:83:15:a8:67:ef:42:8c:fa:24:6f:
                    a5:45:65:cf:b2:81:ac:50:9c:3b:87:45:8b:35:ae:
                    ed:97:03:f9:1e:05:3f:99:51:c9:03:0b:70:33:4e:
                    a1:f5:54:11:b9:8e:81:58:a1:d4:c5:1f:59:4d:27:
                    d9:46:9b:34:e4:49:9a:cb:b9:6d:28:39:63:ac:52:
                    13:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:AB:4B:F4:EA:14:5B:15:D9:80:71:B1:68:35:23:E0:60:CB:13:DA
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/TatL9OoUWxXZgHGxaDUj4GDLE9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.31.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:96:a1:58:6c:e5:de:e3:44:16:79:05:ab:d7:ac:26:0e:c0:
         f7:89:84:31:fc:61:36:6b:31:58:c4:3a:ab:a3:4c:e4:22:0d:
         09:e5:d7:1e:9a:a2:d5:9b:a3:d3:a4:15:35:9d:dc:b5:df:3c:
         d3:d3:49:65:45:2d:54:78:3b:f3:9c:d2:48:d3:37:95:cb:71:
         7e:54:43:f0:2f:ce:bb:f4:06:5c:fe:30:30:a2:f6:c9:01:94:
         01:4d:fb:aa:a6:c3:ef:19:e3:e7:00:2b:24:9f:3c:35:0a:08:
         0c:14:e1:9a:e5:d5:a9:10:ec:05:42:72:d2:58:60:75:b5:fa:
         7b:d7:ff:eb:d6:94:44:80:ee:e7:f8:10:7e:fb:e1:44:2a:4d:
         10:3f:36:e7:7c:1b:bb:7b:e8:40:ef:24:4c:06:cc:a4:76:4e:
         a7:8d:97:70:d2:4b:cd:06:7b:4b:d1:c6:a3:a3:7d:9e:ee:3c:
         e0:da:32:8e:c7:9e:6d:96:45:3e:b9:3a:41:70:c2:a0:10:74:
         d5:86:be:f7:dd:67:b1:8c:d5:07:62:32:7a:b0:94:1d:6c:96:
         c1:17:bb:c5:dd:4f:41:39:2e:c5:52:8e:d8:09:8b:38:77:f8:
         12:11:64:c1:0d:a4:85:de:c9:16:02:1d:fa:41:c6:06:af:46:
         16:b1:13:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZcnJ+qT2K2/z7JJ8w3YFWFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjUwNDIyMDgyODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGFiNGJmNGVhMTQ1YjE1ZDk4MDcxYjE2ODM1MjNlMDYwY2IxM2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSCZxou3BRs71y4bt9qjqklW8A1M
nOjniD9kHP0r/XajwEeBdl3rGrB8TqGkQjb4TnSEAkLzBlFxiPUe6kkUueJtwQKp
RsZBaz1pFL4AjToHh2pycNMHhELNcFRK7u4JC3U4+wJFOkwhywtyWH4rpIUeCntG
3ZQr6y/pxIPp5XTvEEIIjQYzrPjS5/xvbKPDzs36b6ti/BA9xyY2relzrYx0IB0b
RFsYM7MfobMASwg/zXymEjZKcoMVqGfvQoz6JG+lRWXPsoGsUJw7h0WLNa7tlwP5
HgU/mVHJAwtwM06h9VQRuY6BWKHUxR9ZTSfZRps05Emay7ltKDljrFITIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2rS/TqFFsV2YBxsWg1I+BgyxPaMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvVGF0TDlPb1VXeFhaZ0hHeGFEVWo0R0RMRTlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZx9OMA0G
CSqGSIb3DQEBCwUAA4IBAQDDlqFYbOXe40QWeQWr16wmDsD3iYQx/GE2azFYxDqr
o0zkIg0J5dcemqLVm6PTpBU1ndy13zzT00llRS1UeDvznNJI0zeVy3F+VEPwL867
9AZc/jAwovbJAZQBTfuqpsPvGePnACsknzw1CggMFOGa5dWpEOwFQnLSWGB1tfp7
1//r1pREgO7n+BB+++FEKk0QPzbnfBu7e+hA7yRMBsykdk6njZdw0kvNBntL0caj
o32e7jzg2jKOx55tlkU+uTpBcMKgEHTVhr733WexjNUHYjJ6sJQdbJbBF7vF3U9B
OS7FUo7YCYs4d/gSEWTBDaSF3skWAh36QcYGr0YWsRPv
-----END CERTIFICATE-----