Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/m_ovUsLqqpp7H0uXhvn428TBx40.roa
File:                     m_ovUsLqqpp7H0uXhvn428TBx40.roa (raw, json)
Hash identifier:          d1zfcjVp6OWQCKPNB5rlU/TobZSBt0f8TRcZp54h7Eo=
Subject key identifier:   9B:FA:2F:52:C2:EA:AA:9A:7B:1F:4B:97:86:F9:F8:DB:C4:C1:C7:8D
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       0197B0FA9906FC1DF4E61225550DC8E305D5
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/m_ovUsLqqpp7H0uXhvn428TBx40.roa
Signing time:             Fri 27 Jun 2025 10:41:42 +0000
ROA not before:           Fri 27 Jun 2025 10:41:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210926
IP address blocks:        103.27.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b0:fa:99:06:fc:1d:f4:e6:12:25:55:0d:c8:e3:05:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Jun 27 10:41:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9bfa2f52c2eaaa9a7b1f4b9786f9f8dbc4c1c78d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:18:dd:d1:13:b7:c3:61:3e:56:2b:a0:01:98:
                    af:9a:0d:76:64:db:18:0b:3c:11:5f:5d:14:72:a2:
                    a8:ca:cd:7b:af:83:98:c5:02:24:e3:4e:fd:97:02:
                    2f:65:d3:90:6a:83:95:e6:cf:a2:3e:a8:8d:95:1b:
                    e0:c9:bf:44:09:dc:67:36:39:75:04:33:e9:79:e6:
                    19:14:45:53:2c:2b:7a:27:1a:05:3a:2e:96:d4:f2:
                    05:a5:e2:77:23:2d:e2:8b:92:82:c2:7e:34:63:56:
                    4b:c7:de:7c:b2:17:ce:03:9f:fd:6f:c6:89:ef:ff:
                    8e:13:fb:85:cd:fe:0b:45:2b:cc:32:57:ed:ca:bb:
                    dc:57:80:24:c6:a5:3a:a8:42:d3:82:5d:bf:88:6a:
                    3e:43:56:1e:d7:8f:80:5c:33:dc:1e:81:7b:67:ca:
                    e7:47:a2:42:c0:19:db:c2:51:d8:20:0c:c4:12:f0:
                    69:0d:88:56:a4:95:4f:ff:5b:cd:83:b0:3f:40:cc:
                    64:26:76:8d:2e:97:3c:99:2e:be:1b:51:c6:08:bd:
                    d5:4e:17:ad:32:58:da:6f:d2:9a:37:39:35:00:19:
                    2b:e0:ad:2d:75:66:eb:59:53:55:13:68:1a:d3:1f:
                    7e:97:a3:c4:f3:41:63:1a:b4:98:d5:30:ae:40:29:
                    53:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:FA:2F:52:C2:EA:AA:9A:7B:1F:4B:97:86:F9:F8:DB:C4:C1:C7:8D
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/m_ovUsLqqpp7H0uXhvn428TBx40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.27.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:0c:39:70:7d:4f:07:39:76:0e:8b:57:d7:05:f9:e7:e3:a6:
         99:dd:85:8c:91:55:c0:12:e4:8e:74:08:25:d7:5d:e3:63:db:
         aa:c6:9b:df:92:30:5f:07:0e:81:c3:58:d1:30:0a:f7:72:7a:
         b4:aa:9c:a0:8d:6d:58:05:28:97:a6:a0:95:55:d6:fd:5d:df:
         00:5d:2f:07:c1:c7:54:6b:8e:c8:17:25:7f:73:0e:37:62:2c:
         bd:6f:ed:a5:4c:86:ae:d2:02:3f:fe:b4:ae:dd:4e:f0:22:5d:
         cc:b4:72:27:5c:f0:ac:98:4f:b6:91:97:2a:2c:21:18:73:f5:
         7e:fb:cf:69:c7:70:be:82:08:50:fc:c1:cd:08:8f:45:bf:6a:
         58:bf:46:16:a9:84:31:c9:3a:12:37:37:d6:c8:a7:40:2b:da:
         01:56:e2:77:29:c8:72:df:39:6a:a2:3d:38:b0:38:49:25:d1:
         5f:2e:68:b3:9d:88:aa:5f:0b:90:a5:9e:e6:ec:76:cc:d5:80:
         f3:a0:c7:3b:55:34:46:75:80:9a:73:6b:dd:17:20:fe:ba:73:
         4f:45:d2:42:0f:ca:00:f8:53:ac:18:7d:76:31:e9:59:d7:73:
         e8:cd:4b:7d:bd:41:1b:ed:25:50:c5:76:20:f4:7b:4a:24:ec:
         99:fb:d2:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZew+pkG/B305hIlVQ3I4wXVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjUwNjI3MTA0MTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmZhMmY1MmMyZWFhYTlhN2IxZjRiOTc4NmY5ZjhkYmM0YzFjNzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxjd0RO3w2E+ViugAZivmg12ZNsY
CzwRX10UcqKoys17r4OYxQIk4079lwIvZdOQaoOV5s+iPqiNlRvgyb9ECdxnNjl1
BDPpeeYZFEVTLCt6JxoFOi6W1PIFpeJ3Iy3ii5KCwn40Y1ZLx958shfOA5/9b8aJ
7/+OE/uFzf4LRSvMMlftyrvcV4AkxqU6qELTgl2/iGo+Q1Ye14+AXDPcHoF7Z8rn
R6JCwBnbwlHYIAzEEvBpDYhWpJVP/1vNg7A/QMxkJnaNLpc8mS6+G1HGCL3VThet
Mljab9KaNzk1ABkr4K0tdWbrWVNVE2ga0x9+l6PE80FjGrSY1TCuQClT5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJv6L1LC6qqaex9Ll4b5+NvEwceNMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvbV9vdlVzTHFxcHA3SDB1WGh2bjQyOFRCeDQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZxufMA0G
CSqGSIb3DQEBCwUAA4IBAQA8DDlwfU8HOXYOi1fXBfnn46aZ3YWMkVXAEuSOdAgl
113jY9uqxpvfkjBfBw6Bw1jRMAr3cnq0qpygjW1YBSiXpqCVVdb9Xd8AXS8HwcdU
a47IFyV/cw43Yiy9b+2lTIau0gI//rSu3U7wIl3MtHInXPCsmE+2kZcqLCEYc/V+
+89px3C+gghQ/MHNCI9Fv2pYv0YWqYQxyToSNzfWyKdAK9oBVuJ3Kchy3zlqoj04
sDhJJdFfLmiznYiqXwuQpZ7m7HbM1YDzoMc7VTRGdYCac2vdFyD+unNPRdJCD8oA
+FOsGH12MelZ13PozUt9vUEb7SVQxXYg9HtKJOyZ+9LD
-----END CERTIFICATE-----