Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/k2cy-dpR9M4bnBgU53KrEJqTZ6Q.roa
File:                     k2cy-dpR9M4bnBgU53KrEJqTZ6Q.roa (raw, json)
Hash identifier:          8tyXNOmPdOoM3Bxwfs7taxKxeuKoZ5xeHwq+hSOSI5I=
Subject key identifier:   93:67:32:F9:DA:51:F4:CE:1B:9C:18:14:E7:72:AB:10:9A:93:67:A4
Certificate issuer:       /CN=70e5b30272e43053208978dbe44bfee10a5d007e
Certificate serial:       01966C010D24A230DE22DFD564B098D33AAB
Authority key identifier: 70:E5:B3:02:72:E4:30:53:20:89:78:DB:E4:4B:FE:E1:0A:5D:00:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/k2cy-dpR9M4bnBgU53KrEJqTZ6Q.roa
Signing time:             Fri 25 Apr 2025 08:12:10 +0000
ROA not before:           Fri 25 Apr 2025 08:12:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44051
IP address blocks:        103.75.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 18:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:01:0d:24:a2:30:de:22:df:d5:64:b0:98:d3:3a:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70e5b30272e43053208978dbe44bfee10a5d007e
        Validity
            Not Before: Apr 25 08:12:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=936732f9da51f4ce1b9c1814e772ab109a9367a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:8e:46:c0:5d:d1:3b:0a:f5:0a:c2:8f:c8:e4:
                    70:08:c8:95:56:40:1b:c1:3d:f2:e9:9d:92:63:31:
                    62:04:82:24:45:e1:65:6e:70:35:80:a0:25:fc:76:
                    d6:b2:43:82:00:c2:5c:95:3b:ff:10:35:6d:3b:98:
                    51:44:c5:9d:b4:d5:28:ef:c2:99:a6:8a:3a:72:f5:
                    76:dd:67:98:b8:97:4a:3e:fe:e6:2f:d3:1f:69:30:
                    a9:88:36:69:9c:4b:8c:6a:35:5b:3a:10:14:8e:fc:
                    4b:ec:89:45:53:a0:44:4d:f0:4b:8a:a2:36:c4:7b:
                    34:f8:b5:f7:eb:1c:20:d2:35:b1:d4:a9:97:c2:62:
                    6f:05:26:66:02:21:b9:61:94:52:84:95:25:11:e2:
                    d5:02:09:f4:3c:94:ff:00:3d:8e:da:c6:79:6a:0b:
                    95:9c:db:6e:fe:fb:64:7a:a0:cc:9e:27:99:45:e4:
                    ab:3b:3b:8d:fc:e5:ff:bb:cc:c1:96:1b:1e:b5:5b:
                    b4:62:92:00:b6:37:ce:ba:c9:33:e9:4b:a5:ba:18:
                    c5:f0:b6:bb:7d:65:4f:0f:11:cf:89:cc:bc:e6:88:
                    ee:e7:66:80:9a:28:80:a5:6f:70:89:20:1a:fa:3c:
                    0d:3e:94:39:e7:89:1f:1a:43:45:cc:4a:49:3b:ce:
                    37:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:67:32:F9:DA:51:F4:CE:1B:9C:18:14:E7:72:AB:10:9A:93:67:A4
            X509v3 Authority Key Identifier:
                keyid:70:E5:B3:02:72:E4:30:53:20:89:78:DB:E4:4B:FE:E1:0A:5D:00:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/k2cy-dpR9M4bnBgU53KrEJqTZ6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.75.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:dc:03:db:0e:40:17:b8:64:69:8d:22:0f:52:49:60:dc:e6:
         a0:69:26:20:45:30:30:cb:e5:a8:7f:41:a2:2d:97:ea:c8:b4:
         bb:77:72:07:a4:8b:ed:67:39:62:29:b3:e5:3e:a5:75:09:8c:
         84:79:3c:89:3b:9e:8a:46:03:33:3f:f6:75:b8:c2:31:a1:f8:
         1e:f5:ff:6f:a1:f0:bc:3b:a9:18:f3:b3:ce:8c:bd:37:d0:43:
         a2:3a:9f:b4:b7:2b:ae:07:4d:97:fc:74:70:be:4c:e3:88:22:
         f5:eb:f7:ef:60:4b:cc:d5:9a:b9:98:e5:bd:d7:26:45:17:42:
         9f:72:3e:b8:c0:14:4d:31:07:bf:f6:71:2a:d1:cf:2e:ab:e9:
         d3:0d:95:4d:0f:27:62:99:8e:7a:6e:0c:1f:77:29:fa:cc:01:
         6b:c8:cc:b5:95:43:5c:69:16:c8:88:2b:5b:76:40:d5:86:04:
         aa:b5:d0:6b:a6:d8:39:35:75:b9:b0:ee:69:d4:11:a6:3c:91:
         5d:f1:19:04:af:98:6e:55:62:cf:69:49:1e:2c:55:eb:87:d5:
         af:38:0e:7f:3d:14:a6:84:3e:0d:15:30:20:c6:24:28:7d:aa:
         bc:aa:47:c3:94:a2:4e:61:2a:e5:82:1d:89:fa:ea:65:e8:38:
         d4:c6:d2:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZsAQ0kojDeIt/VZLCY0zqrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZTViMzAyNzJlNDMwNTMyMDg5NzhkYmU0NGJmZWUxMGE1
ZDAwN2UwHhcNMjUwNDI1MDgxMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzY3MzJmOWRhNTFmNGNlMWI5YzE4MTRlNzcyYWIxMDlhOTM2N2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0o5GwF3ROwr1CsKPyORwCMiVVkAb
wT3y6Z2SYzFiBIIkReFlbnA1gKAl/HbWskOCAMJclTv/EDVtO5hRRMWdtNUo78KZ
poo6cvV23WeYuJdKPv7mL9MfaTCpiDZpnEuMajVbOhAUjvxL7IlFU6BETfBLiqI2
xHs0+LX36xwg0jWx1KmXwmJvBSZmAiG5YZRShJUlEeLVAgn0PJT/AD2O2sZ5aguV
nNtu/vtkeqDMnieZReSrOzuN/OX/u8zBlhsetVu0YpIAtjfOuskz6UuluhjF8La7
fWVPDxHPicy85oju52aAmiiApW9wiSAa+jwNPpQ554kfGkNFzEpJO843OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJNnMvnaUfTOG5wYFOdyqxCak2ekMB8GA1UdIwQY
MBaAFHDlswJy5DBTIIl42+RL/uEKXQB+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY09XekFuTGtNRk1naVhqYjVFdi00UXBkQUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8yMmYxZDUtZjI2OS00ZjRmLWJmOGEt
MWZiYzY0MWI1MGIxLzEvazJjeS1kcFI5TTRibkJnVTUzS3JFSnFUWjZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8yMmYxZDUtZjI2OS00ZjRmLWJmOGEtMWZiYzY0MWI1MGIx
LzEvY09XekFuTGtNRk1naVhqYjVFdi00UXBkQUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ0t/MA0G
CSqGSIb3DQEBCwUAA4IBAQA93APbDkAXuGRpjSIPUklg3OagaSYgRTAwy+Wof0Gi
LZfqyLS7d3IHpIvtZzliKbPlPqV1CYyEeTyJO56KRgMzP/Z1uMIxofge9f9vofC8
O6kY87POjL030EOiOp+0tyuuB02X/HRwvkzjiCL16/fvYEvM1Zq5mOW91yZFF0Kf
cj64wBRNMQe/9nEq0c8uq+nTDZVNDydimY56bgwfdyn6zAFryMy1lUNcaRbIiCtb
dkDVhgSqtdBrptg5NXW5sO5p1BGmPJFd8RkEr5huVWLPaUkeLFXrh9WvOA5/PRSm
hD4NFTAgxiQofaq8qkfDlKJOYSrlgh2J+upl6DjUxtJ2
-----END CERTIFICATE-----