Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/L1kVVDEFzLMskbG6GJyreD_W07s.roa
File:                     L1kVVDEFzLMskbG6GJyreD_W07s.roa (raw, json)
Hash identifier:          5dzD1L/ZuTcph/ZKFVQ3aoYa39ekNirKhm0sj0J3s7Y=
Subject key identifier:   2F:59:15:54:31:05:CC:B3:2C:91:B1:BA:18:9C:AB:78:3F:D6:D3:BB
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       0196B47111A2180389D2711C67260AA0F452
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/L1kVVDEFzLMskbG6GJyreD_W07s.roa
Signing time:             Fri 09 May 2025 09:47:10 +0000
ROA not before:           Fri 09 May 2025 09:47:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62563
IP address blocks:        103.102.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b4:71:11:a2:18:03:89:d2:71:1c:67:26:0a:a0:f4:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: May  9 09:47:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f5915543105ccb32c91b1ba189cab783fd6d3bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:75:7b:4f:49:7c:13:f1:f1:f7:02:a2:5f:e3:
                    87:b7:71:0d:ca:10:39:4f:43:5e:c9:1e:d7:66:16:
                    5b:85:3f:37:a8:7a:b5:97:26:33:ee:61:b2:61:ff:
                    f6:dd:81:02:45:73:ac:4d:8b:49:86:62:cd:d5:e1:
                    65:85:5d:7a:9d:90:d0:bf:ef:9f:63:d2:11:af:cb:
                    1e:e4:f2:de:ad:24:b2:e7:18:99:8c:ef:e0:31:9f:
                    62:36:1e:00:f1:09:ad:95:69:bf:ae:9c:85:bc:d6:
                    e6:a1:c7:7a:c3:bb:26:0b:8f:c3:1b:dc:b1:d5:35:
                    f8:fe:a5:68:cf:b4:83:89:02:90:4d:28:dc:a6:c5:
                    57:77:c8:a7:77:fc:64:7b:3f:ee:3e:49:dc:06:fd:
                    50:3e:c9:58:21:99:fd:8d:7d:15:a0:4e:33:d9:fa:
                    15:c6:29:64:ce:3c:94:79:74:c8:8c:df:7c:63:be:
                    68:16:83:01:e3:df:14:f7:e6:0e:50:a0:a6:ea:15:
                    37:68:46:03:be:a2:49:fd:83:d6:dc:69:0e:43:32:
                    37:be:b5:65:cd:03:ef:50:1b:74:8b:70:2e:dd:62:
                    a9:4c:a3:39:a4:fd:7f:8f:48:eb:ab:c5:ff:4a:72:
                    e2:a9:ef:3e:5f:eb:47:de:26:a4:15:b9:5d:da:6a:
                    28:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:59:15:54:31:05:CC:B3:2C:91:B1:BA:18:9C:AB:78:3F:D6:D3:BB
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/L1kVVDEFzLMskbG6GJyreD_W07s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.102.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:09:68:8d:0f:c2:31:6a:85:bd:33:56:41:8d:74:69:5f:77:
         c3:7a:c7:09:b6:99:42:25:70:1c:92:50:17:5b:85:4c:3f:86:
         d0:f8:43:96:a3:ba:a0:27:74:dd:39:62:d4:45:68:8c:94:76:
         14:db:ee:a8:66:b8:bb:c8:21:06:70:28:cc:e6:ee:8e:89:91:
         ed:f6:eb:ad:d7:08:55:45:5b:48:78:67:a2:6f:79:74:a7:c0:
         8f:a2:90:09:c7:3e:f6:e8:94:09:fd:d8:8f:fb:62:21:c9:00:
         2c:da:b1:dd:e8:3a:12:0f:d3:9f:36:36:3b:96:71:55:16:12:
         b1:2c:c7:ec:8f:95:fd:7d:64:7b:e0:59:c4:b4:58:d0:40:9e:
         d9:b7:3f:43:9e:f3:3d:e3:89:c7:79:f9:a2:93:57:d0:b2:23:
         ab:46:f5:d6:18:75:c0:c1:7d:23:e1:ec:78:79:fe:9d:ab:b4:
         cd:7b:20:22:d6:0e:7e:5e:a9:41:37:13:3b:00:03:7b:45:09:
         b6:00:16:f2:ba:c6:9c:5b:be:89:59:8f:97:72:cf:ce:1f:e9:
         44:59:f8:12:34:4a:72:04:8b:31:3a:fa:d6:a2:66:bf:16:a5:
         8e:27:29:d5:0b:38:2e:d6:cb:b5:b6:5e:c3:ce:9c:21:a4:65:
         b4:b6:55:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa0cRGiGAOJ0nEcZyYKoPRSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjUwNTA5MDk0NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjU5MTU1NDMxMDVjY2IzMmM5MWIxYmExODljYWI3ODNmZDZkM2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4HV7T0l8E/Hx9wKiX+OHt3ENyhA5
T0NeyR7XZhZbhT83qHq1lyYz7mGyYf/23YECRXOsTYtJhmLN1eFlhV16nZDQv++f
Y9IRr8se5PLerSSy5xiZjO/gMZ9iNh4A8QmtlWm/rpyFvNbmocd6w7smC4/DG9yx
1TX4/qVoz7SDiQKQTSjcpsVXd8ind/xkez/uPkncBv1QPslYIZn9jX0VoE4z2foV
xilkzjyUeXTIjN98Y75oFoMB498U9+YOUKCm6hU3aEYDvqJJ/YPW3GkOQzI3vrVl
zQPvUBt0i3Au3WKpTKM5pP1/j0jrq8X/SnLiqe8+X+tH3iakFbld2mooUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC9ZFVQxBcyzLJGxuhicq3g/1tO7MB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEvTDFrVlZERUZ6TE1za2JHNkdKeXJlRF9XMDdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ2bmMA0G
CSqGSIb3DQEBCwUAA4IBAQCWCWiND8IxaoW9M1ZBjXRpX3fDescJtplCJXAcklAX
W4VMP4bQ+EOWo7qgJ3TdOWLURWiMlHYU2+6oZri7yCEGcCjM5u6OiZHt9uut1whV
RVtIeGeib3l0p8CPopAJxz726JQJ/diP+2IhyQAs2rHd6DoSD9OfNjY7lnFVFhKx
LMfsj5X9fWR74FnEtFjQQJ7Ztz9DnvM944nHefmik1fQsiOrRvXWGHXAwX0j4ex4
ef6dq7TNeyAi1g5+XqlBNxM7AAN7RQm2ABbyusacW76JWY+Xcs/OH+lEWfgSNEpy
BIsxOvrWoma/FqWOJynVCzgu1su1tl7DzpwhpGW0tlUx
-----END CERTIFICATE-----