Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/0AclDrZUi7dtUUmZp1e8WunVqX4.roa
File:                     0AclDrZUi7dtUUmZp1e8WunVqX4.roa (raw, json)
Hash identifier:          Xqx4j8SbCKDgBK28Xqh214Z8UGNZJ5W3jm/6A2EsJMc=
Subject key identifier:   D0:07:25:0E:B6:54:8B:B7:6D:51:49:99:A7:57:BC:5A:E9:D5:A9:7E
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01967BA0FE2C70D24408D791408C7837D4DD
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/0AclDrZUi7dtUUmZp1e8WunVqX4.roa
Signing time:             Mon 28 Apr 2025 09:01:10 +0000
ROA not before:           Mon 28 Apr 2025 09:01:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209702
IP address blocks:        103.73.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 17:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7b:a0:fe:2c:70:d2:44:08:d7:91:40:8c:78:37:d4:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr 28 09:01:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d007250eb6548bb76d514999a757bc5ae9d5a97e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:55:65:27:2d:1c:4f:6a:d7:8c:94:71:36:bc:
                    63:ae:fa:67:94:32:07:26:ab:fc:bc:3d:ec:9f:a7:
                    d1:88:df:e3:93:f9:ff:e8:58:77:8d:ed:e6:0a:fc:
                    4c:60:cb:37:79:66:fb:b1:0c:28:b1:e0:09:97:0f:
                    86:86:ae:7a:e0:93:83:a4:0c:3e:7e:e5:5f:24:43:
                    56:a9:0d:e3:9c:94:54:c8:a4:95:af:6b:6f:14:79:
                    79:64:b7:b2:b9:59:18:b6:cf:f0:47:f0:67:07:3a:
                    4d:a4:0d:ac:b7:10:bf:c8:99:d4:4c:74:56:22:a9:
                    25:32:bb:aa:cc:02:91:64:82:cf:46:2d:c1:9a:a9:
                    09:15:a9:7f:a8:98:37:4c:7c:a7:98:16:e7:14:f5:
                    72:f9:5a:f1:58:e5:e8:b5:4b:3a:1f:fd:d5:6d:1e:
                    63:ed:20:97:84:e5:c0:67:a3:e1:46:c6:ca:92:ba:
                    fb:c7:ff:a0:2a:08:7f:1e:ea:05:6e:80:77:db:a7:
                    5a:e2:41:ea:86:a2:24:45:e9:80:e7:ed:f2:e1:e9:
                    3a:2f:4f:d5:5f:8e:40:cc:de:6f:2f:6f:1b:bf:53:
                    65:db:82:52:96:25:30:3f:bc:cd:cf:55:89:ff:8e:
                    24:a7:bf:fc:b8:68:7c:0a:f1:f9:c9:ea:f1:87:08:
                    ae:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:07:25:0E:B6:54:8B:B7:6D:51:49:99:A7:57:BC:5A:E9:D5:A9:7E
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/0AclDrZUi7dtUUmZp1e8WunVqX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.73.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:e7:a2:a4:9c:b0:d9:51:23:c4:56:d8:4e:8a:9e:cc:d3:0b:
         f9:7a:e2:fc:ff:fe:e1:9c:4a:19:69:c3:27:38:55:25:9d:72:
         8c:fe:0c:16:24:1d:02:85:e8:f8:eb:10:71:89:7f:29:1b:80:
         e4:a4:25:d6:52:d0:1f:f1:0d:34:77:55:87:e5:db:c7:98:e9:
         e7:f8:5c:3b:7c:3a:fb:f9:87:4e:da:49:9c:94:b4:d4:91:7d:
         09:1c:59:9e:8e:81:7f:79:b8:0d:2a:3d:47:d7:b6:e2:1e:32:
         03:a4:a1:be:60:f5:14:cb:13:07:bd:fe:32:03:3b:a3:d7:48:
         74:80:73:0f:e3:e6:a7:6d:43:91:fb:99:9a:4b:40:11:e1:63:
         67:47:35:53:dd:5a:2a:76:f9:b0:76:ae:16:88:3e:67:8b:0d:
         73:73:f7:6e:51:66:f3:4a:a1:81:f2:66:89:ae:db:7a:ee:8a:
         68:2d:9b:de:a5:a4:48:c4:71:4a:4a:62:f2:5d:b5:57:a4:6c:
         96:49:1e:ca:4a:5a:96:dc:fb:ad:9d:cc:cf:6c:43:57:ea:a5:
         38:fe:f8:e7:68:4b:2d:66:e1:d9:5e:ca:9d:88:80:55:cc:45:
         2a:42:95:fb:84:f9:5d:fc:b4:5f:18:a5:14:dd:4b:3d:f5:5f:
         23:85:41:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ7oP4scNJECNeRQIx4N9TdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwNDI4MDkwMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDA3MjUwZWI2NTQ4YmI3NmQ1MTQ5OTlhNzU3YmM1YWU5ZDVhOTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVVlJy0cT2rXjJRxNrxjrvpnlDIH
Jqv8vD3sn6fRiN/jk/n/6Fh3je3mCvxMYMs3eWb7sQwoseAJlw+Ghq564JODpAw+
fuVfJENWqQ3jnJRUyKSVr2tvFHl5ZLeyuVkYts/wR/BnBzpNpA2stxC/yJnUTHRW
IqklMruqzAKRZILPRi3BmqkJFal/qJg3THynmBbnFPVy+VrxWOXotUs6H/3VbR5j
7SCXhOXAZ6PhRsbKkrr7x/+gKgh/HuoFboB326da4kHqhqIkRemA5+3y4ek6L0/V
X45AzN5vL28bv1Nl24JSliUwP7zNz1WJ/44kp7/8uGh8CvH5yerxhwiuxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNAHJQ62VIu3bVFJmadXvFrp1al+MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvMEFjbERyWlVpN2R0VVVtWnAxZThXdW5WcVg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ0kiMA0G
CSqGSIb3DQEBCwUAA4IBAQAw56KknLDZUSPEVthOip7M0wv5euL8//7hnEoZacMn
OFUlnXKM/gwWJB0Chej46xBxiX8pG4DkpCXWUtAf8Q00d1WH5dvHmOnn+Fw7fDr7
+YdO2kmclLTUkX0JHFmejoF/ebgNKj1H17biHjIDpKG+YPUUyxMHvf4yAzuj10h0
gHMP4+anbUOR+5maS0AR4WNnRzVT3Voqdvmwdq4WiD5niw1zc/duUWbzSqGB8maJ
rtt67opoLZvepaRIxHFKSmLyXbVXpGyWSR7KSlqW3PutnczPbENX6qU4/vjnaEst
ZuHZXsqdiIBVzEUqQpX7hPld/LRfGKUU3Us99V8jhUEa
-----END CERTIFICATE-----