Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/F-fyGTBuqlKt1ZXpKT6tMEyhBdU.roa
File:                     F-fyGTBuqlKt1ZXpKT6tMEyhBdU.roa (raw, json)
Hash identifier:          fkT+jWhOUWc+oH1Zse4+QvlvX3kXRbaO3zUZ86bKubE=
Subject key identifier:   17:E7:F2:19:30:6E:AA:52:AD:D5:95:E9:29:3E:AD:30:4C:A1:05:D5
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01975DEFAEA1C045FB594E813CBF58C3AB64
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/F-fyGTBuqlKt1ZXpKT6tMEyhBdU.roa
Signing time:             Wed 11 Jun 2025 07:41:18 +0000
ROA not before:           Wed 11 Jun 2025 07:41:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        103.245.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 17:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5d:ef:ae:a1:c0:45:fb:59:4e:81:3c:bf:58:c3:ab:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jun 11 07:41:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17e7f219306eaa52add595e9293ead304ca105d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:54:46:2e:3a:ab:f6:e7:ae:33:84:db:f4:11:
                    f1:a3:f2:c1:6b:7e:52:a4:88:3e:d1:13:c9:ae:ed:
                    1d:1b:4a:cb:0d:29:83:ed:49:4b:51:a2:12:aa:22:
                    c5:7e:57:6f:66:a5:b6:7f:ce:e5:3b:2a:7f:52:31:
                    e7:83:03:8b:bd:bb:b4:5e:d5:55:6a:6b:b2:66:c1:
                    f8:4c:ac:a0:a5:01:d1:e9:94:51:94:83:49:31:69:
                    1f:ac:c6:4a:f0:a6:5b:c5:66:6e:ca:30:ca:9f:51:
                    44:45:54:7c:cd:d6:48:2a:ff:37:10:86:9c:b9:c9:
                    87:11:9f:3b:cf:f9:3c:9e:cb:32:52:5e:5e:90:13:
                    c3:78:c7:e9:bf:03:46:1a:b8:bb:d4:2c:c9:36:76:
                    7c:98:43:26:4f:a4:c1:e5:f7:37:84:aa:8d:6b:d8:
                    79:1a:11:b7:f0:40:8b:91:95:bd:1c:e1:5f:49:3d:
                    3e:d9:f8:b5:f9:2f:bf:36:d2:ed:7f:78:ec:b0:e6:
                    07:c4:a6:10:c3:27:5d:ad:83:23:7f:96:47:5e:e3:
                    c2:15:69:fd:bc:93:84:88:28:52:19:14:f1:d2:d4:
                    3b:24:52:dd:6a:0e:2f:76:1a:fc:cb:f9:89:5c:58:
                    2a:e4:7f:e3:05:0f:b1:5e:00:b0:99:26:8d:bd:5c:
                    54:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:E7:F2:19:30:6E:AA:52:AD:D5:95:E9:29:3E:AD:30:4C:A1:05:D5
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/F-fyGTBuqlKt1ZXpKT6tMEyhBdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.245.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:98:5f:96:67:50:f4:8b:f2:ae:70:2f:f5:a8:47:0f:8f:4b:
         25:9e:fc:77:9c:87:0c:90:9e:d6:a7:84:29:7f:3e:d6:51:bd:
         ef:15:20:e5:f9:8e:9c:67:f9:9d:41:f7:d7:cb:4a:03:45:a7:
         6f:76:99:08:ac:68:a1:4e:a9:d0:ff:8d:c3:03:67:57:1d:68:
         f1:c5:51:c2:cb:23:81:d3:37:30:0c:c0:77:05:68:95:74:5a:
         bf:03:5e:46:e2:39:92:58:17:7b:f2:40:a6:fa:52:80:28:65:
         3f:ee:46:71:94:ba:49:d2:02:1a:7d:59:14:20:61:0c:05:4c:
         60:30:be:f3:7e:c8:45:1c:e9:b3:4a:f7:eb:7f:6e:06:48:be:
         a6:98:f2:3f:54:af:f3:7a:6b:40:53:7a:4f:ee:05:3f:44:3b:
         80:f5:de:36:fd:14:ff:d4:32:86:2a:84:64:5e:13:32:12:ea:
         58:c1:52:fb:cb:3c:3e:bf:45:7c:5f:72:38:b4:aa:72:2c:88:
         76:10:07:b2:01:7b:bb:46:bf:a8:44:e5:a1:1f:fd:87:d0:2d:
         ed:e9:3b:51:dc:f2:c0:b7:fa:fd:80:ad:2a:e6:06:01:bc:d0:
         dc:a3:9c:72:b0:27:47:93:8b:67:29:b1:5e:ee:7a:90:64:5e:
         61:c2:dc:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdd766hwEX7WU6BPL9Yw6tkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwNjExMDc0MTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2U3ZjIxOTMwNmVhYTUyYWRkNTk1ZTkyOTNlYWQzMDRjYTEwNWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2FRGLjqr9ueuM4Tb9BHxo/LBa35S
pIg+0RPJru0dG0rLDSmD7UlLUaISqiLFfldvZqW2f87lOyp/UjHngwOLvbu0XtVV
amuyZsH4TKygpQHR6ZRRlINJMWkfrMZK8KZbxWZuyjDKn1FERVR8zdZIKv83EIac
ucmHEZ87z/k8nssyUl5ekBPDeMfpvwNGGri71CzJNnZ8mEMmT6TB5fc3hKqNa9h5
GhG38ECLkZW9HOFfST0+2fi1+S+/NtLtf3jssOYHxKYQwyddrYMjf5ZHXuPCFWn9
vJOEiChSGRTx0tQ7JFLdag4vdhr8y/mJXFgq5H/jBQ+xXgCwmSaNvVxU5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfn8hkwbqpSrdWV6Sk+rTBMoQXVMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvRi1meUdUQnVxbEt0MVpYcEtUNnRNRXloQmRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ/XmMA0G
CSqGSIb3DQEBCwUAA4IBAQBBmF+WZ1D0i/KucC/1qEcPj0slnvx3nIcMkJ7Wp4Qp
fz7WUb3vFSDl+Y6cZ/mdQffXy0oDRadvdpkIrGihTqnQ/43DA2dXHWjxxVHCyyOB
0zcwDMB3BWiVdFq/A15G4jmSWBd78kCm+lKAKGU/7kZxlLpJ0gIafVkUIGEMBUxg
ML7zfshFHOmzSvfrf24GSL6mmPI/VK/zemtAU3pP7gU/RDuA9d42/RT/1DKGKoRk
XhMyEupYwVL7yzw+v0V8X3I4tKpyLIh2EAeyAXu7Rr+oROWhH/2H0C3t6TtR3PLA
t/r9gK0q5gYBvNDco5xysCdHk4tnKbFe7nqQZF5hwtw+
-----END CERTIFICATE-----