Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/KJBBbdSFLSNDaaMdsnZ9wzGNr0A.roa
File:                     KJBBbdSFLSNDaaMdsnZ9wzGNr0A.roa (raw, json)
Hash identifier:          VeFKMfhB0bbaYa6pH5uvWwcQYChEBLxIpD2Q3T7bQJE=
Subject key identifier:   28:90:41:6D:D4:85:2D:23:43:69:A3:1D:B2:76:7D:C3:31:8D:AF:40
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       01975E3D7E9764E9F155887A2F6D82A0F512
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/KJBBbdSFLSNDaaMdsnZ9wzGNr0A.roa
Signing time:             Wed 11 Jun 2025 09:06:17 +0000
ROA not before:           Wed 11 Jun 2025 09:06:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        103.31.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5e:3d:7e:97:64:e9:f1:55:88:7a:2f:6d:82:a0:f5:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Jun 11 09:06:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2890416dd4852d234369a31db2767dc3318daf40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:df:06:6f:b9:b4:f5:5d:ed:b9:ea:08:22:ad:
                    9c:ac:ea:3e:d1:a5:18:c4:ad:b5:c1:84:bd:b3:e1:
                    e3:38:04:c3:90:35:31:ac:38:15:91:58:d0:af:06:
                    bd:3d:3c:e2:b0:3c:5a:50:88:89:97:4d:7f:56:c6:
                    c7:c4:99:c6:67:eb:61:2f:d6:7f:e8:a0:df:f4:0f:
                    9e:3e:f9:8a:16:95:b2:d3:b6:67:29:13:bc:61:02:
                    85:7f:49:45:97:ed:f8:84:c6:55:74:fa:2a:05:4b:
                    c6:17:9b:54:14:5c:e5:50:c2:59:2f:a6:64:76:2b:
                    a3:da:b3:5b:ed:83:c7:a8:8e:18:74:03:fa:96:ad:
                    87:5e:a0:3f:d1:48:4f:af:95:04:a6:5d:a3:99:6a:
                    85:71:a0:93:9e:80:60:f6:b0:1b:1e:c7:b9:ef:b3:
                    03:18:b8:37:e8:c1:c7:bf:18:1f:6d:dd:83:b5:d5:
                    01:69:1e:e0:7c:22:bb:60:17:74:26:5f:4b:9a:61:
                    c0:1c:c8:73:84:b8:12:88:fc:07:3f:91:d2:25:82:
                    84:d9:f0:7d:f0:f7:d7:77:bc:c0:6d:18:75:19:73:
                    91:bd:c0:00:d4:64:08:03:79:b7:07:73:69:ea:e3:
                    84:01:b5:40:00:64:b9:b2:4a:90:7e:7a:3b:93:2e:
                    4c:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:90:41:6D:D4:85:2D:23:43:69:A3:1D:B2:76:7D:C3:31:8D:AF:40
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/KJBBbdSFLSNDaaMdsnZ9wzGNr0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.31.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:62:37:46:7a:ee:b6:83:82:92:05:d2:b3:6a:5b:79:55:b2:
         36:0c:22:c9:2a:3f:a1:3c:77:fa:41:17:e9:ad:14:e0:f3:48:
         ad:8e:3e:9b:4a:9e:4a:87:a3:13:b8:62:fc:6b:81:21:d7:c4:
         4c:19:a0:7d:92:0b:46:de:5a:61:c8:34:27:0a:42:88:00:ce:
         13:82:7a:01:65:0a:38:4a:f7:fc:59:8e:73:04:f8:95:9d:38:
         1c:18:1c:4f:e9:4e:38:72:d7:ef:a1:6d:65:cf:6a:0d:00:de:
         92:5e:76:93:ef:cf:98:bc:08:f5:4b:eb:eb:8f:9c:dd:b3:6a:
         ec:75:89:9b:0f:d9:da:2a:3f:0c:f3:ed:61:24:bd:1b:dd:1d:
         86:85:43:93:a4:b3:80:56:f7:e3:90:46:27:67:48:37:9d:e7:
         77:ea:76:54:89:01:f2:4d:ab:aa:47:7b:15:88:6b:af:25:a1:
         5f:b1:6a:d2:02:00:25:aa:7e:16:f2:c3:ef:3f:0f:b4:93:67:
         9f:e3:f7:1b:b8:e3:cd:c4:05:06:5a:b0:e9:3e:a8:ca:36:53:
         aa:da:9f:89:27:32:e2:53:dd:c8:a1:52:d7:1d:59:54:b2:05:
         33:8c:c8:2b:ce:5f:38:ac:fb:ec:67:05:d0:c0:56:b1:85:d8:
         b5:89:be:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdePX6XZOnxVYh6L22CoPUSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjUwNjExMDkwNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODkwNDE2ZGQ0ODUyZDIzNDM2OWEzMWRiMjc2N2RjMzMxOGRhZjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4N8Gb7m09V3tueoIIq2crOo+0aUY
xK21wYS9s+HjOATDkDUxrDgVkVjQrwa9PTzisDxaUIiJl01/VsbHxJnGZ+thL9Z/
6KDf9A+ePvmKFpWy07ZnKRO8YQKFf0lFl+34hMZVdPoqBUvGF5tUFFzlUMJZL6Zk
diuj2rNb7YPHqI4YdAP6lq2HXqA/0UhPr5UEpl2jmWqFcaCTnoBg9rAbHse577MD
GLg36MHHvxgfbd2DtdUBaR7gfCK7YBd0Jl9LmmHAHMhzhLgSiPwHP5HSJYKE2fB9
8PfXd7zAbRh1GXORvcAA1GQIA3m3B3Np6uOEAbVAAGS5skqQfno7ky5MHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCiQQW3UhS0jQ2mjHbJ2fcMxja9AMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvS0pCQmJkU0ZMU05EYWFNZHNuWjl3ekdOcjBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZx9PMA0G
CSqGSIb3DQEBCwUAA4IBAQClYjdGeu62g4KSBdKzalt5VbI2DCLJKj+hPHf6QRfp
rRTg80itjj6bSp5Kh6MTuGL8a4Eh18RMGaB9kgtG3lphyDQnCkKIAM4TgnoBZQo4
Svf8WY5zBPiVnTgcGBxP6U44ctfvoW1lz2oNAN6SXnaT78+YvAj1S+vrj5zds2rs
dYmbD9naKj8M8+1hJL0b3R2GhUOTpLOAVvfjkEYnZ0g3ned36nZUiQHyTauqR3sV
iGuvJaFfsWrSAgAlqn4W8sPvPw+0k2ef4/cbuOPNxAUGWrDpPqjKNlOq2p+JJzLi
U93IoVLXHVlUsgUzjMgrzl84rPvsZwXQwFaxhdi1ib5Q
-----END CERTIFICATE-----