Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/22Z4FjqCzXTC2YCU-iCS2fTuOVk.roa
File:                     22Z4FjqCzXTC2YCU-iCS2fTuOVk.roa (raw, json)
Hash identifier:          rOPGwXBy+JicBlkw7hVc+9KWd0aYWsKPlUTvM+EgfNg=
Subject key identifier:   DB:66:78:16:3A:82:CD:74:C2:D9:80:94:FA:20:92:D9:F4:EE:39:59
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       01975318B6B19A7A0D0DC5D69992E67CD7C9
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/22Z4FjqCzXTC2YCU-iCS2fTuOVk.roa
Signing time:             Mon 09 Jun 2025 05:10:17 +0000
ROA not before:           Mon 09 Jun 2025 05:10:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55470
IP address blocks:        103.47.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 09:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:53:18:b6:b1:9a:7a:0d:0d:c5:d6:99:92:e6:7c:d7:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jun  9 05:10:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db6678163a82cd74c2d98094fa2092d9f4ee3959
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ec:58:7c:01:a7:4f:8e:f2:b7:f0:b6:12:20:
                    46:ad:a7:f6:c7:2a:8f:99:ed:ad:75:0f:5f:b5:0d:
                    db:bd:e5:33:40:c0:e0:38:24:69:10:7c:4f:eb:40:
                    17:56:5f:e1:ec:33:d5:00:bc:f5:b2:f7:8d:3d:03:
                    2e:73:0a:8e:23:4b:4a:ff:58:3f:8d:d7:94:02:2d:
                    62:02:e3:04:7d:61:56:37:9c:a4:80:12:1e:40:9c:
                    71:14:23:f9:1a:39:d1:29:0d:2c:2e:3d:01:c1:55:
                    33:b0:89:a0:aa:db:e4:1c:5d:4f:5f:72:5b:4d:db:
                    3e:91:17:70:7e:a9:11:1c:88:50:40:93:64:52:86:
                    f3:d9:7d:5f:e5:1b:d1:69:45:14:8f:5b:ba:1e:4c:
                    fc:2c:fb:0d:44:c0:c9:fe:ea:a4:7d:92:92:33:db:
                    5d:3d:61:88:92:e7:cd:de:28:9b:82:87:e6:04:5e:
                    77:33:5c:50:c8:10:ac:57:d0:36:77:ed:67:e1:da:
                    6c:36:cd:4d:9e:40:23:2a:aa:ce:45:a3:e3:97:ca:
                    ef:48:ac:fa:a9:6e:de:ca:3c:c1:08:21:33:75:b3:
                    89:dd:da:79:f2:2b:c2:98:a7:b3:a9:93:8f:bd:c2:
                    7a:a8:95:26:9f:f4:52:33:54:01:9e:57:78:28:33:
                    df:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:66:78:16:3A:82:CD:74:C2:D9:80:94:FA:20:92:D9:F4:EE:39:59
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/22Z4FjqCzXTC2YCU-iCS2fTuOVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.47.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:83:43:57:71:57:9f:ba:ef:b3:f9:24:4e:a6:d4:c0:35:ba:
         1b:3f:bb:46:fb:2f:92:41:56:12:91:99:c3:b0:20:57:e2:c5:
         96:ac:b6:a6:fc:53:f1:b4:21:1b:fc:b2:54:48:dd:8f:5d:99:
         b9:d5:de:6e:49:0c:72:26:ad:54:7d:98:dc:15:b2:e3:9d:b8:
         36:05:48:d6:b3:2c:06:ef:e1:d2:02:3e:77:75:b7:37:a6:d6:
         4e:fd:fe:0e:7a:d2:bf:73:3d:7b:98:59:82:7d:bf:e2:2d:0f:
         7b:70:73:6d:58:b8:a8:4c:41:11:56:60:1e:c0:01:96:3a:07:
         3d:10:c3:0d:cb:fa:cb:61:eb:ca:30:c7:6c:f5:16:e2:9e:a5:
         9a:48:b8:e5:f7:6f:19:2f:ea:d3:3f:55:c0:13:25:25:b3:42:
         ea:95:b3:4e:e4:38:a8:81:77:52:fa:6a:fd:b6:2a:0e:c8:f8:
         29:0e:01:a8:67:40:18:fb:66:15:e8:45:42:93:5e:47:7d:2c:
         dd:22:5b:86:e7:ef:31:54:9a:b6:53:b3:ef:62:87:54:6c:60:
         6b:f8:99:4b:3b:c9:43:64:fb:c1:eb:e8:df:a3:64:6a:73:f8:
         5d:36:35:98:be:ab:1d:81:b3:3b:b2:39:85:cf:c4:0e:7a:74:
         9f:30:4b:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdTGLaxmnoNDcXWmZLmfNfJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNjA5MDUxMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjY2NzgxNjNhODJjZDc0YzJkOTgwOTRmYTIwOTJkOWY0ZWUzOTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+xYfAGnT47yt/C2EiBGraf2xyqP
me2tdQ9ftQ3bveUzQMDgOCRpEHxP60AXVl/h7DPVALz1sveNPQMucwqOI0tK/1g/
jdeUAi1iAuMEfWFWN5ykgBIeQJxxFCP5GjnRKQ0sLj0BwVUzsImgqtvkHF1PX3Jb
Tds+kRdwfqkRHIhQQJNkUobz2X1f5RvRaUUUj1u6Hkz8LPsNRMDJ/uqkfZKSM9td
PWGIkufN3iibgofmBF53M1xQyBCsV9A2d+1n4dpsNs1NnkAjKqrORaPjl8rvSKz6
qW7eyjzBCCEzdbOJ3dp58ivCmKezqZOPvcJ6qJUmn/RSM1QBnld4KDPf4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtmeBY6gs10wtmAlPogktn07jlZMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvMjJaNEZqcUN6WFRDMllDVS1pQ1MyZlR1T1ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZy84MA0G
CSqGSIb3DQEBCwUAA4IBAQBxg0NXcVefuu+z+SROptTANbobP7tG+y+SQVYSkZnD
sCBX4sWWrLam/FPxtCEb/LJUSN2PXZm51d5uSQxyJq1UfZjcFbLjnbg2BUjWsywG
7+HSAj53dbc3ptZO/f4OetK/cz17mFmCfb/iLQ97cHNtWLioTEERVmAewAGWOgc9
EMMNy/rLYevKMMds9RbinqWaSLjl928ZL+rTP1XAEyUls0LqlbNO5DiogXdS+mr9
tioOyPgpDgGoZ0AY+2YV6EVCk15HfSzdIluG5+8xVJq2U7PvYodUbGBr+JlLO8lD
ZPvB6+jfo2Rqc/hdNjWYvqsdgbM7sjmFz8QOenSfMEuo
-----END CERTIFICATE-----