Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ohD3TSEkEdM-PEEipx0msk3NGoY.roa
File:                     ohD3TSEkEdM-PEEipx0msk3NGoY.roa (raw, json)
Hash identifier:          UobzF4Ih29CsL2q3mlcXCRKWRUrTB3lKffZcV/pOE1o=
Subject key identifier:   A2:10:F7:4D:21:24:11:D3:3E:3C:41:22:A7:1D:26:B2:4D:CD:1A:86
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019A0C4422F7B42DC079190DEA0B60075CE0
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ohD3TSEkEdM-PEEipx0msk3NGoY.roa
Signing time:             Wed 22 Oct 2025 14:13:03 +0000
ROA not before:           Wed 22 Oct 2025 14:13:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207567
IP address blocks:        103.101.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 17:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0c:44:22:f7:b4:2d:c0:79:19:0d:ea:0b:60:07:5c:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Oct 22 14:13:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a210f74d212411d33e3c4122a71d26b24dcd1a86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:ee:2e:d8:91:fc:4b:cc:ec:7c:5f:e0:dc:22:
                    46:4e:ef:53:2b:0d:bb:65:dd:5d:77:e7:a4:ff:24:
                    77:cb:09:8a:fd:c8:ba:58:65:19:76:d7:cf:52:aa:
                    d3:ad:77:24:f3:94:c8:29:f9:ac:51:85:69:63:a7:
                    bf:d3:cd:6d:7b:d5:74:df:64:e3:f4:0a:54:fc:ea:
                    c2:56:c7:ab:94:07:50:31:93:5e:9f:3a:62:0d:98:
                    d9:2e:6a:c3:21:64:75:22:94:65:c8:41:57:f6:6c:
                    c2:d6:66:d0:3c:57:3d:0b:0a:cf:0a:36:00:0a:ca:
                    22:71:45:13:14:01:ad:6d:fc:33:c5:dd:c2:c8:7c:
                    1a:3f:a2:b6:04:8b:f5:1b:c2:2c:bc:e7:2a:9d:33:
                    62:27:c9:9e:62:e4:69:d1:7f:01:32:79:61:2c:9f:
                    c3:41:d8:e9:17:b5:1b:55:f2:60:c3:5a:c1:81:34:
                    90:0e:45:60:31:11:79:13:aa:ff:61:8e:48:95:4b:
                    51:94:19:5d:cc:a4:be:7c:62:37:54:08:65:fc:96:
                    7e:7a:f1:c3:a2:2c:3f:7f:f0:48:62:31:fa:3a:db:
                    20:93:5b:20:ba:09:eb:02:f3:b1:60:63:b2:61:58:
                    53:4f:84:d4:18:df:c0:e5:cf:fd:45:c0:81:3f:e8:
                    4c:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:10:F7:4D:21:24:11:D3:3E:3C:41:22:A7:1D:26:B2:4D:CD:1A:86
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ohD3TSEkEdM-PEEipx0msk3NGoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.101.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:1d:fa:73:26:ec:53:2b:0d:4e:13:c3:a9:07:7f:38:60:8e:
         ad:ca:cb:24:b9:44:b2:12:e9:f2:a7:fc:4b:46:7f:33:e6:d9:
         a7:72:7c:ed:4a:17:86:3d:ec:11:11:f2:26:bc:fa:ad:33:7c:
         7a:1c:28:bd:17:85:ce:09:ea:9b:15:dc:f8:71:a9:bf:38:a2:
         ec:13:25:83:c8:6c:dc:ff:3d:9a:c0:43:7d:ec:c2:d5:9c:31:
         80:0c:0e:21:da:6d:2c:00:75:2d:18:26:c2:9e:30:81:21:63:
         6a:bc:19:4b:30:bc:36:71:df:fa:c5:ce:22:da:98:b3:f7:a7:
         51:9f:29:40:c9:24:5f:61:32:bc:21:65:e7:69:0f:32:8f:58:
         0b:e0:08:e6:1d:1c:cf:e6:66:ac:d8:8a:4e:56:10:2b:c6:c7:
         4a:d6:25:2e:d8:be:2b:06:46:1b:02:59:2b:46:2e:13:6d:88:
         30:20:37:04:6d:76:9e:81:7a:7a:58:02:a7:c9:b0:d2:91:d7:
         67:a0:fa:e0:10:0c:8a:e9:93:7f:32:0b:dd:c0:91:5c:4f:dc:
         d5:e1:f4:94:9a:60:2d:f5:9c:c9:22:fd:e2:db:81:88:8a:8b:
         94:36:95:aa:9b:7b:17:ae:93:db:c3:6e:fb:cb:17:26:c8:11:
         33:55:cf:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoMRCL3tC3AeRkN6gtgB1zgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjUxMDIyMTQxMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjEwZjc0ZDIxMjQxMWQzM2UzYzQxMjJhNzFkMjZiMjRkY2QxYTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4O4u2JH8S8zsfF/g3CJGTu9TKw27
Zd1dd+ek/yR3ywmK/ci6WGUZdtfPUqrTrXck85TIKfmsUYVpY6e/081te9V032Tj
9ApU/OrCVserlAdQMZNenzpiDZjZLmrDIWR1IpRlyEFX9mzC1mbQPFc9CwrPCjYA
CsoicUUTFAGtbfwzxd3CyHwaP6K2BIv1G8IsvOcqnTNiJ8meYuRp0X8BMnlhLJ/D
QdjpF7UbVfJgw1rBgTSQDkVgMRF5E6r/YY5IlUtRlBldzKS+fGI3VAhl/JZ+evHD
oiw/f/BIYjH6Otsgk1sgugnrAvOxYGOyYVhTT4TUGN/A5c/9RcCBP+hM0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIQ900hJBHTPjxBIqcdJrJNzRqGMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvb2hEM1RTRWtFZE0tUEVFaXB4MG1zazNOR29ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ2VVMA0G
CSqGSIb3DQEBCwUAA4IBAQCJHfpzJuxTKw1OE8OpB384YI6tysskuUSyEunyp/xL
Rn8z5tmncnztSheGPewREfImvPqtM3x6HCi9F4XOCeqbFdz4cam/OKLsEyWDyGzc
/z2awEN97MLVnDGADA4h2m0sAHUtGCbCnjCBIWNqvBlLMLw2cd/6xc4i2piz96dR
nylAySRfYTK8IWXnaQ8yj1gL4AjmHRzP5mas2IpOVhArxsdK1iUu2L4rBkYbAlkr
Ri4TbYgwIDcEbXaegXp6WAKnybDSkddnoPrgEAyK6ZN/MgvdwJFcT9zV4fSUmmAt
9ZzJIv3i24GIiouUNpWqm3sXrpPbw277yxcmyBEzVc/W
-----END CERTIFICATE-----