Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/d7vhMptggQFYv4qlk9QDH-CnrvE.roa
File:                     d7vhMptggQFYv4qlk9QDH-CnrvE.roa (raw, json)
Hash identifier:          5WfqwGw+8t3Ft4vuWjlX8VLSDMoVxLzDo6LwKTusUiA=
Subject key identifier:   77:BB:E1:32:9B:60:81:01:58:BF:8A:A5:93:D4:03:1F:E0:A7:AE:F1
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019D68957B4BCC555F543246ECDF07411443
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/d7vhMptggQFYv4qlk9QDH-CnrvE.roa
Signing time:             Tue 07 Apr 2026 15:35:20 +0000
ROA not before:           Tue 07 Apr 2026 15:35:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        103.216.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:68:95:7b:4b:cc:55:5f:54:32:46:ec:df:07:41:14:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Apr  7 15:35:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=77bbe1329b60810158bf8aa593d4031fe0a7aef1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:69:c1:3b:12:2e:77:6c:19:7f:20:e1:ef:00:
                    9f:11:1b:53:48:14:10:e9:3d:f1:21:f2:c5:90:5b:
                    e3:37:51:6c:d0:e5:d5:5a:b4:19:b4:9e:c0:84:12:
                    eb:f7:a2:b5:b2:c3:00:c7:a9:d7:1f:43:c7:8c:35:
                    c6:0b:61:03:dc:df:e1:0f:d6:5f:23:50:7d:db:3e:
                    f0:24:a7:77:95:f5:80:5b:79:57:b2:2c:94:56:aa:
                    c0:36:f2:05:61:c2:b3:94:35:66:32:7b:18:c8:0c:
                    a5:50:3b:be:dc:86:c3:22:01:ee:5c:64:cc:de:8f:
                    d3:29:1c:72:59:c1:92:a3:ae:84:47:ec:a8:f2:ab:
                    a9:88:23:68:3f:41:df:2d:b6:94:a4:19:3a:a0:61:
                    da:09:a1:13:12:9f:00:d7:ce:61:f8:dd:2b:c9:d3:
                    5b:86:58:f8:ee:37:3c:6f:96:7f:ad:c3:6c:2b:4b:
                    95:6d:6f:e2:59:35:e1:55:ea:93:b3:de:75:e6:93:
                    3b:82:ce:9d:a0:0b:d5:5e:cf:17:08:47:74:93:f3:
                    a3:85:bc:5d:76:77:59:2a:86:4a:1f:17:96:09:bb:
                    90:50:25:dc:49:e4:a7:45:a7:1b:18:30:9d:03:ec:
                    d6:79:ac:0e:46:d3:aa:b4:10:f3:8b:25:07:d8:75:
                    b1:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:BB:E1:32:9B:60:81:01:58:BF:8A:A5:93:D4:03:1F:E0:A7:AE:F1
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/d7vhMptggQFYv4qlk9QDH-CnrvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.216.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:74:30:18:b7:1f:8e:9c:e8:86:5f:b2:91:d7:fa:8c:0e:43:
         ff:5c:03:bc:5b:ad:b9:eb:09:ea:4e:28:d2:bf:76:dd:d1:ed:
         7b:fa:fd:23:40:fb:fe:c1:d5:73:fd:c7:df:45:67:b0:13:ad:
         4d:11:6b:6e:19:21:3b:8f:25:71:8f:9d:7c:f3:5f:5f:6f:38:
         18:63:d3:f3:0f:da:cb:06:07:79:cd:3c:0d:cc:af:6e:a4:a5:
         a2:31:42:b3:2b:78:c4:f1:97:d9:eb:47:b5:64:c4:94:aa:48:
         33:66:30:97:bf:25:b6:fd:63:02:f1:0a:19:36:c4:29:c3:f9:
         b0:43:eb:7b:78:04:16:dc:88:4c:5d:ca:e8:a1:54:53:5b:05:
         5c:0a:ce:66:94:19:8d:b4:9a:60:17:4e:bd:0d:15:1e:c8:20:
         2f:1d:fb:22:38:f4:5e:ca:c0:69:6a:f6:6d:cc:31:8d:cd:90:
         b6:ff:62:6c:87:09:cc:c3:80:b1:a0:a5:d5:1b:88:2a:a2:13:
         8b:6a:0a:df:57:64:35:46:44:ca:2c:5a:93:50:42:4e:ae:9c:
         37:3f:21:f2:5f:95:25:48:8d:ac:f5:3d:6e:91:b5:c2:17:ac:
         e9:38:e7:c3:c4:35:95:96:79:8c:05:93:d8:58:c8:6d:8f:2b:
         bd:37:a6:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1olXtLzFVfVDJG7N8HQRRDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjYwNDA3MTUzNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2JiZTEzMjliNjA4MTAxNThiZjhhYTU5M2Q0MDMxZmUwYTdhZWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmnBOxIud2wZfyDh7wCfERtTSBQQ
6T3xIfLFkFvjN1Fs0OXVWrQZtJ7AhBLr96K1ssMAx6nXH0PHjDXGC2ED3N/hD9Zf
I1B92z7wJKd3lfWAW3lXsiyUVqrANvIFYcKzlDVmMnsYyAylUDu+3IbDIgHuXGTM
3o/TKRxyWcGSo66ER+yo8qupiCNoP0HfLbaUpBk6oGHaCaETEp8A185h+N0rydNb
hlj47jc8b5Z/rcNsK0uVbW/iWTXhVeqTs9515pM7gs6doAvVXs8XCEd0k/Ojhbxd
dndZKoZKHxeWCbuQUCXcSeSnRacbGDCdA+zWeawORtOqtBDziyUH2HWxfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHe74TKbYIEBWL+KpZPUAx/gp67xMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvZDd2aE1wdGdnUUZZdjRxbGs5UURILUNucnZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ9iuMA0G
CSqGSIb3DQEBCwUAA4IBAQCJdDAYtx+OnOiGX7KR1/qMDkP/XAO8W6256wnqTijS
v3bd0e17+v0jQPv+wdVz/cffRWewE61NEWtuGSE7jyVxj518819fbzgYY9PzD9rL
Bgd5zTwNzK9upKWiMUKzK3jE8ZfZ60e1ZMSUqkgzZjCXvyW2/WMC8QoZNsQpw/mw
Q+t7eAQW3IhMXcrooVRTWwVcCs5mlBmNtJpgF069DRUeyCAvHfsiOPReysBpavZt
zDGNzZC2/2JshwnMw4CxoKXVG4gqohOLagrfV2Q1RkTKLFqTUEJOrpw3PyHyX5Ul
SI2s9T1ukbXCF6zpOOfDxDWVlnmMBZPYWMhtjyu9N6Y2
-----END CERTIFICATE-----