Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nujuYw_3IDNNnf568BByX_04-sU.roa
File:                     nujuYw_3IDNNnf568BByX_04-sU.roa (raw, json)
Hash identifier:          60QrFQNmOREasWgP2EhaDowHIVvxXUEGB1moqh/EpGc=
Subject key identifier:   9E:E8:EE:63:0F:F7:20:33:4D:9D:FE:7A:F0:10:72:5F:FD:38:FA:C5
Certificate issuer:       /CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
Certificate serial:       019E97BDA9FBDACE438540D2670089289042
Authority key identifier: 9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nujuYw_3IDNNnf568BByX_04-sU.roa
Signing time:             Fri 05 Jun 2026 12:24:09 +0000
ROA not before:           Fri 05 Jun 2026 12:24:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     134196
IP address blocks:        103.24.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:97:bd:a9:fb:da:ce:43:85:40:d2:67:00:89:28:90:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
        Validity
            Not Before: Jun  5 12:24:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ee8ee630ff720334d9dfe7af010725ffd38fac5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:61:36:1c:b1:bf:20:43:31:4f:f7:81:41:af:
                    d9:19:35:90:5d:e6:80:58:2c:a9:5a:21:0c:b2:14:
                    cf:f6:57:49:a4:64:aa:12:cc:d0:3c:ee:a6:04:bc:
                    c0:0c:f7:be:03:99:d0:b6:68:65:d6:40:55:df:fd:
                    8c:c6:14:da:1a:8a:84:42:94:08:dd:ce:ab:27:75:
                    58:25:9d:43:ed:88:72:c7:89:69:26:6a:39:45:f8:
                    2a:d3:18:6c:62:b7:11:d8:46:b6:c1:9a:48:52:42:
                    74:89:5d:bd:9c:0e:44:3d:38:30:79:47:ee:0b:fb:
                    b4:f4:5b:aa:27:14:93:f9:88:e0:9e:97:87:91:9f:
                    50:78:63:6e:1b:5d:2b:77:5a:d0:67:dd:8f:c6:83:
                    d9:e8:60:10:c2:aa:c3:20:13:af:d1:76:9f:83:24:
                    7a:0e:4a:fa:c2:a1:97:24:85:16:6c:a9:78:9e:f1:
                    40:f3:c4:3c:ac:56:80:92:f8:6a:a0:e4:a8:c7:13:
                    04:7a:1e:4c:35:44:47:c7:8b:4d:9a:46:37:f7:b7:
                    92:59:9d:8a:8f:b8:be:f6:70:fe:ee:09:96:f3:3d:
                    6d:c4:12:e5:a9:7b:a9:3a:ab:1e:03:96:b2:e3:58:
                    b2:b8:60:13:2a:35:53:97:6b:f4:3e:1a:5f:41:45:
                    a6:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:E8:EE:63:0F:F7:20:33:4D:9D:FE:7A:F0:10:72:5F:FD:38:FA:C5
            X509v3 Authority Key Identifier:
                keyid:9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nujuYw_3IDNNnf568BByX_04-sU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.24.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:56:0c:ba:c7:4a:ea:3b:9d:df:fd:58:9d:0c:cb:0e:2a:18:
         b9:95:00:25:f3:df:f6:ad:d3:4e:7d:50:b8:49:1b:4c:82:5b:
         d3:81:83:30:a8:e3:70:6b:ab:1b:d0:58:a4:d1:3a:6e:79:d3:
         b5:43:41:c2:46:2d:17:1c:6b:97:b7:62:de:d4:51:8a:2d:26:
         6b:a6:8e:82:d9:ac:87:e9:fa:d2:32:4d:1e:ca:9c:2d:86:81:
         8b:fb:fd:cb:44:39:09:f2:36:9b:8b:72:7c:c4:4a:f4:92:f8:
         c4:51:07:59:cc:b8:b4:09:6f:c0:21:28:85:67:9e:06:23:d3:
         38:2c:f7:dd:ef:46:5a:f3:01:a8:cf:e6:5d:61:7b:e2:31:a5:
         fd:09:9c:ee:62:31:ea:52:f7:d4:90:5d:75:99:3d:44:29:11:
         5f:3f:a6:4e:3d:3a:04:07:66:9d:a8:bd:07:7d:8e:9a:84:7d:
         b3:f4:b5:e4:5f:2c:c5:84:dd:f4:4b:2a:96:c3:f3:04:0a:d2:
         4c:ec:50:2d:3b:16:fd:6d:c7:ec:e8:5c:fb:7b:d5:a6:90:68:
         79:3b:e6:a0:05:3f:57:c1:ab:19:a7:8a:ad:63:56:60:8b:9e:
         d0:4b:2e:a7:4a:f0:7c:04:56:51:e0:5c:76:71:1e:ed:e6:50:
         b0:03:91:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6Xvan72s5DhUDSZwCJKJBCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMzEyZTkyOTdiYzFkMjdlYmViNDc2ZGVhMGVlMTVkZDc1
NjU0MmQwHhcNMjYwNjA1MTIyNDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWU4ZWU2MzBmZjcyMDMzNGQ5ZGZlN2FmMDEwNzI1ZmZkMzhmYWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWE2HLG/IEMxT/eBQa/ZGTWQXeaA
WCypWiEMshTP9ldJpGSqEszQPO6mBLzADPe+A5nQtmhl1kBV3/2MxhTaGoqEQpQI
3c6rJ3VYJZ1D7Yhyx4lpJmo5Rfgq0xhsYrcR2Ea2wZpIUkJ0iV29nA5EPTgweUfu
C/u09FuqJxST+YjgnpeHkZ9QeGNuG10rd1rQZ92PxoPZ6GAQwqrDIBOv0XafgyR6
Dkr6wqGXJIUWbKl4nvFA88Q8rFaAkvhqoOSoxxMEeh5MNURHx4tNmkY397eSWZ2K
j7i+9nD+7gmW8z1txBLlqXupOqseA5ay41iyuGATKjVTl2v0PhpfQUWmqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7o7mMP9yAzTZ3+evAQcl/9OPrFMB8GA1UdIwQY
MBaAFJ8xLpKXvB0n6+tHbeoO4V3XVlQtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnpFdWtwZThIU2ZyNjBkdDZnN2hYZGRXVkMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9kZDVhMjgtZGY5ZC00NjI3LTgwOWQt
YmQ1ZDNmMDBmYmIyLzEvbnVqdVl3XzNJRE5ObmY1NjhCQnlYXzA0LXNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9kZDVhMjgtZGY5ZC00NjI3LTgwOWQtYmQ1ZDNmMDBmYmIy
LzEvbnpFdWtwZThIU2ZyNjBkdDZnN2hYZGRXVkMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZxjOMA0G
CSqGSIb3DQEBCwUAA4IBAQBvVgy6x0rqO53f/VidDMsOKhi5lQAl89/2rdNOfVC4
SRtMglvTgYMwqONwa6sb0Fik0TpuedO1Q0HCRi0XHGuXt2Le1FGKLSZrpo6C2ayH
6frSMk0eypwthoGL+/3LRDkJ8jabi3J8xEr0kvjEUQdZzLi0CW/AISiFZ54GI9M4
LPfd70Za8wGoz+ZdYXviMaX9CZzuYjHqUvfUkF11mT1EKRFfP6ZOPToEB2adqL0H
fY6ahH2z9LXkXyzFhN30SyqWw/MECtJM7FAtOxb9bcfs6Fz7e9WmkGh5O+agBT9X
wasZp4qtY1Zgi57QSy6nSvB8BFZR4Fx2cR7t5lCwA5FR
-----END CERTIFICATE-----