Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/unsDtmwuVq6UnIoMMfgu4SomBNI.roa
File:                     unsDtmwuVq6UnIoMMfgu4SomBNI.roa (raw, json)
Hash identifier:          42NQRABPwAdQZ7WOYRrg/k8mIJxEsdJlQLE5DRl74k0=
Subject key identifier:   BA:7B:03:B6:6C:2E:56:AE:94:9C:8A:0C:31:F8:2E:E1:2A:26:04:D2
Certificate issuer:       /CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
Certificate serial:       019C7712E62458FE8E39F5B1ED0320FE0D8B
Authority key identifier: 9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/unsDtmwuVq6UnIoMMfgu4SomBNI.roa
Signing time:             Thu 19 Feb 2026 18:04:13 +0000
ROA not before:           Thu 19 Feb 2026 18:04:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213220
IP address blocks:        103.213.249.0/24 maxlen: 24
                          103.213.251.0/24 maxlen: 24
                          203.189.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 16:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:77:12:e6:24:58:fe:8e:39:f5:b1:ed:03:20:fe:0d:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
        Validity
            Not Before: Feb 19 18:04:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba7b03b66c2e56ae949c8a0c31f82ee12a2604d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:0b:4b:cc:78:d1:a7:75:7e:0d:da:0c:c8:b8:
                    f8:65:90:0d:1d:94:6b:62:ee:9a:72:18:73:9e:25:
                    5a:b8:67:9d:4d:63:13:b6:ec:8d:72:7e:dd:66:f3:
                    42:1e:0b:ae:b3:6b:1d:80:ec:81:a4:b5:6e:4f:6f:
                    a0:36:91:22:c9:15:f8:53:6f:c5:9c:9d:32:0d:91:
                    8d:18:47:ca:29:12:ef:9c:75:6f:0e:37:7a:0c:e0:
                    44:b2:cb:2d:bb:a5:5d:b1:0b:64:60:df:fa:0b:54:
                    15:d1:a6:a6:39:a1:29:79:c0:05:df:3c:72:db:f7:
                    54:de:53:85:82:2b:ac:fb:ce:c4:1d:2c:99:bd:e3:
                    70:03:60:72:df:52:26:3d:b4:58:19:ec:c8:2d:08:
                    33:ba:c2:1c:83:a7:9b:86:a1:e5:7d:57:cb:0c:aa:
                    4a:0b:c5:bd:63:23:21:21:ce:23:a6:db:9a:87:ee:
                    46:75:e2:31:50:16:3a:33:20:df:eb:05:9e:e7:34:
                    e1:0e:58:07:8d:21:89:7a:63:4d:53:e5:e4:41:e5:
                    a4:7c:f3:c0:17:41:de:7b:ab:0f:c1:2c:5e:c2:7f:
                    3c:f3:58:36:2a:1b:6f:9d:35:0b:00:7e:4e:eb:e2:
                    21:9e:5c:3d:bf:91:e7:00:c1:1f:90:98:fe:e0:f9:
                    57:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:7B:03:B6:6C:2E:56:AE:94:9C:8A:0C:31:F8:2E:E1:2A:26:04:D2
            X509v3 Authority Key Identifier:
                keyid:9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/unsDtmwuVq6UnIoMMfgu4SomBNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.213.249.0/24
                  103.213.251.0/24
                  203.189.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:18:2e:ef:de:50:08:7b:4c:63:3b:a8:32:99:07:26:b9:43:
         48:9d:3c:5f:15:a5:dd:d6:5e:64:e8:d7:d9:47:4c:a5:c3:b4:
         6e:ae:2c:14:1e:1f:f8:88:bd:a6:f2:15:41:79:36:01:74:f3:
         00:71:88:b9:6f:82:54:b3:35:33:70:91:d8:29:3b:30:40:5b:
         8d:4b:0b:bf:e0:80:cc:3f:47:1a:e8:36:c0:c4:8b:11:b1:95:
         b2:34:5a:a1:6e:54:27:88:ed:e3:4b:eb:cd:36:37:b5:d1:f0:
         99:e1:fd:f3:af:ad:6f:ff:39:24:8c:c8:d5:69:e1:79:46:bb:
         a8:a4:c1:f8:a2:1a:61:55:57:0a:92:63:1b:46:ce:12:73:28:
         7a:62:89:b6:8e:09:8b:30:4b:b4:b4:93:4c:50:1d:e2:29:55:
         a7:ec:f7:f0:c9:37:8c:3a:53:50:28:a9:ec:92:92:ab:84:fd:
         54:d6:07:53:b1:8f:da:d7:3f:88:0d:db:48:ea:fd:fb:9e:94:
         66:8d:eb:8e:ba:73:a0:37:9d:ba:29:6a:25:d9:46:10:c1:09:
         71:c7:e3:de:34:5a:1a:a6:a0:df:b5:18:44:f3:dd:61:c1:3d:
         bb:8b:7d:6b:f4:4a:ba:b8:9e:30:8d:a5:78:c3:87:47:49:15:
         1a:9d:d1:cb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZx3EuYkWP6OOfWx7QMg/g2LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMzEyZTkyOTdiYzFkMjdlYmViNDc2ZGVhMGVlMTVkZDc1
NjU0MmQwHhcNMjYwMjE5MTgwNDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTdiMDNiNjZjMmU1NmFlOTQ5YzhhMGMzMWY4MmVlMTJhMjYwNGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5gtLzHjRp3V+DdoMyLj4ZZANHZRr
Yu6achhzniVauGedTWMTtuyNcn7dZvNCHguus2sdgOyBpLVuT2+gNpEiyRX4U2/F
nJ0yDZGNGEfKKRLvnHVvDjd6DOBEssstu6VdsQtkYN/6C1QV0aamOaEpecAF3zxy
2/dU3lOFgius+87EHSyZveNwA2By31ImPbRYGezILQgzusIcg6ebhqHlfVfLDKpK
C8W9YyMhIc4jptuah+5GdeIxUBY6MyDf6wWe5zThDlgHjSGJemNNU+XkQeWkfPPA
F0Hee6sPwSxewn8881g2KhtvnTULAH5O6+Ihnlw9v5HnAMEfkJj+4PlXxwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLp7A7ZsLlaulJyKDDH4LuEqJgTSMB8GA1UdIwQY
MBaAFJ8xLpKXvB0n6+tHbeoO4V3XVlQtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnpFdWtwZThIU2ZyNjBkdDZnN2hYZGRXVkMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9kZDVhMjgtZGY5ZC00NjI3LTgwOWQt
YmQ1ZDNmMDBmYmIyLzEvdW5zRHRtd3VWcTZVbklvTU1mZ3U0U29tQk5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9kZDVhMjgtZGY5ZC00NjI3LTgwOWQtYmQ1ZDNmMDBmYmIy
LzEvbnpFdWtwZThIU2ZyNjBkdDZnN2hYZGRXVkMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAZ9X5AwQA
Z9X7AwQAy73pMA0GCSqGSIb3DQEBCwUAA4IBAQCgGC7v3lAIe0xjO6gymQcmuUNI
nTxfFaXd1l5k6NfZR0ylw7RuriwUHh/4iL2m8hVBeTYBdPMAcYi5b4JUszUzcJHY
KTswQFuNSwu/4IDMP0ca6DbAxIsRsZWyNFqhblQniO3jS+vNNje10fCZ4f3zr61v
/zkkjMjVaeF5RruopMH4ohphVVcKkmMbRs4Scyh6Yom2jgmLMEu0tJNMUB3iKVWn
7PfwyTeMOlNQKKnskpKrhP1U1gdTsY/a1z+IDdtI6v37npRmjeuOunOgN526KWol
2UYQwQlxx+PeNFoapqDftRhE891hwT27i31r9Eq6uJ4wjaV4w4dHSRUandHL
-----END CERTIFICATE-----