Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/rzIBmBWw3qJ2DmXGis1jynjXok4.roa
File:                     rzIBmBWw3qJ2DmXGis1jynjXok4.roa (raw, json)
Hash identifier:          ASwn1bLvv7MmInkvVqrqb1niCj3V+gQdtibxQbu0H/k=
Subject key identifier:   AF:32:01:98:15:B0:DE:A2:76:0E:65:C6:8A:CD:63:CA:78:D7:A2:4E
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       019867C6A8C1056732225FFB13AE97242705
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/rzIBmBWw3qJ2DmXGis1jynjXok4.roa
Signing time:             Fri 01 Aug 2025 22:35:29 +0000
ROA not before:           Fri 01 Aug 2025 22:35:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150654
IP address blocks:        103.17.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:67:c6:a8:c1:05:67:32:22:5f:fb:13:ae:97:24:27:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Aug  1 22:35:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af32019815b0dea2760e65c68acd63ca78d7a24e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:ce:28:80:3e:43:29:de:3b:5a:39:bb:9b:c4:
                    dd:07:bf:28:8c:c0:50:13:50:1c:6d:75:49:72:11:
                    71:33:ed:ec:fc:32:82:a8:e4:7f:7a:11:35:a0:01:
                    f3:66:53:c1:50:0e:70:be:7d:6d:7d:4f:3e:1c:8e:
                    5c:2f:62:34:e1:d7:90:3f:3d:01:09:32:83:d9:64:
                    c0:d5:1a:2e:1e:71:3e:51:44:88:df:63:7b:fd:ab:
                    3d:af:61:ae:b7:4b:c4:1f:64:52:bd:50:3e:26:3f:
                    1b:c3:15:ed:8d:11:06:44:97:3a:0f:85:af:1b:aa:
                    5f:12:31:9a:d2:a7:65:fb:68:09:b4:a2:a1:20:e8:
                    82:50:45:60:d6:3b:f9:eb:b9:d7:21:52:f5:f3:c6:
                    c9:a4:35:b0:18:33:78:dd:4d:ea:ce:74:19:db:29:
                    88:d6:57:83:01:e9:4f:2e:23:d3:cf:1c:da:ff:50:
                    f3:cf:5a:5b:5d:c1:13:a4:c0:4d:99:44:cc:16:ab:
                    3e:23:98:50:e8:86:bf:e3:17:5e:5b:89:8e:0d:c1:
                    64:52:c8:48:22:d7:ac:75:b2:ef:f1:39:9d:07:e2:
                    78:bc:0a:d6:e6:8c:04:c5:d7:91:b9:a5:14:9a:3b:
                    45:7d:a0:50:51:9f:74:c5:d7:2c:02:42:cd:72:02:
                    a3:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:32:01:98:15:B0:DE:A2:76:0E:65:C6:8A:CD:63:CA:78:D7:A2:4E
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/rzIBmBWw3qJ2DmXGis1jynjXok4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.17.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:85:b7:fe:51:b0:df:23:06:8b:77:b5:12:db:d6:ef:f2:58:
         fb:74:21:d0:e5:ff:75:aa:1b:d6:75:17:70:a1:1d:41:22:70:
         29:ee:24:f9:f1:1b:82:d5:25:f4:ae:2d:3a:34:6d:ee:ec:ce:
         40:bf:4c:48:bf:22:f5:84:13:dd:c6:8b:a8:c4:ac:f8:4a:ca:
         8f:b8:7e:f9:b9:7f:f6:18:33:fb:38:81:86:45:2d:a9:6d:31:
         c2:ac:bd:78:f3:6a:c1:5d:90:a6:c0:9e:76:3d:72:0a:96:7c:
         ce:f0:34:3b:fb:ee:13:62:2e:48:a5:c0:8a:a5:4c:f7:3b:ff:
         c3:b0:97:47:f9:e6:4c:21:96:30:6d:00:c9:3e:d7:f6:07:9c:
         03:14:c2:44:fe:79:0a:cb:b7:cd:61:c4:c4:6b:fc:f1:0c:c1:
         bb:49:a9:56:80:ec:1d:c3:bb:7f:8a:15:a7:3a:1d:f7:ff:0c:
         b9:29:fd:3f:b3:2c:c1:49:71:71:6d:89:94:b2:40:6a:de:0c:
         e3:db:03:55:4d:5a:cd:9f:8f:ac:48:83:b8:7e:f4:8a:40:94:
         d0:eb:86:2c:1c:d9:b8:d7:56:7e:71:78:da:d0:87:4f:99:a6:
         80:f8:ad:23:27:d7:06:30:d5:fd:21:65:bb:c3:7d:9c:de:c5:
         9e:60:7e:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhnxqjBBWcyIl/7E66XJCcFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwODAxMjIzNTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjMyMDE5ODE1YjBkZWEyNzYwZTY1YzY4YWNkNjNjYTc4ZDdhMjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA484ogD5DKd47Wjm7m8TdB78ojMBQ
E1AcbXVJchFxM+3s/DKCqOR/ehE1oAHzZlPBUA5wvn1tfU8+HI5cL2I04deQPz0B
CTKD2WTA1RouHnE+UUSI32N7/as9r2Gut0vEH2RSvVA+Jj8bwxXtjREGRJc6D4Wv
G6pfEjGa0qdl+2gJtKKhIOiCUEVg1jv567nXIVL188bJpDWwGDN43U3qznQZ2ymI
1leDAelPLiPTzxza/1Dzz1pbXcETpMBNmUTMFqs+I5hQ6Ia/4xdeW4mODcFkUshI
ItesdbLv8TmdB+J4vArW5owExdeRuaUUmjtFfaBQUZ90xdcsAkLNcgKjyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8yAZgVsN6idg5lxorNY8p416JOMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvcnpJQm1CV3czcUoyRG1YR2lzMWp5bmpYb2s0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZxFgMA0G
CSqGSIb3DQEBCwUAA4IBAQCthbf+UbDfIwaLd7US29bv8lj7dCHQ5f91qhvWdRdw
oR1BInAp7iT58RuC1SX0ri06NG3u7M5Av0xIvyL1hBPdxouoxKz4SsqPuH75uX/2
GDP7OIGGRS2pbTHCrL1482rBXZCmwJ52PXIKlnzO8DQ7++4TYi5IpcCKpUz3O//D
sJdH+eZMIZYwbQDJPtf2B5wDFMJE/nkKy7fNYcTEa/zxDMG7SalWgOwdw7t/ihWn
Oh33/wy5Kf0/syzBSXFxbYmUskBq3gzj2wNVTVrNn4+sSIO4fvSKQJTQ64YsHNm4
11Z+cXja0IdPmaaA+K0jJ9cGMNX9IWW7w32c3sWeYH7S
-----END CERTIFICATE-----