Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/__54GV--xkNhcsWTWR4Sow7KAjk.roa
File:                     __54GV--xkNhcsWTWR4Sow7KAjk.roa (raw, json)
Hash identifier:          5MLv+rLnlx/QUtDdL3D5ql7lHnTAtxpfal6x2OJAn38=
Subject key identifier:   FF:FE:78:19:5F:BE:C6:43:61:72:C5:93:59:1E:12:A3:0E:CA:02:39
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       019D48DD3740A7233FF85E46D17DE54A61BB
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/__54GV--xkNhcsWTWR4Sow7KAjk.roa
Signing time:             Wed 01 Apr 2026 11:45:50 +0000
ROA not before:           Wed 01 Apr 2026 11:45:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44382
IP address blocks:        103.83.86.0/24 maxlen: 24
                          103.83.87.0/24 maxlen: 24
                          203.202.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:48:dd:37:40:a7:23:3f:f8:5e:46:d1:7d:e5:4a:61:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: Apr  1 11:45:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fffe78195fbec6436172c593591e12a30eca0239
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:56:35:a1:e8:13:38:bd:36:c2:c8:22:7a:c9:
                    a5:48:02:8e:19:95:03:42:68:6a:fd:a4:e9:f0:1b:
                    86:c1:72:2a:dd:59:be:f8:63:11:57:e9:24:f5:f5:
                    3c:d9:44:f5:b5:55:7b:c9:6b:f5:a3:cf:49:c9:33:
                    6b:c4:cc:6c:b6:45:20:81:c0:21:03:2c:8d:9a:03:
                    7c:dc:96:0c:1f:3e:75:b4:bd:ea:76:1b:c6:8d:13:
                    66:90:37:48:28:3f:6b:88:62:8a:73:ab:df:ee:15:
                    c2:a6:3f:3b:d2:7c:44:f0:c2:40:38:b1:b6:e2:c3:
                    b8:e8:bc:1a:a4:90:a9:fe:11:01:b3:44:ec:37:fe:
                    36:d5:82:d1:bc:f0:a5:d1:ef:63:2b:6e:25:e5:cb:
                    d7:45:7d:8e:a0:e5:a7:eb:30:0e:b8:37:06:29:8b:
                    83:a3:27:90:1c:c0:91:a9:dc:7b:e0:3b:2c:95:9c:
                    26:5e:68:71:10:b7:0f:5a:a0:29:d2:77:cc:fb:74:
                    21:e1:80:98:96:49:42:c5:ca:4b:20:59:c2:6a:23:
                    e2:5a:2d:85:4e:30:cb:c9:72:f3:61:99:64:d7:ac:
                    a7:5f:00:f3:d6:b6:51:83:99:98:6c:01:4f:7b:ef:
                    11:17:b0:7d:50:4f:88:d7:34:24:87:f9:18:e8:95:
                    4c:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:FE:78:19:5F:BE:C6:43:61:72:C5:93:59:1E:12:A3:0E:CA:02:39
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/__54GV--xkNhcsWTWR4Sow7KAjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.83.86.0/23
                  203.202.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:fe:01:b4:c5:83:d4:02:aa:4e:5a:49:f9:64:5f:65:54:08:
         33:54:11:13:52:b9:d9:54:e0:31:e5:9f:c7:d7:fa:eb:fe:ec:
         f5:d7:00:02:7c:f9:12:c3:e4:b2:9b:9d:d7:21:f6:61:2e:c5:
         89:25:53:1b:c2:f5:c8:a7:70:aa:88:84:6e:63:7f:06:73:ab:
         11:ff:a7:12:00:38:3e:7a:2f:08:ba:7e:6f:5d:73:e7:13:aa:
         ba:12:da:22:9f:a3:11:6e:ab:d2:58:b0:56:8e:13:b8:b9:63:
         ef:40:ed:e2:8d:e3:15:b2:d2:aa:6c:bc:48:ab:74:62:f7:35:
         d4:5c:78:6c:0f:a4:a5:de:d0:5e:48:e2:02:9d:89:e2:5a:4a:
         d7:bb:ee:bb:c8:31:0e:f8:e1:0e:c5:60:9a:db:d2:4b:59:87:
         02:8f:a6:b6:e6:50:18:26:53:e4:79:59:a1:80:79:34:7e:af:
         75:b0:c0:88:63:9a:a8:5d:93:19:de:f5:22:d8:66:ba:24:eb:
         80:0b:62:56:d9:7d:bb:29:44:3e:b2:2b:29:ee:2e:d6:75:43:
         ae:36:72:d8:1e:7d:49:3f:b2:42:33:7a:31:bc:c3:8a:ab:22:
         62:83:76:d5:5e:88:e5:78:ca:f1:05:5d:88:7e:58:41:29:5b:
         d3:81:96:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1I3TdApyM/+F5G0X3lSmG7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjYwNDAxMTE0NTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmZlNzgxOTVmYmVjNjQzNjE3MmM1OTM1OTFlMTJhMzBlY2EwMjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVY1oegTOL02wsgiesmlSAKOGZUD
Qmhq/aTp8BuGwXIq3Vm++GMRV+kk9fU82UT1tVV7yWv1o89JyTNrxMxstkUggcAh
AyyNmgN83JYMHz51tL3qdhvGjRNmkDdIKD9riGKKc6vf7hXCpj870nxE8MJAOLG2
4sO46LwapJCp/hEBs0TsN/421YLRvPCl0e9jK24l5cvXRX2OoOWn6zAOuDcGKYuD
oyeQHMCRqdx74DsslZwmXmhxELcPWqAp0nfM+3Qh4YCYlklCxcpLIFnCaiPiWi2F
TjDLyXLzYZlk16ynXwDz1rZRg5mYbAFPe+8RF7B9UE+I1zQkh/kY6JVMoQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP/+eBlfvsZDYXLFk1keEqMOygI5MB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvX181NEdWLS14a05oY3NXVFdSNFNvdzdLQWprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBZ1NWAwQA
y8roMA0GCSqGSIb3DQEBCwUAA4IBAQAb/gG0xYPUAqpOWkn5ZF9lVAgzVBETUrnZ
VOAx5Z/H1/rr/uz11wACfPkSw+Sym53XIfZhLsWJJVMbwvXIp3CqiIRuY38Gc6sR
/6cSADg+ei8Iun5vXXPnE6q6Etoin6MRbqvSWLBWjhO4uWPvQO3ijeMVstKqbLxI
q3Ri9zXUXHhsD6Sl3tBeSOICnYniWkrXu+67yDEO+OEOxWCa29JLWYcCj6a25lAY
JlPkeVmhgHk0fq91sMCIY5qoXZMZ3vUi2Ga6JOuAC2JW2X27KUQ+sisp7i7WdUOu
NnLYHn1JP7JCM3oxvMOKqyJig3bVXojleMrxBV2IflhBKVvTgZbc
-----END CERTIFICATE-----