Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/p0xdhHr0roXDd6oupdqUcXMXWms.roa
File:                     p0xdhHr0roXDd6oupdqUcXMXWms.roa (raw, json)
Hash identifier:          sL4BoHp86yvgjVMcj57vrdvcVN9/fnlAKAbKMSX1PRs=
Subject key identifier:   A7:4C:5D:84:7A:F4:AE:85:C3:77:AA:2E:A5:DA:94:71:73:17:5A:6B
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019A4DA13B60F28FCA6E282D0800A95F4844
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/p0xdhHr0roXDd6oupdqUcXMXWms.roa
Signing time:             Tue 04 Nov 2025 06:50:03 +0000
ROA not before:           Tue 04 Nov 2025 06:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213711
IP address blocks:        103.110.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 15:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4d:a1:3b:60:f2:8f:ca:6e:28:2d:08:00:a9:5f:48:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Nov  4 06:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a74c5d847af4ae85c377aa2ea5da947173175a6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:a8:22:0f:36:09:f4:75:3c:8b:38:88:f8:be:
                    05:45:c5:43:6e:de:53:6f:f0:2c:fd:6b:2e:56:d6:
                    1d:ef:54:2f:36:a5:bb:eb:fe:da:62:6b:ef:6c:81:
                    aa:9d:dc:87:19:b3:73:11:1d:d4:03:7e:25:a0:d9:
                    62:32:de:23:05:dc:b9:33:de:2e:80:ab:3a:cf:9a:
                    f8:e2:fc:39:cc:70:5e:e3:ca:5e:cd:ec:30:de:a1:
                    fe:df:dd:df:79:7b:8d:32:1f:1b:fb:84:7d:51:07:
                    82:16:c9:bf:e4:ed:41:5c:7b:09:98:7e:3d:75:61:
                    13:3c:8d:76:b5:41:26:a5:4a:78:f8:49:ba:26:d0:
                    2d:da:cc:f7:53:29:58:45:60:b9:91:0b:90:9b:57:
                    fe:4b:5f:4a:33:ef:15:45:ff:3d:01:d1:28:d8:a4:
                    6c:21:a8:e9:20:51:d4:7d:f1:35:4d:c3:27:c0:a0:
                    6c:7b:93:b2:76:f5:1e:ac:41:c8:b9:a8:90:b2:58:
                    7b:e2:64:cb:4a:6b:23:c1:ee:36:06:58:ed:7b:19:
                    ad:47:7f:6e:53:c4:62:c2:bc:9e:50:31:b3:40:fa:
                    39:09:80:be:02:16:52:11:5a:5a:86:96:0f:f0:3c:
                    f1:a6:24:34:24:11:57:6e:3f:ef:9c:ab:b7:a1:63:
                    fb:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:4C:5D:84:7A:F4:AE:85:C3:77:AA:2E:A5:DA:94:71:73:17:5A:6B
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/p0xdhHr0roXDd6oupdqUcXMXWms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.110.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:5d:05:0d:ed:36:48:42:f6:18:5c:17:a6:61:ac:10:30:e2:
         d8:2e:bc:aa:2c:4e:be:38:92:f7:b0:60:ed:1d:5b:49:61:4e:
         ef:b9:72:32:1a:7b:9a:15:9a:97:51:15:7a:9e:af:18:7b:f8:
         c9:59:2d:94:e4:1a:7f:d3:77:1b:8c:f6:80:9f:83:20:34:77:
         00:3c:72:37:3b:19:49:9e:c1:84:11:02:ca:10:3b:a1:75:30:
         e1:72:b0:63:ec:ab:74:1c:a8:b0:0b:e8:da:bb:1f:78:38:ea:
         58:89:5d:a4:0d:60:74:3d:cd:5b:ed:fc:f0:a6:77:41:39:fb:
         cd:a2:db:f2:6a:85:58:fc:90:1e:2b:ca:55:30:fc:e8:6d:57:
         0d:78:90:f5:7b:75:17:be:e3:c5:2f:00:91:ac:09:1b:a9:57:
         77:76:df:ff:27:ed:a5:27:8e:db:29:ee:c7:c8:d4:cf:e3:bc:
         d2:b7:e1:cc:e1:2d:b6:5c:23:82:66:d8:0b:f8:d7:4a:0f:00:
         82:8b:19:81:55:df:a7:bd:b6:53:88:68:12:80:c2:cb:3d:71:
         42:44:91:f9:35:35:19:7b:31:73:89:fa:d2:4d:e1:01:98:3b:
         b7:e2:72:f7:26:12:4d:61:7b:55:dc:9c:8e:66:a2:ac:fc:66:
         ff:66:3b:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpNoTtg8o/KbigtCACpX0hEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUxMTA0MDY1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzRjNWQ4NDdhZjRhZTg1YzM3N2FhMmVhNWRhOTQ3MTczMTc1YTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1agiDzYJ9HU8iziI+L4FRcVDbt5T
b/As/WsuVtYd71QvNqW76/7aYmvvbIGqndyHGbNzER3UA34loNliMt4jBdy5M94u
gKs6z5r44vw5zHBe48pezeww3qH+393feXuNMh8b+4R9UQeCFsm/5O1BXHsJmH49
dWETPI12tUEmpUp4+Em6JtAt2sz3UylYRWC5kQuQm1f+S19KM+8VRf89AdEo2KRs
IajpIFHUffE1TcMnwKBse5OydvUerEHIuaiQslh74mTLSmsjwe42BljtexmtR39u
U8RiwryeUDGzQPo5CYC+AhZSEVpahpYP8DzxpiQ0JBFXbj/vnKu3oWP7vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdMXYR69K6Fw3eqLqXalHFzF1prMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvcDB4ZGhIcjByb1hEZDZvdXBkcVVjWE1YV21zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ24nMA0G
CSqGSIb3DQEBCwUAA4IBAQAXXQUN7TZIQvYYXBemYawQMOLYLryqLE6+OJL3sGDt
HVtJYU7vuXIyGnuaFZqXURV6nq8Ye/jJWS2U5Bp/03cbjPaAn4MgNHcAPHI3OxlJ
nsGEEQLKEDuhdTDhcrBj7Kt0HKiwC+jaux94OOpYiV2kDWB0Pc1b7fzwpndBOfvN
otvyaoVY/JAeK8pVMPzobVcNeJD1e3UXvuPFLwCRrAkbqVd3dt//J+2lJ47bKe7H
yNTP47zSt+HM4S22XCOCZtgL+NdKDwCCixmBVd+nvbZTiGgSgMLLPXFCRJH5NTUZ
ezFzifrSTeEBmDu34nL3JhJNYXtV3JyOZqKs/Gb/Zjvv
-----END CERTIFICATE-----