Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/qSsdOVDvVk9dzjtjF67bWyrqUqM.roa
File:                     qSsdOVDvVk9dzjtjF67bWyrqUqM.roa (raw, json)
Hash identifier:          +xPvSPda1P1lRUIf06W61oEmqYg+aLKmkGtmdPFHrLc=
Subject key identifier:   A9:2B:1D:39:50:EF:56:4F:5D:CE:3B:63:17:AE:DB:5B:2A:EA:52:A3
Certificate issuer:       /CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
Certificate serial:       019D95ED764F740B36617A121311100DCDDF
Authority key identifier: B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/qSsdOVDvVk9dzjtjF67bWyrqUqM.roa
Signing time:             Thu 16 Apr 2026 10:54:20 +0000
ROA not before:           Thu 16 Apr 2026 10:54:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58026
IP address blocks:        103.124.182.0/23 maxlen: 23
                          103.250.174.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 13:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:95:ed:76:4f:74:0b:36:61:7a:12:13:11:10:0d:cd:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
        Validity
            Not Before: Apr 16 10:54:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a92b1d3950ef564f5dce3b6317aedb5b2aea52a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:fb:f1:fc:cc:d7:30:41:72:76:d7:13:b1:3f:
                    94:64:ff:e9:ef:26:c1:0e:8a:c5:73:dc:77:cc:50:
                    1c:7b:1d:af:9c:24:40:22:20:e7:8b:e5:5e:ab:b9:
                    95:d0:6d:88:0e:8c:e9:8d:bb:fb:93:61:9f:e8:d4:
                    5b:ae:b7:63:75:7c:5b:a9:8e:71:80:38:02:14:62:
                    1e:a3:8d:cc:b4:53:b8:5b:ce:6a:35:15:d0:f2:c0:
                    a3:8c:8b:54:9b:d4:7d:89:ff:e5:7d:87:56:67:ef:
                    4d:77:4d:42:56:2f:b8:13:c2:0d:4b:45:ae:00:4b:
                    9a:20:6d:8a:7a:68:43:60:d0:0c:5e:73:9d:9a:79:
                    3d:75:65:58:63:17:d3:2b:0c:3d:d6:94:69:e6:4f:
                    b4:38:e7:5a:00:d6:d6:74:f4:dd:8b:59:e6:d4:5c:
                    ba:67:39:36:d4:d0:2e:66:94:89:cc:c4:6c:3d:96:
                    e9:87:05:7c:45:89:41:ea:67:ff:08:9a:c9:9c:63:
                    26:63:b3:a4:93:ca:e7:9f:a6:05:3d:58:69:0c:0b:
                    2b:cf:58:40:7f:a1:8e:31:dd:32:01:07:ca:14:3a:
                    6d:89:b6:ac:cf:e8:99:1d:df:c1:ae:d6:8a:4c:bc:
                    4d:96:9c:b4:08:e0:af:58:bc:2f:f7:59:e6:1e:f2:
                    cc:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:2B:1D:39:50:EF:56:4F:5D:CE:3B:63:17:AE:DB:5B:2A:EA:52:A3
            X509v3 Authority Key Identifier:
                keyid:B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/qSsdOVDvVk9dzjtjF67bWyrqUqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.124.182.0/23
                  103.250.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:01:4b:95:dd:b2:e9:c6:ab:75:8a:ee:02:ec:ac:7a:c7:a6:
         f7:06:9f:9a:73:20:2b:35:e2:3e:3d:1c:6a:f8:a1:0e:63:58:
         76:51:76:fd:f3:61:4d:a5:b2:0e:94:98:56:42:05:9f:e7:6d:
         c4:c3:35:36:e2:dc:fa:d2:17:bf:f3:f3:f5:ef:43:d4:95:ea:
         2c:46:85:c3:6a:f1:82:5f:4b:4e:7f:12:36:26:2b:b0:d2:0c:
         b1:44:37:2a:be:6a:78:a2:a2:07:b5:37:59:ec:69:0b:01:8d:
         0e:42:55:65:c2:b4:09:f7:ec:49:f4:5b:be:cd:05:f8:76:ce:
         82:24:bc:14:c2:68:8b:81:a5:12:84:38:06:85:5e:ee:e7:aa:
         27:90:b7:21:74:11:4f:ba:d1:bb:7f:be:84:eb:3b:7b:30:65:
         be:4c:05:47:da:d1:a3:a6:d4:b4:bf:98:11:42:1d:81:37:a4:
         18:c7:c1:6e:93:d3:8a:ce:74:2a:ef:c2:ed:38:4f:62:28:7b:
         61:2a:70:97:0f:c0:98:36:09:29:25:54:57:da:10:db:0e:47:
         d7:fb:69:b2:cf:0a:45:80:ff:d8:c3:13:87:f4:d9:38:cd:1d:
         c9:9e:8b:5a:9a:81:13:05:48:4e:58:94:bf:d9:3d:08:a4:9f:
         d5:40:2d:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2V7XZPdAs2YXoSExEQDc3fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MDRjYzBlMDM4ZWIwZTY5N2VjNmU3YWU0OWQwMjg2MTQ2
ZTBjMWEwHhcNMjYwNDE2MTA1NDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTJiMWQzOTUwZWY1NjRmNWRjZTNiNjMxN2FlZGI1YjJhZWE1MmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPvx/MzXMEFydtcTsT+UZP/p7ybB
DorFc9x3zFAcex2vnCRAIiDni+Veq7mV0G2IDozpjbv7k2Gf6NRbrrdjdXxbqY5x
gDgCFGIeo43MtFO4W85qNRXQ8sCjjItUm9R9if/lfYdWZ+9Nd01CVi+4E8INS0Wu
AEuaIG2KemhDYNAMXnOdmnk9dWVYYxfTKww91pRp5k+0OOdaANbWdPTdi1nm1Fy6
Zzk21NAuZpSJzMRsPZbphwV8RYlB6mf/CJrJnGMmY7Okk8rnn6YFPVhpDAsrz1hA
f6GOMd0yAQfKFDptibasz+iZHd/BrtaKTLxNlpy0COCvWLwv91nmHvLMoQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKkrHTlQ71ZPXc47Yxeu21sq6lKjMB8GA1UdIwQY
MBaAFLQEzA4DjrDml+xueuSdAoYUbgwaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1Yjkt
ODZhMmYwNjdiNGU4LzEvcVNzZE9WRHZWazlkemp0akY2N2JXeXJxVXFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1YjktODZhMmYwNjdiNGU4
LzEvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBZ3y2AwQB
Z/quMA0GCSqGSIb3DQEBCwUAA4IBAQBcAUuV3bLpxqt1iu4C7Kx6x6b3Bp+acyAr
NeI+PRxq+KEOY1h2UXb982FNpbIOlJhWQgWf523EwzU24tz60he/8/P170PUleos
RoXDavGCX0tOfxI2Jiuw0gyxRDcqvmp4oqIHtTdZ7GkLAY0OQlVlwrQJ9+xJ9Fu+
zQX4ds6CJLwUwmiLgaUShDgGhV7u56onkLchdBFPutG7f76E6zt7MGW+TAVH2tGj
ptS0v5gRQh2BN6QYx8Fuk9OKznQq78LtOE9iKHthKnCXD8CYNgkpJVRX2hDbDkfX
+2myzwpFgP/YwxOH9Nk4zR3JnotamoETBUhOWJS/2T0IpJ/VQC3N
-----END CERTIFICATE-----