Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/3h1CXl7HYMWmLGwBh3ONd5rS3hc.roa
File:                     3h1CXl7HYMWmLGwBh3ONd5rS3hc.roa (raw, json)
Hash identifier:          Xuejav4fss+XVZMTSOqx2d21V8VUJ6E3micJYPsKn7s=
Subject key identifier:   DE:1D:42:5E:5E:C7:60:C5:A6:2C:6C:01:87:73:8D:77:9A:D2:DE:17
Certificate issuer:       /CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Certificate serial:       019C571840B3BDD8D51647D8C06AAF25F5CE
Authority key identifier: 5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/3h1CXl7HYMWmLGwBh3ONd5rS3hc.roa
Signing time:             Fri 13 Feb 2026 13:02:13 +0000
ROA not before:           Fri 13 Feb 2026 13:02:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        110.172.189.0/24 maxlen: 24
                          114.69.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 16:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:57:18:40:b3:bd:d8:d5:16:47:d8:c0:6a:af:25:f5:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
        Validity
            Not Before: Feb 13 13:02:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de1d425e5ec760c5a62c6c0187738d779ad2de17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:66:4d:2e:c6:68:0b:da:46:1a:97:a7:dc:2c:
                    95:cb:8d:48:e2:53:53:56:d5:d8:a1:ed:9a:fc:b0:
                    a2:b6:ab:c3:aa:d1:08:11:4f:de:86:c0:0e:34:e1:
                    f4:8f:11:1f:aa:23:da:f4:2e:6c:93:c5:82:8c:2e:
                    c5:1b:47:c7:1b:67:06:c2:8b:48:53:2e:18:51:3a:
                    b7:1a:31:72:02:9e:05:a6:03:2f:b6:5e:f8:4a:1c:
                    2a:ae:5a:2f:bb:ec:50:60:13:b3:72:be:82:2e:f7:
                    2f:c0:1e:4a:5a:f2:0f:a5:33:e3:a8:1c:f9:4a:67:
                    d0:65:26:95:af:34:c7:5b:ac:9d:a8:7f:31:ca:30:
                    75:03:29:42:99:ac:6d:30:75:97:29:c7:e8:81:a2:
                    9e:7b:64:11:b9:4d:78:2a:90:67:3d:e9:77:08:27:
                    c5:73:e9:95:1b:08:31:14:a4:f7:d0:f7:d6:53:5f:
                    0f:4e:01:2b:57:69:2c:95:e2:3c:93:33:9c:59:4e:
                    d6:da:5e:e5:6f:97:3e:b9:7d:ae:4c:3c:02:18:eb:
                    5e:ad:71:88:82:c3:26:39:ba:01:7f:16:bd:7a:5b:
                    97:a2:9b:91:f9:06:f1:f0:19:74:fc:3c:ec:90:fa:
                    01:df:49:36:e1:67:08:c0:db:1e:ee:7e:57:ab:eb:
                    8c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:1D:42:5E:5E:C7:60:C5:A6:2C:6C:01:87:73:8D:77:9A:D2:DE:17
            X509v3 Authority Key Identifier:
                keyid:5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/3h1CXl7HYMWmLGwBh3ONd5rS3hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  110.172.189.0/24
                  114.69.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:86:03:e7:4f:ec:27:60:89:b0:80:1c:f6:4b:c7:ba:6f:c4:
         f5:37:b5:cb:d1:8c:d8:59:8f:c4:f0:d7:8d:e1:41:7a:cd:a0:
         7b:46:a2:10:c4:2e:3d:79:7e:39:cf:b8:3f:b8:5c:66:e8:1b:
         8c:b4:c7:e4:37:dd:a4:52:25:32:55:01:bb:ca:bb:63:7c:08:
         d9:f5:a0:42:ee:f7:06:5a:3c:95:a4:af:d2:6e:ca:9f:00:da:
         cb:1f:42:ea:11:aa:5f:6b:5d:5d:17:59:4b:f7:3e:c6:82:b0:
         0f:ea:9e:43:96:1f:89:c5:f1:ab:48:5f:07:1c:f7:08:81:34:
         d7:a9:55:7b:b4:f4:e1:7f:0a:44:d6:8b:bb:7b:7e:b1:42:e6:
         07:24:88:02:04:6c:19:a5:0c:a1:b1:62:ab:19:be:0b:71:c1:
         52:3b:ff:9a:dd:bd:fb:5b:6a:84:97:1b:bd:fc:92:f9:2d:f2:
         85:f5:d7:e7:ca:86:cf:13:ce:d1:f9:a6:4a:84:f3:22:3f:39:
         d2:23:c2:c1:6b:bf:71:6e:d2:4d:43:c5:46:46:45:71:ed:1a:
         9d:0f:48:c9:3f:42:97:ff:1e:3b:90:1b:08:74:5e:41:ac:b1:
         88:38:cf:8c:cb:77:25:d2:7a:10:22:de:23:65:20:75:0f:cc:
         61:09:02:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxXGECzvdjVFkfYwGqvJfXOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZmNmQyOTliY2RlYzczZDEzZjJkODQyZmMxZGY0YmMx
ZWUyZDMwHhcNMjYwMjEzMTMwMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTFkNDI1ZTVlYzc2MGM1YTYyYzZjMDE4NzczOGQ3NzlhZDJkZTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGZNLsZoC9pGGpen3CyVy41I4lNT
VtXYoe2a/LCitqvDqtEIEU/ehsAONOH0jxEfqiPa9C5sk8WCjC7FG0fHG2cGwotI
Uy4YUTq3GjFyAp4FpgMvtl74Shwqrlovu+xQYBOzcr6CLvcvwB5KWvIPpTPjqBz5
SmfQZSaVrzTHW6ydqH8xyjB1AylCmaxtMHWXKcfogaKee2QRuU14KpBnPel3CCfF
c+mVGwgxFKT30PfWU18PTgErV2ksleI8kzOcWU7W2l7lb5c+uX2uTDwCGOterXGI
gsMmOboBfxa9eluXopuR+Qbx8Bl0/DzskPoB30k24WcIwNse7n5Xq+uMqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN4dQl5ex2DFpixsAYdzjXea0t4XMB8GA1UdIwQY
MBaAFF3W9tKZvN7HPRPy2EL8HfS8HuLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYt
NTFmNWZmODFjMTE3LzEvM2gxQ1hsN0hZTVdtTEd3QmgzT05kNXJTM2hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYtNTFmNWZmODFjMTE3
LzEvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbqy9AwQA
ckX3MA0GCSqGSIb3DQEBCwUAA4IBAQBFhgPnT+wnYImwgBz2S8e6b8T1N7XL0YzY
WY/E8NeN4UF6zaB7RqIQxC49eX45z7g/uFxm6BuMtMfkN92kUiUyVQG7yrtjfAjZ
9aBC7vcGWjyVpK/SbsqfANrLH0LqEapfa11dF1lL9z7GgrAP6p5Dlh+JxfGrSF8H
HPcIgTTXqVV7tPThfwpE1ou7e36xQuYHJIgCBGwZpQyhsWKrGb4LccFSO/+a3b37
W2qElxu9/JL5LfKF9dfnyobPE87R+aZKhPMiPznSI8LBa79xbtJNQ8VGRkVx7Rqd
D0jJP0KX/x47kBsIdF5BrLGIOM+My3cl0noQIt4jZSB1D8xhCQIa
-----END CERTIFICATE-----