Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Z00idMzzzeNtwskZy3d2ruhPfR8.roa
File:                     Z00idMzzzeNtwskZy3d2ruhPfR8.roa (raw, json)
Hash identifier:          pLv1RGp6tq3nchx9A/olQJmw7cxu4qXiVAfx9DrB0u0=
Subject key identifier:   67:4D:22:74:CC:F3:CD:E3:6D:C2:C9:19:CB:77:76:AE:E8:4F:7D:1F
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019D3F7EF506BAB1320FBA30999443C8E5C8
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Z00idMzzzeNtwskZy3d2ruhPfR8.roa
Signing time:             Mon 30 Mar 2026 16:06:17 +0000
ROA not before:           Mon 30 Mar 2026 16:06:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     32878
IP address blocks:        103.41.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3f:7e:f5:06:ba:b1:32:0f:ba:30:99:94:43:c8:e5:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Mar 30 16:06:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=674d2274ccf3cde36dc2c919cb7776aee84f7d1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ee:46:a7:44:64:b5:9b:93:49:b5:d6:34:b4:
                    a3:fe:61:78:a4:63:ac:19:4a:eb:2f:d2:31:e9:3b:
                    b8:36:5a:08:e8:4a:54:42:d5:92:ec:93:36:12:84:
                    f5:83:93:9c:0e:28:8c:ca:de:1d:a5:90:7a:9e:e6:
                    ee:df:e2:18:05:66:e6:3e:ca:8f:9e:9b:ae:46:1d:
                    79:60:07:60:ed:cc:ea:f3:d1:bb:6a:ca:d5:6e:3c:
                    a9:03:ec:55:d7:e4:97:00:7a:df:08:d3:08:f9:06:
                    13:6d:36:ac:5f:b8:04:96:d3:94:33:73:95:53:7b:
                    16:54:1c:78:e8:76:3e:77:2d:e9:e8:ae:23:e6:b3:
                    3f:b4:de:da:77:7f:6c:c8:59:b1:61:29:e7:ac:03:
                    4a:99:f0:20:b2:e9:35:d5:79:8f:f3:0a:17:c2:8c:
                    fc:cb:e5:ff:ee:82:bf:37:3c:36:71:5a:9e:cc:67:
                    79:c7:98:a4:16:7a:3d:6b:e1:ac:00:b4:51:7b:69:
                    90:4e:83:08:93:e5:51:45:9d:c0:10:76:97:5d:8e:
                    36:2a:28:b3:5e:14:d1:89:62:c4:04:32:de:0d:8a:
                    46:8b:99:b4:c6:e9:fa:8b:75:ca:5d:a8:c5:00:a9:
                    c4:19:1f:13:0e:78:67:0d:78:3a:8b:85:c5:9a:8b:
                    df:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:4D:22:74:CC:F3:CD:E3:6D:C2:C9:19:CB:77:76:AE:E8:4F:7D:1F
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Z00idMzzzeNtwskZy3d2ruhPfR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.41.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:52:07:88:3d:80:9e:37:de:e3:a4:53:50:f6:c3:81:1a:57:
         37:63:d6:fd:3c:d4:51:89:3d:a5:48:05:20:fa:93:ff:fa:64:
         72:7c:d4:8b:78:03:e8:90:f1:c9:17:16:ae:48:e7:c7:29:74:
         5f:36:db:33:1d:46:c1:75:5a:a3:68:ff:78:75:99:ec:2f:56:
         c8:9f:31:b7:0a:00:99:80:48:dc:97:c3:9a:f5:c3:c8:f0:d8:
         a6:8d:86:42:54:f7:0d:d5:8c:59:4b:8b:2e:38:e8:29:7a:05:
         ae:02:5c:fd:5c:88:fe:02:55:d2:d2:a9:7b:70:e4:1f:8c:e0:
         4b:11:91:8e:54:80:f4:a5:a6:59:36:81:e9:e3:ed:d3:46:4f:
         3a:a2:23:d9:67:a7:bd:26:4f:0d:00:43:a0:46:2d:20:db:ad:
         da:c2:a7:da:fb:ca:6f:6e:0a:90:7e:fa:2a:7f:64:78:df:77:
         fd:65:c2:33:8e:6c:a1:57:8c:0e:5e:70:a5:13:09:5d:b9:a4:
         ae:ea:b6:0b:d2:67:a6:3c:0a:b6:72:b6:65:01:f4:24:ed:35:
         a3:48:ea:af:20:6c:42:d6:d9:8a:d9:65:2e:f5:d5:db:05:f7:
         46:d7:1f:96:df:ea:9c:6d:7f:ab:88:02:b0:f8:a5:8c:df:df:
         c7:f2:55:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0/fvUGurEyD7owmZRDyOXIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwMzMwMTYwNjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzRkMjI3NGNjZjNjZGUzNmRjMmM5MTljYjc3NzZhZWU4NGY3ZDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhu5Gp0RktZuTSbXWNLSj/mF4pGOs
GUrrL9Ix6Tu4NloI6EpUQtWS7JM2EoT1g5OcDiiMyt4dpZB6nubu3+IYBWbmPsqP
npuuRh15YAdg7czq89G7asrVbjypA+xV1+SXAHrfCNMI+QYTbTasX7gEltOUM3OV
U3sWVBx46HY+dy3p6K4j5rM/tN7ad39syFmxYSnnrANKmfAgsuk11XmP8woXwoz8
y+X/7oK/Nzw2cVqezGd5x5ikFno9a+GsALRRe2mQToMIk+VRRZ3AEHaXXY42Kiiz
XhTRiWLEBDLeDYpGi5m0xun6i3XKXajFAKnEGR8TDnhnDXg6i4XFmovfdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGdNInTM883jbcLJGct3dq7oT30fMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvWjAwaWRNenp6ZU50d3NrWnkzZDJydWhQZlI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZykuMA0G
CSqGSIb3DQEBCwUAA4IBAQDQUgeIPYCeN97jpFNQ9sOBGlc3Y9b9PNRRiT2lSAUg
+pP/+mRyfNSLeAPokPHJFxauSOfHKXRfNtszHUbBdVqjaP94dZnsL1bInzG3CgCZ
gEjcl8Oa9cPI8NimjYZCVPcN1YxZS4suOOgpegWuAlz9XIj+AlXS0ql7cOQfjOBL
EZGOVID0paZZNoHp4+3TRk86oiPZZ6e9Jk8NAEOgRi0g263awqfa+8pvbgqQfvoq
f2R433f9ZcIzjmyhV4wOXnClEwlduaSu6rYL0memPAq2crZlAfQk7TWjSOqvIGxC
1tmK2WUu9dXbBfdG1x+W3+qcbX+riAKw+KWM39/H8lWz
-----END CERTIFICATE-----