Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/a3BxSFXPM40Zuf4ivk8WCKdZEtg.roa
File:                     a3BxSFXPM40Zuf4ivk8WCKdZEtg.roa (raw, json)
Hash identifier:          UANODChkV6K8mEj+HStoBsjFS9gx7cZ5og+NGdDnkws=
Subject key identifier:   6B:70:71:48:55:CF:33:8D:19:B9:FE:22:BE:4F:16:08:A7:59:12:D8
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019D72FF808AA1D0F2ABAF9B15550277ECDF
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/a3BxSFXPM40Zuf4ivk8WCKdZEtg.roa
Signing time:             Thu 09 Apr 2026 16:07:20 +0000
ROA not before:           Thu 09 Apr 2026 16:07:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150293
IP address blocks:        103.41.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:09:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:72:ff:80:8a:a1:d0:f2:ab:af:9b:15:55:02:77:ec:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Apr  9 16:07:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6b70714855cf338d19b9fe22be4f1608a75912d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:12:32:5d:11:a1:4d:d3:29:6d:f7:ae:8c:97:
                    78:61:6a:6f:27:87:32:cf:6e:96:fb:5b:cc:da:3d:
                    cf:f1:10:90:c9:f6:84:27:ad:9b:ee:c2:8f:ed:09:
                    51:81:64:76:a9:2a:e4:d3:41:29:61:bd:fb:5e:14:
                    a2:e6:43:65:c1:e6:80:0a:81:87:a6:ff:d8:30:da:
                    10:7c:92:37:f4:1c:8f:0b:a0:1e:48:e3:83:3e:77:
                    c4:dc:15:28:f4:fd:bf:88:fc:df:57:bb:f7:69:bb:
                    7b:5a:7a:6b:3a:38:af:f0:18:5f:b7:30:94:34:fb:
                    a1:d3:51:ee:d5:a4:ab:ba:70:5d:a9:a1:25:a9:ab:
                    54:74:1e:b5:65:c5:39:c3:08:a0:5b:f3:06:23:cb:
                    30:08:d6:6c:8d:30:57:05:a6:44:50:35:62:63:93:
                    21:e1:e1:fd:e2:f5:c1:78:43:35:21:2d:41:8e:d9:
                    64:34:ae:02:6b:4a:eb:36:f9:7f:13:98:54:38:f5:
                    be:16:85:41:2b:17:9a:69:46:aa:e7:68:2b:f9:98:
                    7d:d9:95:80:02:2a:e3:3d:ec:7a:67:0e:10:b7:4a:
                    f2:97:b5:9d:4c:e0:1e:c3:ed:4e:70:5a:b2:9d:9b:
                    4f:ff:cd:7a:91:b9:41:7e:1f:74:e0:11:40:f3:82:
                    fc:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:70:71:48:55:CF:33:8D:19:B9:FE:22:BE:4F:16:08:A7:59:12:D8
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/a3BxSFXPM40Zuf4ivk8WCKdZEtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.41.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:ee:f1:0a:7c:af:97:ae:0a:2c:aa:80:c9:9b:3f:bd:c5:0e:
         16:1f:da:70:4e:d2:79:4a:bf:e2:65:11:f5:85:b5:cb:f3:e5:
         e1:8c:ce:e7:dc:61:32:cd:34:c2:1c:fe:af:6f:2f:39:2f:31:
         8a:d4:02:1b:e8:d9:39:1e:d1:9d:e1:8c:1b:88:b2:df:c5:6f:
         09:8c:13:2c:d5:ed:73:9a:41:04:f0:40:fe:29:6a:02:11:2e:
         29:e4:ee:83:da:13:e7:35:f2:55:ed:e0:f4:5f:dd:64:aa:6c:
         f7:8c:7e:fd:3a:ca:30:bf:4f:51:65:10:c9:59:56:d5:18:bd:
         4b:0c:55:a2:00:02:55:ec:b3:5a:86:32:ea:43:5f:1b:e4:f6:
         9d:56:f5:d0:36:d2:71:df:bb:cb:df:81:8c:2e:97:67:02:a8:
         8d:5b:c7:3e:89:1d:d9:d0:6d:8c:53:5f:6c:aa:f7:db:3c:d6:
         07:44:67:81:c6:66:7f:6f:d1:a1:35:75:48:d8:8d:4c:57:a9:
         3b:ce:30:d3:29:80:8e:53:e6:8c:5a:62:1a:f0:66:e9:82:b8:
         35:9c:c0:fd:f0:b8:49:cf:32:31:8a:73:60:c1:47:df:fa:21:
         fe:ec:2a:a7:59:c7:b0:ea:b1:db:f9:e7:fb:31:e3:db:bd:83:
         26:36:fa:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1y/4CKodDyq6+bFVUCd+zfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNDA5MTYwNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjcwNzE0ODU1Y2YzMzhkMTliOWZlMjJiZTRmMTYwOGE3NTkxMmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxIyXRGhTdMpbfeujJd4YWpvJ4cy
z26W+1vM2j3P8RCQyfaEJ62b7sKP7QlRgWR2qSrk00EpYb37XhSi5kNlweaACoGH
pv/YMNoQfJI39ByPC6AeSOODPnfE3BUo9P2/iPzfV7v3abt7WnprOjiv8BhftzCU
NPuh01Hu1aSrunBdqaElqatUdB61ZcU5wwigW/MGI8swCNZsjTBXBaZEUDViY5Mh
4eH94vXBeEM1IS1BjtlkNK4Ca0rrNvl/E5hUOPW+FoVBKxeaaUaq52gr+Zh92ZWA
AirjPex6Zw4Qt0ryl7WdTOAew+1OcFqynZtP/816kblBfh904BFA84L8QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGtwcUhVzzONGbn+Ir5PFginWRLYMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvYTNCeFNGWFBNNDBadWY0aXZrOFdDS2RaRXRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZykvMA0G
CSqGSIb3DQEBCwUAA4IBAQA+7vEKfK+XrgosqoDJmz+9xQ4WH9pwTtJ5Sr/iZRH1
hbXL8+XhjM7n3GEyzTTCHP6vby85LzGK1AIb6Nk5HtGd4YwbiLLfxW8JjBMs1e1z
mkEE8ED+KWoCES4p5O6D2hPnNfJV7eD0X91kqmz3jH79Osowv09RZRDJWVbVGL1L
DFWiAAJV7LNahjLqQ18b5PadVvXQNtJx37vL34GMLpdnAqiNW8c+iR3Z0G2MU19s
qvfbPNYHRGeBxmZ/b9GhNXVI2I1MV6k7zjDTKYCOU+aMWmIa8Gbpgrg1nMD98LhJ
zzIxinNgwUff+iH+7CqnWcew6rHb+ef7MePbvYMmNvqB
-----END CERTIFICATE-----