Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/1Xx5yOqEiQ7w5oHl6pnI_Y99OJs.roa
File:                     1Xx5yOqEiQ7w5oHl6pnI_Y99OJs.roa (raw, json)
Hash identifier:          Qx3nCAa4Beyb+QGxZu/J+rc4mQgVdLQcLRYPOorkMM4=
Subject key identifier:   D5:7C:79:C8:EA:84:89:0E:F0:E6:81:E5:EA:99:C8:FD:8F:7D:38:9B
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       019D2A14C5D4EB6F7D3B5BB0B9874FC9FFBC
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/1Xx5yOqEiQ7w5oHl6pnI_Y99OJs.roa
Signing time:             Thu 26 Mar 2026 12:18:17 +0000
ROA not before:           Thu 26 Mar 2026 12:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207461
IP address blocks:        103.102.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:14:c5:d4:eb:6f:7d:3b:5b:b0:b9:87:4f:c9:ff:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: Mar 26 12:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d57c79c8ea84890ef0e681e5ea99c8fd8f7d389b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f3:99:ce:89:83:88:cc:f2:02:b6:16:92:e1:
                    7b:95:73:40:14:19:1e:89:02:da:24:2d:c0:00:f6:
                    a9:77:10:8a:b8:b2:f9:65:48:d2:9f:47:28:a4:8f:
                    27:21:75:44:4e:1a:b8:66:1e:df:3d:08:72:f5:89:
                    0b:40:9b:91:a6:fa:8b:0d:96:2b:23:35:d1:bf:1d:
                    d2:56:63:90:05:d6:a5:36:85:44:17:ff:a9:89:03:
                    23:5c:cc:e4:d0:fb:a2:26:e5:85:38:1b:b7:ef:1b:
                    3a:5a:3b:ee:f8:0f:7d:7e:20:15:b3:60:b2:33:8a:
                    e9:9a:21:26:20:c0:31:3f:04:c8:b9:58:5d:e2:9d:
                    4e:93:92:8d:bf:0c:0d:02:ad:1b:76:25:6d:68:b7:
                    e7:c6:00:ec:4a:30:e1:6b:f2:57:9c:77:c9:5f:07:
                    31:0a:a4:95:7d:2d:bf:09:48:d5:9f:3a:39:48:5a:
                    a6:ca:d5:de:23:53:09:57:eb:0a:8e:c7:37:3f:2a:
                    51:a6:b9:1f:c1:14:04:ab:f8:67:b7:e1:31:63:d4:
                    ae:eb:42:a9:54:17:3f:6f:de:45:97:2b:2c:b8:44:
                    0b:e0:e0:3b:ba:94:01:e4:54:2a:b9:59:4d:82:8b:
                    8f:b5:ab:8f:a8:a2:d5:35:10:23:99:e9:79:cc:51:
                    ff:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:7C:79:C8:EA:84:89:0E:F0:E6:81:E5:EA:99:C8:FD:8F:7D:38:9B
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/1Xx5yOqEiQ7w5oHl6pnI_Y99OJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.102.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:99:2c:73:f1:38:93:f8:f0:66:d2:6d:1c:76:ae:63:2b:35:
         1d:3d:75:43:cd:85:af:5a:7a:51:59:46:6f:3d:0c:bd:76:fe:
         df:2f:41:fa:00:55:e8:2f:77:96:67:d3:cb:fe:da:31:f3:99:
         d9:d2:7e:6f:ef:f5:43:0e:b5:d6:ae:ca:44:a9:e1:33:8d:49:
         8c:dc:46:66:fd:b8:df:e3:7c:5e:f9:1d:47:15:af:ed:8d:f4:
         b6:7d:5e:68:cf:2f:80:f0:88:bb:1c:07:cd:1e:9b:08:02:d4:
         5b:6a:df:26:b1:fd:b9:af:c9:09:6e:c0:96:98:ff:9b:59:89:
         91:70:16:dc:ed:c4:32:6d:c3:dc:5a:b0:79:9a:41:45:45:ef:
         77:77:b6:86:5c:ae:a9:65:e2:bf:7c:f6:cd:a3:7b:4b:fb:86:
         09:c3:0a:6f:e1:18:22:1d:99:0a:85:66:1d:2f:16:8d:18:aa:
         96:57:8f:40:45:19:55:4e:9a:de:94:f3:e3:ef:76:7b:2d:65:
         d1:2e:17:ad:c1:53:23:be:1f:89:c3:6f:0f:af:29:92:3c:fb:
         75:da:ec:0d:ba:57:3b:c4:3b:03:79:77:4d:05:75:07:09:ef:
         30:19:dc:ee:1e:4a:9b:a5:2e:34:f7:d6:e6:80:d2:e9:03:a1:
         c1:3c:6e:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0qFMXU6299O1uwuYdPyf+8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjYwMzI2MTIxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTdjNzljOGVhODQ4OTBlZjBlNjgxZTVlYTk5YzhmZDhmN2QzODliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/OZzomDiMzyArYWkuF7lXNAFBke
iQLaJC3AAPapdxCKuLL5ZUjSn0copI8nIXVEThq4Zh7fPQhy9YkLQJuRpvqLDZYr
IzXRvx3SVmOQBdalNoVEF/+piQMjXMzk0PuiJuWFOBu37xs6Wjvu+A99fiAVs2Cy
M4rpmiEmIMAxPwTIuVhd4p1Ok5KNvwwNAq0bdiVtaLfnxgDsSjDha/JXnHfJXwcx
CqSVfS2/CUjVnzo5SFqmytXeI1MJV+sKjsc3PypRprkfwRQEq/hnt+ExY9Su60Kp
VBc/b95FlyssuEQL4OA7upQB5FQquVlNgouPtauPqKLVNRAjmel5zFH/OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNV8ecjqhIkO8OaB5eqZyP2PfTibMB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEvMVh4NXlPcUVpUTd3NW9IbDZwbklfWTk5T0pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ2blMA0G
CSqGSIb3DQEBCwUAA4IBAQATmSxz8TiT+PBm0m0cdq5jKzUdPXVDzYWvWnpRWUZv
PQy9dv7fL0H6AFXoL3eWZ9PL/tox85nZ0n5v7/VDDrXWrspEqeEzjUmM3EZm/bjf
43xe+R1HFa/tjfS2fV5ozy+A8Ii7HAfNHpsIAtRbat8msf25r8kJbsCWmP+bWYmR
cBbc7cQybcPcWrB5mkFFRe93d7aGXK6pZeK/fPbNo3tL+4YJwwpv4RgiHZkKhWYd
LxaNGKqWV49ARRlVTprelPPj73Z7LWXRLhetwVMjvh+Jw28PrymSPPt12uwNulc7
xDsDeXdNBXUHCe8wGdzuHkqbpS4099bmgNLpA6HBPG5b
-----END CERTIFICATE-----