Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/umezidv-FWVd5BONx0eQ2df3GDk.roa
File:                     umezidv-FWVd5BONx0eQ2df3GDk.roa (raw, json)
Hash identifier:          F8spCI/zm7IIZKjgLnCLJLeEJHfa5Hi34ZAZHQ3nTyk=
Subject key identifier:   BA:67:B3:89:DB:FE:15:65:5D:E4:13:8D:C7:47:90:D9:D7:F7:18:39
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       019847C9D107AC17F6B07C272F28D8DA04CE
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/umezidv-FWVd5BONx0eQ2df3GDk.roa
Signing time:             Sat 26 Jul 2025 17:31:05 +0000
ROA not before:           Sat 26 Jul 2025 17:31:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15731
IP address blocks:        103.102.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:47:c9:d1:07:ac:17:f6:b0:7c:27:2f:28:d8:da:04:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: Jul 26 17:31:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba67b389dbfe15655de4138dc74790d9d7f71839
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:4e:19:9b:10:a2:2c:f8:8a:d2:8c:d3:5d:bb:
                    51:28:fe:1d:be:99:7b:69:ac:29:7c:ce:18:10:d3:
                    5a:7c:6a:33:03:6a:e0:06:87:5f:d5:88:62:21:47:
                    72:f3:fe:db:93:49:3d:69:90:58:40:69:4b:5b:8b:
                    02:21:ae:84:43:ed:df:af:34:96:ed:f9:68:e6:5a:
                    a8:c0:6d:b4:b8:d3:25:69:4b:1d:25:14:93:1a:2c:
                    ad:3b:86:b9:c7:84:0b:5c:cd:14:29:fb:91:10:86:
                    4c:21:ba:e3:12:08:6f:be:ea:27:56:89:8c:6a:05:
                    63:ae:05:b7:43:b8:9c:da:de:5b:69:ec:ed:3d:e5:
                    9d:52:50:f1:65:91:d2:0c:d9:c8:37:c8:cf:a5:57:
                    b0:f5:26:b1:ba:4a:1b:fc:bc:c8:39:16:fe:75:9c:
                    bf:2b:2d:37:9e:51:f4:12:ea:05:b5:b3:90:d7:76:
                    79:42:ba:ba:ec:d8:ab:52:59:2c:d9:17:8b:fb:b9:
                    91:a1:01:ee:0f:dc:8c:ce:76:4f:e0:5c:d7:03:e5:
                    1d:80:7e:ba:18:07:d0:6c:5d:15:d6:58:57:ef:da:
                    83:14:28:55:38:3f:95:d8:dc:5e:22:6a:a8:24:b8:
                    80:87:af:21:d0:3d:8c:94:dc:fe:5b:85:34:1e:83:
                    53:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:67:B3:89:DB:FE:15:65:5D:E4:13:8D:C7:47:90:D9:D7:F7:18:39
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/umezidv-FWVd5BONx0eQ2df3GDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.102.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:e7:2f:34:9d:a6:2e:b5:b9:31:c1:4d:27:44:f7:a9:9d:65:
         9d:d7:90:ed:6c:38:87:ed:ae:12:71:fb:40:00:02:d1:97:b7:
         14:16:6e:89:ba:0a:b0:c7:bb:59:ba:76:f3:5e:94:a5:cf:dc:
         34:c6:e2:8b:d7:01:18:d4:dc:9f:5d:fc:33:aa:4e:bc:01:cb:
         ce:8a:aa:e9:ba:9c:48:c5:1f:f0:98:d1:3b:33:cd:21:c7:ae:
         60:46:e4:16:96:6e:02:94:ad:dd:8d:70:d8:e3:e5:83:7a:1b:
         7d:23:b4:2b:44:8d:db:25:12:1c:24:20:4a:73:15:a2:e1:49:
         44:b6:ad:2e:be:17:c0:a3:4c:d2:9f:25:6f:28:96:58:3a:fe:
         cb:f7:b2:1a:6e:4e:7d:0b:6a:9f:2b:c9:c1:0b:2e:82:f0:24:
         f3:6f:a8:96:17:b9:0e:51:b9:2f:de:0a:3c:f6:43:5e:c9:4c:
         54:15:94:5e:d1:3d:5a:5c:02:93:60:9e:27:83:60:06:2a:9a:
         71:29:ca:9d:44:37:d0:88:ed:70:a1:5f:f2:a9:33:3b:21:d5:
         36:f0:7c:6f:bd:99:fd:78:ea:7b:1d:9d:a3:41:11:cb:06:00:
         03:73:ce:cb:86:47:37:6d:a1:d5:14:3b:f5:08:bb:f0:de:f0:
         cb:d8:47:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhHydEHrBf2sHwnLyjY2gTOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjUwNzI2MTczMTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTY3YjM4OWRiZmUxNTY1NWRlNDEzOGRjNzQ3OTBkOWQ3ZjcxODM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApE4ZmxCiLPiK0ozTXbtRKP4dvpl7
aawpfM4YENNafGozA2rgBodf1YhiIUdy8/7bk0k9aZBYQGlLW4sCIa6EQ+3frzSW
7flo5lqowG20uNMlaUsdJRSTGiytO4a5x4QLXM0UKfuREIZMIbrjEghvvuonVomM
agVjrgW3Q7ic2t5baeztPeWdUlDxZZHSDNnIN8jPpVew9Saxukob/LzIORb+dZy/
Ky03nlH0EuoFtbOQ13Z5Qrq67NirUlks2ReL+7mRoQHuD9yMznZP4FzXA+UdgH66
GAfQbF0V1lhX79qDFChVOD+V2NxeImqoJLiAh68h0D2MlNz+W4U0HoNTtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLpns4nb/hVlXeQTjcdHkNnX9xg5MB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEvdW1lemlkdi1GV1ZkNUJPTngwZVEyZGYzR0RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ2bnMA0G
CSqGSIb3DQEBCwUAA4IBAQAj5y80naYutbkxwU0nRPepnWWd15DtbDiH7a4ScftA
AALRl7cUFm6Jugqwx7tZunbzXpSlz9w0xuKL1wEY1NyfXfwzqk68AcvOiqrpupxI
xR/wmNE7M80hx65gRuQWlm4ClK3djXDY4+WDeht9I7QrRI3bJRIcJCBKcxWi4UlE
tq0uvhfAo0zSnyVvKJZYOv7L97Iabk59C2qfK8nBCy6C8CTzb6iWF7kOUbkv3go8
9kNeyUxUFZRe0T1aXAKTYJ4ng2AGKppxKcqdRDfQiO1woV/yqTM7IdU28HxvvZn9
eOp7HZ2jQRHLBgADc87Lhkc3baHVFDv1CLvw3vDL2Edx
-----END CERTIFICATE-----