Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/HdVVZLbcoOAO4PiWc-obCuKDmNE.roa
File:                     HdVVZLbcoOAO4PiWc-obCuKDmNE.roa (raw, json)
Hash identifier:          XU01kOa7ngfXBMm0kjCiqgIm2wt2KRZaYU+QR9KHP7o=
Subject key identifier:   1D:D5:55:64:B6:DC:A0:E0:0E:E0:F8:96:73:EA:1B:0A:E2:83:98:D1
Certificate issuer:       /CN=5e400ac2396ae228d2b2e56f4b06739969379e44
Certificate serial:       0197A2A436BB27120CC0978E6A2521B69F7A
Authority key identifier: 5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/HdVVZLbcoOAO4PiWc-obCuKDmNE.roa
Signing time:             Tue 24 Jun 2025 15:52:40 +0000
ROA not before:           Tue 24 Jun 2025 15:52:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     134187
IP address blocks:        103.57.156.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a2:a4:36:bb:27:12:0c:c0:97:8e:6a:25:21:b6:9f:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e400ac2396ae228d2b2e56f4b06739969379e44
        Validity
            Not Before: Jun 24 15:52:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1dd55564b6dca0e00ee0f89673ea1b0ae28398d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:05:be:98:25:49:42:36:6b:76:10:03:33:35:
                    9f:0c:ae:b8:3b:a2:7e:3e:06:4b:ee:82:82:64:6b:
                    d6:d9:bb:7c:90:75:f8:2d:b1:90:eb:33:51:3c:4b:
                    b8:9f:13:7a:2c:92:6d:be:68:14:0b:d1:e8:ff:e7:
                    6e:3b:55:46:9e:34:09:a0:e2:3a:f4:78:80:49:47:
                    f9:9e:95:8a:06:6c:a5:33:18:9e:ad:be:bb:b1:9d:
                    c9:70:27:62:38:ae:32:b5:f4:d0:5a:2a:32:75:b2:
                    a5:e7:f0:7d:6e:71:73:78:6f:4a:84:57:83:a8:9f:
                    5d:af:4f:c3:aa:1e:93:20:94:e2:94:44:a1:f8:48:
                    47:2d:c9:55:e0:64:da:bf:05:42:1f:84:1b:85:fb:
                    a4:32:9b:e0:2c:32:8b:32:83:63:5b:83:a9:bf:21:
                    ce:12:c6:67:5d:0f:34:74:1c:3e:95:3a:1f:ea:70:
                    45:c9:4a:e1:29:7c:ff:88:72:d7:4c:fa:f8:26:f4:
                    ed:df:dc:6f:1d:16:1e:f6:57:73:e7:1d:76:52:23:
                    95:1a:fd:c4:aa:c0:c7:48:ac:01:6b:2f:3a:30:f5:
                    a0:4a:47:e7:1d:bf:ce:82:89:02:3d:11:d8:e5:da:
                    3f:ee:6b:c3:a8:cc:52:9b:9d:77:01:8f:b0:37:f7:
                    93:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:D5:55:64:B6:DC:A0:E0:0E:E0:F8:96:73:EA:1B:0A:E2:83:98:D1
            X509v3 Authority Key Identifier:
                keyid:5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/HdVVZLbcoOAO4PiWc-obCuKDmNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.57.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:25:ee:36:eb:49:f0:dc:76:4c:30:98:af:67:d2:a5:ef:ae:
         05:a6:a5:36:8e:32:76:29:04:b5:37:b3:b1:04:7f:1b:8e:ed:
         d0:8e:a7:0b:bc:98:01:12:39:97:b7:44:15:f1:5c:08:40:6d:
         57:49:c8:79:9d:d4:ee:06:8f:15:21:2e:1a:37:d0:64:16:77:
         01:de:ef:0e:5f:ee:b0:fb:6c:25:db:b0:6c:56:74:f5:db:de:
         33:99:4e:b1:54:97:0e:fb:4b:b4:db:1c:e3:d3:44:17:3f:0e:
         69:d4:0a:e1:c3:f3:61:c9:ce:2e:b6:bb:17:2f:05:bd:5b:70:
         84:ac:25:d2:58:76:c9:a8:d2:00:40:4e:11:f9:7b:92:15:ff:
         ce:55:61:0a:c5:1c:50:97:82:9c:c5:1e:47:88:6d:f7:ca:33:
         05:71:eb:d7:48:1d:a8:a3:02:ff:97:27:a9:39:0a:37:71:63:
         66:c4:59:ac:03:b7:d7:9d:45:db:c4:07:73:6b:dd:70:6e:8f:
         dd:64:87:94:0b:d1:ab:aa:44:9a:43:ea:09:b8:4e:83:f9:78:
         eb:b0:57:2e:ea:f3:09:93:5c:a0:92:36:4e:6c:63:b0:2e:2c:
         75:c6:95:74:52:cd:78:32:d2:50:5d:5d:24:1a:5c:2c:3e:ff:
         39:7c:ba:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeipDa7JxIMwJeOaiUhtp96MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNDAwYWMyMzk2YWUyMjhkMmIyZTU2ZjRiMDY3Mzk5Njkz
NzllNDQwHhcNMjUwNjI0MTU1MjQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGQ1NTU2NGI2ZGNhMGUwMGVlMGY4OTY3M2VhMWIwYWUyODM5OGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugW+mCVJQjZrdhADMzWfDK64O6J+
PgZL7oKCZGvW2bt8kHX4LbGQ6zNRPEu4nxN6LJJtvmgUC9Ho/+duO1VGnjQJoOI6
9HiASUf5npWKBmylMxierb67sZ3JcCdiOK4ytfTQWioydbKl5/B9bnFzeG9KhFeD
qJ9dr0/Dqh6TIJTilESh+EhHLclV4GTavwVCH4QbhfukMpvgLDKLMoNjW4OpvyHO
EsZnXQ80dBw+lTof6nBFyUrhKXz/iHLXTPr4JvTt39xvHRYe9ldz5x12UiOVGv3E
qsDHSKwBay86MPWgSkfnHb/OgokCPRHY5do/7mvDqMxSm513AY+wN/eTXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3VVWS23KDgDuD4lnPqGwrig5jRMB8GA1UdIwQY
MBaAFF5ACsI5auIo0rLlb0sGc5lpN55EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYt
ZGZlZDEyZjFhMDFlLzEvSGRWVlpMYmNvT0FPNFBpV2Mtb2JDdUtEbU5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYtZGZlZDEyZjFhMDFl
LzEvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCZzmcMA0G
CSqGSIb3DQEBCwUAA4IBAQAOJe4260nw3HZMMJivZ9Kl764FpqU2jjJ2KQS1N7Ox
BH8bju3QjqcLvJgBEjmXt0QV8VwIQG1XSch5ndTuBo8VIS4aN9BkFncB3u8OX+6w
+2wl27BsVnT1294zmU6xVJcO+0u02xzj00QXPw5p1Arhw/Nhyc4utrsXLwW9W3CE
rCXSWHbJqNIAQE4R+XuSFf/OVWEKxRxQl4KcxR5HiG33yjMFcevXSB2oowL/lyep
OQo3cWNmxFmsA7fXnUXbxAdza91wbo/dZIeUC9GrqkSaQ+oJuE6D+XjrsFcu6vMJ
k1ygkjZObGOwLix1xpV0Us14MtJQXV0kGlwsPv85fLrk
-----END CERTIFICATE-----