Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/rfm_-0reLf7PYtJuEP1buHiDkqo.roa
File:                     rfm_-0reLf7PYtJuEP1buHiDkqo.roa (raw, json)
Hash identifier:          Sj5Ujw/g8ofIjh7PyZ0sM4i+kvY8IKqDptv6WN3btA8=
Subject key identifier:   AD:F9:BF:FB:4A:DE:2D:FE:CF:62:D2:6E:10:FD:5B:B8:78:83:92:AA
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019DFE4AB7BB9C285FD829FF98DD405C3DEE
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/rfm_-0reLf7PYtJuEP1buHiDkqo.roa
Signing time:             Wed 06 May 2026 17:16:42 +0000
ROA not before:           Wed 06 May 2026 17:16:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58061
IP address blocks:        103.101.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fe:4a:b7:bb:9c:28:5f:d8:29:ff:98:dd:40:5c:3d:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: May  6 17:16:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=adf9bffb4ade2dfecf62d26e10fd5bb8788392aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:39:d2:60:27:52:cb:46:e3:f9:ba:dd:6a:2b:
                    55:dc:df:c0:66:7f:4d:23:0d:c1:5d:cf:ef:4a:e6:
                    48:d9:b3:11:31:c0:9c:79:5b:cc:07:d4:50:40:46:
                    62:38:b0:d2:bf:23:ac:28:87:ee:ec:3f:e2:b0:a6:
                    99:a5:69:47:74:c9:c8:49:d2:ad:ff:fe:5b:e9:31:
                    40:15:f1:f5:aa:fd:ea:af:01:7a:22:f8:98:1d:d4:
                    6f:f6:65:f1:cd:f1:f9:62:3e:96:23:fb:fb:f6:1f:
                    4a:f8:57:10:d1:ec:32:af:2e:d5:65:4d:67:2f:c6:
                    bb:54:4d:f3:da:fe:74:86:6d:ed:c8:08:8c:bd:6f:
                    bf:9a:ee:97:96:03:0f:8f:a3:dc:35:dc:93:4c:55:
                    52:a4:f5:19:0a:a1:81:6e:21:ce:9d:8c:30:88:38:
                    a1:2f:38:ae:55:fe:ea:61:02:29:2f:8a:06:26:d4:
                    e3:76:e1:ff:47:25:a9:44:6e:be:0f:a7:77:26:4b:
                    a4:d4:30:9c:f5:99:3c:b5:46:3a:54:11:9c:aa:ce:
                    18:56:10:c9:75:ba:00:d6:ca:20:87:ea:11:a6:66:
                    15:ca:e9:8e:a0:aa:b9:98:f6:49:dd:e1:7a:dc:5d:
                    4d:77:14:66:8b:99:e1:cd:2f:ae:8f:60:00:ee:91:
                    94:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:F9:BF:FB:4A:DE:2D:FE:CF:62:D2:6E:10:FD:5B:B8:78:83:92:AA
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/rfm_-0reLf7PYtJuEP1buHiDkqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.101.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:b1:a5:ab:4a:89:66:d0:72:a2:3c:df:bf:5d:45:05:88:fa:
         16:3b:10:18:fa:35:ce:bc:88:80:9c:8e:ae:6c:66:d7:74:03:
         45:53:06:e2:4b:78:8e:3e:7d:a3:9e:09:28:ec:98:d8:e3:a6:
         78:86:b2:a6:33:42:7c:85:73:76:4a:9d:15:34:cd:e1:3b:5e:
         b1:a1:fd:3c:8e:fb:a7:7f:8d:0c:cb:00:f1:7e:91:05:e6:21:
         44:f8:2a:b6:50:90:70:45:a6:08:4d:82:a4:79:bb:6d:7a:86:
         fb:fd:bd:3c:3a:bf:78:c5:b6:ce:65:ba:8d:68:7d:0d:de:61:
         bc:c5:9f:f0:e2:65:40:88:95:22:8b:72:f0:bd:8f:6b:02:6c:
         f3:61:23:01:51:97:f1:26:ec:a4:1c:9e:e7:ca:80:eb:42:36:
         fa:bf:ff:c2:38:2f:8b:2e:c0:ef:fb:17:ff:e0:f9:fd:92:b7:
         74:77:e3:3e:5e:b6:9d:fe:1a:82:4a:f7:ff:1a:4f:1b:08:16:
         59:7a:6e:b9:28:b8:f6:c0:7d:f4:dd:a3:03:16:f6:4d:91:10:
         d7:c8:10:7d:3e:4a:2b:2c:ef:67:0f:c1:49:31:51:4c:7d:a3:
         50:5b:20:fc:33:e6:85:a4:02:d4:88:13:bd:91:07:87:0b:b3:
         85:9a:2c:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3+Sre7nChf2Cn/mN1AXD3uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjYwNTA2MTcxNjQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGY5YmZmYjRhZGUyZGZlY2Y2MmQyNmUxMGZkNWJiODc4ODM5MmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1TnSYCdSy0bj+brdaitV3N/AZn9N
Iw3BXc/vSuZI2bMRMcCceVvMB9RQQEZiOLDSvyOsKIfu7D/isKaZpWlHdMnISdKt
//5b6TFAFfH1qv3qrwF6IviYHdRv9mXxzfH5Yj6WI/v79h9K+FcQ0ewyry7VZU1n
L8a7VE3z2v50hm3tyAiMvW+/mu6XlgMPj6PcNdyTTFVSpPUZCqGBbiHOnYwwiDih
LziuVf7qYQIpL4oGJtTjduH/RyWpRG6+D6d3Jkuk1DCc9Zk8tUY6VBGcqs4YVhDJ
dboA1sogh+oRpmYVyumOoKq5mPZJ3eF63F1NdxRmi5nhzS+uj2AA7pGU8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK35v/tK3i3+z2LSbhD9W7h4g5KqMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvcmZtXy0wcmVMZjdQWXRKdUVQMWJ1SGlEa3FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ2VWMA0G
CSqGSIb3DQEBCwUAA4IBAQAlsaWrSolm0HKiPN+/XUUFiPoWOxAY+jXOvIiAnI6u
bGbXdANFUwbiS3iOPn2jngko7JjY46Z4hrKmM0J8hXN2Sp0VNM3hO16xof08jvun
f40MywDxfpEF5iFE+Cq2UJBwRaYITYKkebtteob7/b08Or94xbbOZbqNaH0N3mG8
xZ/w4mVAiJUii3LwvY9rAmzzYSMBUZfxJuykHJ7nyoDrQjb6v//COC+LLsDv+xf/
4Pn9krd0d+M+Xrad/hqCSvf/Gk8bCBZZem65KLj2wH303aMDFvZNkRDXyBB9Pkor
LO9nD8FJMVFMfaNQWyD8M+aFpALUiBO9kQeHC7OFmiyg
-----END CERTIFICATE-----