Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/04ab46-83f3-415b-883a-c7c326d7a364/1/iSvukQiHuclGtd8pfRMbiEnBLFw.roa
File:                     iSvukQiHuclGtd8pfRMbiEnBLFw.roa (raw, json)
Hash identifier:          vbZa2xzxuysE29r0DoXtqTPn6Mvw10H9Gc8C3jS/Yw8=
Subject key identifier:   89:2B:EE:91:08:87:B9:C9:46:B5:DF:29:7D:13:1B:88:49:C1:2C:5C
Certificate issuer:       /CN=a4932fa49564a576a6143e45f815668f200d7637
Certificate serial:       01992D1F3602CF47620A0718A65D69FB1C8A
Authority key identifier: A4:93:2F:A4:95:64:A5:76:A6:14:3E:45:F8:15:66:8F:20:0D:76:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJMvpJVkpXamFD5F-BVmjyANdjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/04ab46-83f3-415b-883a-c7c326d7a364/1/iSvukQiHuclGtd8pfRMbiEnBLFw.roa
Signing time:             Tue 09 Sep 2025 06:17:24 +0000
ROA not before:           Tue 09 Sep 2025 06:17:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200366
IP address blocks:        31.193.190.0/24 maxlen: 24
                          103.76.166.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/04ab46-83f3-415b-883a-c7c326d7a364/1/pJMvpJVkpXamFD5F-BVmjyANdjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/04ab46-83f3-415b-883a-c7c326d7a364/1/pJMvpJVkpXamFD5F-BVmjyANdjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJMvpJVkpXamFD5F-BVmjyANdjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2d:1f:36:02:cf:47:62:0a:07:18:a6:5d:69:fb:1c:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4932fa49564a576a6143e45f815668f200d7637
        Validity
            Not Before: Sep  9 06:17:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=892bee910887b9c946b5df297d131b8849c12c5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e7:11:17:6c:12:d7:c2:14:4c:e0:d1:c5:d4:
                    0b:df:d1:33:ef:43:96:d5:f2:41:15:7a:45:e1:cd:
                    ab:01:a5:02:74:97:12:49:66:22:6e:72:bd:15:41:
                    e1:61:1e:d5:1e:d7:04:5b:f7:96:33:97:a0:e7:7d:
                    69:b2:91:8b:b0:b1:0a:2f:cc:3f:1c:b4:6d:e7:b3:
                    1e:d3:5c:29:86:1c:5c:33:8c:b9:5c:9c:29:9a:94:
                    73:63:e3:ed:da:f1:6c:37:9f:10:d0:1e:30:8b:1f:
                    2e:65:1a:cc:1b:35:e7:c9:40:5d:86:74:42:9d:1e:
                    d9:1b:f1:24:32:39:22:b7:d3:a9:d1:2f:1c:f9:be:
                    cf:4e:30:64:e4:59:2f:04:59:78:45:37:9f:6e:89:
                    7d:5b:38:2f:79:61:dd:84:69:eb:63:22:53:32:13:
                    5f:a4:d2:ed:32:78:b6:a3:49:ae:e0:0c:66:b8:50:
                    ad:a7:25:20:40:32:e0:8f:6c:4f:0a:6c:2a:e2:78:
                    d9:85:cd:27:a6:ae:5e:ff:fd:8c:04:c6:90:36:69:
                    bd:cf:11:3a:c0:eb:25:69:cf:e5:7f:bd:12:3c:8e:
                    98:53:1d:40:d8:16:1d:b9:9f:3b:dd:dd:5a:48:ee:
                    73:c4:32:a5:37:1f:40:9f:70:b4:7f:a9:7f:09:4e:
                    4e:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:2B:EE:91:08:87:B9:C9:46:B5:DF:29:7D:13:1B:88:49:C1:2C:5C
            X509v3 Authority Key Identifier:
                keyid:A4:93:2F:A4:95:64:A5:76:A6:14:3E:45:F8:15:66:8F:20:0D:76:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJMvpJVkpXamFD5F-BVmjyANdjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/04ab46-83f3-415b-883a-c7c326d7a364/1/iSvukQiHuclGtd8pfRMbiEnBLFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/04ab46-83f3-415b-883a-c7c326d7a364/1/pJMvpJVkpXamFD5F-BVmjyANdjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.193.190.0/24
                  103.76.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         08:b3:dd:f2:aa:d4:9f:4f:4e:9c:53:93:c7:b5:0f:c4:d5:6c:
         3c:e5:d0:16:76:bf:50:96:bd:d1:ea:d1:6a:54:a4:f2:15:30:
         56:99:b1:de:e8:0d:cd:80:75:42:6b:27:44:f2:f8:a4:f6:fc:
         14:1a:70:09:d9:1d:95:e5:69:76:31:a0:a5:79:20:91:a0:36:
         c9:5b:7d:5b:9e:59:f9:28:eb:d6:bf:3e:fa:04:0e:c6:47:fe:
         c9:6f:8b:44:d1:bd:cc:88:e5:2e:f8:c5:94:3e:49:aa:bc:a4:
         f4:43:71:84:9a:cb:88:d6:7e:0b:d9:e1:70:5b:c1:5f:83:e4:
         e5:70:a5:77:cc:df:94:21:25:a4:40:36:64:93:98:1d:59:37:
         25:9d:79:7f:3c:d0:76:75:83:2b:44:fe:ff:94:d1:2a:62:99:
         d9:56:67:89:61:59:37:89:0f:77:b5:e2:7a:ed:7e:8b:fd:9f:
         0c:f0:ad:6e:52:4f:44:a4:e8:dd:0e:e3:99:18:75:ca:d3:0c:
         0b:2b:33:4a:1e:00:80:59:49:1a:80:f6:49:c6:fa:b8:c7:ab:
         85:91:a0:55:5e:9e:74:c7:15:0d:6b:56:ee:73:af:2f:fc:43:
         d1:8b:c7:15:34:e6:88:de:66:95:87:05:5e:7b:8f:cc:70:84:
         e8:f7:3c:5b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZktHzYCz0diCgcYpl1p+xyKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OTMyZmE0OTU2NGE1NzZhNjE0M2U0NWY4MTU2NjhmMjAw
ZDc2MzcwHhcNMjUwOTA5MDYxNzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTJiZWU5MTA4ODdiOWM5NDZiNWRmMjk3ZDEzMWI4ODQ5YzEyYzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmecRF2wS18IUTODRxdQL39Ez70OW
1fJBFXpF4c2rAaUCdJcSSWYibnK9FUHhYR7VHtcEW/eWM5eg531pspGLsLEKL8w/
HLRt57Me01wphhxcM4y5XJwpmpRzY+Pt2vFsN58Q0B4wix8uZRrMGzXnyUBdhnRC
nR7ZG/EkMjkit9Op0S8c+b7PTjBk5FkvBFl4RTefbol9WzgveWHdhGnrYyJTMhNf
pNLtMni2o0mu4AxmuFCtpyUgQDLgj2xPCmwq4njZhc0npq5e//2MBMaQNmm9zxE6
wOslac/lf70SPI6YUx1A2BYduZ873d1aSO5zxDKlNx9An3C0f6l/CU5OmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIkr7pEIh7nJRrXfKX0TG4hJwSxcMB8GA1UdIwQY
MBaAFKSTL6SVZKV2phQ+RfgVZo8gDXY3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEpNdnBKVmtwWGFtRkQ1Ri1CVm1qeUFOZGpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8wNGFiNDYtODNmMy00MTViLTg4M2Et
YzdjMzI2ZDdhMzY0LzEvaVN2dWtRaUh1Y2xHdGQ4cGZSTWJpRW5CTEZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8wNGFiNDYtODNmMy00MTViLTg4M2EtYzdjMzI2ZDdhMzY0
LzEvcEpNdnBKVmtwWGFtRkQ1Ri1CVm1qeUFOZGpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH8G+AwQB
Z0ymMA0GCSqGSIb3DQEBCwUAA4IBAQAIs93yqtSfT06cU5PHtQ/E1Ww85dAWdr9Q
lr3R6tFqVKTyFTBWmbHe6A3NgHVCaydE8vik9vwUGnAJ2R2V5Wl2MaCleSCRoDbJ
W31bnln5KOvWvz76BA7GR/7Jb4tE0b3MiOUu+MWUPkmqvKT0Q3GEmsuI1n4L2eFw
W8Ffg+TlcKV3zN+UISWkQDZkk5gdWTclnXl/PNB2dYMrRP7/lNEqYpnZVmeJYVk3
iQ93teJ67X6L/Z8M8K1uUk9EpOjdDuOZGHXK0wwLKzNKHgCAWUkagPZJxvq4x6uF
kaBVXp50xxUNa1buc68v/EPRi8cVNOaI3maVhwVee4/McITo9zxb
-----END CERTIFICATE-----