Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/9cwRCCrU60-E-VgKBmC1MSI7my0.roa
File:                     9cwRCCrU60-E-VgKBmC1MSI7my0.roa (raw, json)
Hash identifier:          aFXS0GRHCRE/FoBB0jc86qrKoKflec2agZZ6iJFtN7k=
Subject key identifier:   F5:CC:11:08:2A:D4:EB:4F:84:F9:58:0A:06:60:B5:31:22:3B:9B:2D
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       0197B23B08EA0A54CC6C98F3ED173CA7291B
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/9cwRCCrU60-E-VgKBmC1MSI7my0.roa
Signing time:             Fri 27 Jun 2025 16:31:42 +0000
ROA not before:           Fri 27 Jun 2025 16:31:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        103.216.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b2:3b:08:ea:0a:54:cc:6c:98:f3:ed:17:3c:a7:29:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jun 27 16:31:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5cc11082ad4eb4f84f9580a0660b531223b9b2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ea:d1:c6:4c:0e:5f:d0:b5:da:d2:38:05:77:
                    e0:21:b4:c9:e5:3d:60:f1:91:21:00:a1:3a:20:82:
                    ec:7f:5a:5e:69:f1:51:01:01:a6:c0:17:70:63:f2:
                    db:22:c9:4c:1b:5c:ae:55:d4:98:c7:d3:0c:77:c0:
                    53:f9:00:76:3c:49:36:f0:51:2c:72:d6:b8:ef:f4:
                    3a:8a:38:ff:5b:d9:b3:2e:30:52:f2:c6:51:ef:98:
                    9b:7e:ea:e4:d9:6c:cc:49:7a:93:53:3f:2c:31:f5:
                    18:69:f6:b2:51:7d:37:96:1a:b8:e2:87:5f:bc:ef:
                    3b:78:52:1c:7d:cd:52:ad:ce:92:a1:61:15:b1:63:
                    02:bf:e2:89:14:4f:ea:e6:25:50:50:ce:08:ae:ec:
                    f7:e8:67:be:38:54:9f:a2:0e:61:2c:6d:07:1b:bb:
                    b8:1e:8e:66:9c:15:44:39:14:fa:e1:aa:62:60:98:
                    32:50:2b:ac:20:d6:f6:64:b3:92:21:1e:ed:6e:ad:
                    b1:f1:84:f1:a1:42:77:00:25:26:5e:98:29:85:eb:
                    26:24:87:f2:3f:95:2f:c2:13:f1:92:31:da:b4:b4:
                    fe:e0:04:68:05:35:8a:4d:d0:72:14:72:48:a2:fd:
                    69:35:94:2a:31:bc:fb:d1:3d:d0:11:b5:c1:62:6d:
                    49:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:CC:11:08:2A:D4:EB:4F:84:F9:58:0A:06:60:B5:31:22:3B:9B:2D
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/9cwRCCrU60-E-VgKBmC1MSI7my0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.216.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:b3:01:ad:3b:b6:21:0b:b0:b9:03:62:b4:ef:d3:64:15:31:
         14:22:ce:e6:59:90:10:18:86:a4:44:f5:06:5f:56:1d:7a:3f:
         f5:54:33:5e:22:94:c7:9e:a6:e5:af:45:2b:ec:21:f3:b5:d1:
         c4:2a:c2:fc:ce:1c:37:99:c2:22:3e:0c:7e:5d:34:7e:22:bb:
         49:c1:8c:30:14:97:62:c0:ee:26:e1:86:7d:b2:7c:1b:e5:1a:
         98:82:29:6e:27:e9:45:3b:78:62:66:e9:1b:ad:3a:6f:22:21:
         c6:c4:ae:d5:e6:50:08:c1:8f:c8:a9:70:32:22:36:fe:29:20:
         e9:49:f0:66:91:9c:ea:99:b8:07:83:55:81:29:28:f7:47:7c:
         76:99:10:fa:ad:f0:21:8f:f7:ef:6e:25:68:50:71:53:ac:fe:
         df:91:10:b9:d6:a8:d3:c2:7a:77:e4:ae:f0:70:07:b7:80:3e:
         19:96:ae:f5:b1:c4:24:92:fa:04:3e:02:80:5e:c0:9b:62:dd:
         28:cd:4c:8e:6b:c7:7b:9e:37:c1:cc:cc:87:92:49:95:0c:b5:
         83:2e:9c:ff:45:41:df:d1:93:2f:1f:a2:17:7d:1e:c9:91:34:
         20:5c:27:17:e9:e4:65:d1:38:67:4d:fc:c9:31:a0:c3:f0:cb:
         1f:db:c4:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeyOwjqClTMbJjz7Rc8pykbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwNjI3MTYzMTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWNjMTEwODJhZDRlYjRmODRmOTU4MGEwNjYwYjUzMTIyM2I5YjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArerRxkwOX9C12tI4BXfgIbTJ5T1g
8ZEhAKE6IILsf1peafFRAQGmwBdwY/LbIslMG1yuVdSYx9MMd8BT+QB2PEk28FEs
cta47/Q6ijj/W9mzLjBS8sZR75ibfurk2WzMSXqTUz8sMfUYafayUX03lhq44odf
vO87eFIcfc1Src6SoWEVsWMCv+KJFE/q5iVQUM4Iruz36Ge+OFSfog5hLG0HG7u4
Ho5mnBVEORT64apiYJgyUCusINb2ZLOSIR7tbq2x8YTxoUJ3ACUmXpgphesmJIfy
P5UvwhPxkjHatLT+4ARoBTWKTdByFHJIov1pNZQqMbz70T3QEbXBYm1JvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPXMEQgq1OtPhPlYCgZgtTEiO5stMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvOWN3UkNDclU2MC1FLVZnS0JtQzFNU0k3bXkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ9itMA0G
CSqGSIb3DQEBCwUAA4IBAQABswGtO7YhC7C5A2K079NkFTEUIs7mWZAQGIakRPUG
X1Ydej/1VDNeIpTHnqblr0Ur7CHztdHEKsL8zhw3mcIiPgx+XTR+IrtJwYwwFJdi
wO4m4YZ9snwb5RqYgiluJ+lFO3hiZukbrTpvIiHGxK7V5lAIwY/IqXAyIjb+KSDp
SfBmkZzqmbgHg1WBKSj3R3x2mRD6rfAhj/fvbiVoUHFTrP7fkRC51qjTwnp35K7w
cAe3gD4Zlq71scQkkvoEPgKAXsCbYt0ozUyOa8d7njfBzMyHkkmVDLWDLpz/RUHf
0ZMvH6IXfR7JkTQgXCcX6eRl0ThnTfzJMaDD8Msf28RL
-----END CERTIFICATE-----