Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/3hJRJSC3BsAdn2mwPHaxe4AaeN8.roa
File:                     3hJRJSC3BsAdn2mwPHaxe4AaeN8.roa (raw, json)
Hash identifier:          POoJzGzbfihOGJQFqlbPOD1wro4qF5Rd0io4pLyb6vI=
Subject key identifier:   DE:12:51:25:20:B7:06:C0:1D:9F:69:B0:3C:76:B1:7B:80:1A:78:DF
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       019D0A0BB53E809EFEACB25421F240BD4423
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/3hJRJSC3BsAdn2mwPHaxe4AaeN8.roa
Signing time:             Fri 20 Mar 2026 07:00:32 +0000
ROA not before:           Fri 20 Mar 2026 07:00:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     134492
IP address blocks:        103.100.168.0/24 maxlen: 24
                          103.146.101.0/24 maxlen: 24
                          103.148.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0a:0b:b5:3e:80:9e:fe:ac:b2:54:21:f2:40:bd:44:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Mar 20 07:00:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de12512520b706c01d9f69b03c76b17b801a78df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:12:15:d5:6b:8c:a0:00:50:7b:56:62:08:13:
                    8a:48:ac:95:69:b8:83:ce:2a:24:4c:6c:24:2d:ac:
                    40:78:e0:85:ff:23:61:ad:1d:2e:91:7d:ba:1e:2f:
                    d3:5f:1c:52:26:4c:81:0a:91:cc:c5:a0:98:63:e6:
                    6f:0f:0e:a6:8e:76:10:ab:8b:07:47:8d:f2:ce:97:
                    b2:d5:3a:5e:72:64:34:83:8b:01:89:7f:ce:e5:39:
                    4f:21:73:66:2d:88:25:43:27:e5:a3:01:ad:9e:8d:
                    8d:ff:c7:fd:dc:7e:6e:18:5b:70:44:12:cf:e6:70:
                    a0:7f:3f:25:6f:7d:37:29:d0:1e:69:6d:3e:1b:e7:
                    35:01:e9:d9:02:39:24:00:7f:77:fd:fb:ef:56:c8:
                    97:84:7d:3b:b6:58:70:38:c6:17:e4:22:35:7e:09:
                    1d:30:4f:d0:41:13:dd:c4:34:d4:be:35:68:93:0d:
                    01:dd:f5:e1:53:48:9d:82:ee:83:16:25:66:f9:b9:
                    5c:7c:01:b1:f4:56:1a:e0:c5:47:1d:8b:86:9d:1a:
                    71:3f:75:a3:51:d8:82:ee:1e:a4:16:c9:69:b0:3e:
                    e2:a6:7f:6e:4c:6e:52:3b:b2:3a:7a:51:d0:14:9a:
                    66:31:b5:f5:a0:f0:aa:69:13:24:93:5e:14:a5:a9:
                    e5:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:12:51:25:20:B7:06:C0:1D:9F:69:B0:3C:76:B1:7B:80:1A:78:DF
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/3hJRJSC3BsAdn2mwPHaxe4AaeN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.100.168.0/24
                  103.146.101.0/24
                  103.148.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:2a:b0:f2:f0:85:3c:b5:e1:ff:aa:db:ac:c6:45:46:c5:11:
         ca:cc:89:4c:e2:b5:9f:c6:1f:b4:16:e0:13:19:bf:94:e7:3e:
         1f:e6:5e:3e:63:e9:0e:c5:17:56:87:8f:f6:3f:e4:9e:75:34:
         be:42:7f:c5:43:4c:c1:6d:21:85:7e:8b:32:78:02:5c:70:4a:
         0a:e4:d1:8c:57:f1:87:cd:b9:1b:49:01:0a:61:53:cc:82:c3:
         6e:99:9d:7e:d7:98:34:d0:b9:3f:19:4e:25:af:67:81:95:ec:
         41:00:00:9c:f3:c4:09:cd:df:f4:ce:5e:b6:59:83:61:b7:b9:
         1b:df:20:a1:81:11:8a:2b:43:fb:2d:07:35:a4:0b:1f:3d:ce:
         5a:3c:33:87:3d:d7:22:80:06:c3:e2:82:a2:64:2c:74:91:b4:
         df:27:ec:31:11:cb:7e:2c:88:ad:e5:a3:c8:12:65:6a:a3:6c:
         0b:61:78:ee:9d:5f:4a:54:51:44:2f:15:b5:dd:d1:e1:03:f3:
         69:03:e2:b2:23:3a:cb:e0:eb:8a:75:97:94:52:98:4e:59:53:
         04:f4:01:5e:5c:94:f4:72:78:b0:b8:d3:c6:cf:cb:c8:0f:f9:
         58:d9:e0:1a:00:e5:9a:54:28:13:bd:5c:4e:73:c6:b3:0c:3c:
         18:a7:78:4f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0KC7U+gJ7+rLJUIfJAvUQjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjYwMzIwMDcwMDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTEyNTEyNTIwYjcwNmMwMWQ5ZjY5YjAzYzc2YjE3YjgwMWE3OGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRIV1WuMoABQe1ZiCBOKSKyVabiD
ziokTGwkLaxAeOCF/yNhrR0ukX26Hi/TXxxSJkyBCpHMxaCYY+ZvDw6mjnYQq4sH
R43yzpey1TpecmQ0g4sBiX/O5TlPIXNmLYglQyflowGtno2N/8f93H5uGFtwRBLP
5nCgfz8lb303KdAeaW0+G+c1AenZAjkkAH93/fvvVsiXhH07tlhwOMYX5CI1fgkd
ME/QQRPdxDTUvjVokw0B3fXhU0idgu6DFiVm+blcfAGx9FYa4MVHHYuGnRpxP3Wj
UdiC7h6kFslpsD7ipn9uTG5SO7I6elHQFJpmMbX1oPCqaRMkk14UpanlmQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN4SUSUgtwbAHZ9psDx2sXuAGnjfMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvM2hKUkpTQzNCc0FkbjJtd1BIYXhlNEFhZU44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAZ2SoAwQA
Z5JlAwQAZ5R1MA0GCSqGSIb3DQEBCwUAA4IBAQAhKrDy8IU8teH/qtusxkVGxRHK
zIlM4rWfxh+0FuATGb+U5z4f5l4+Y+kOxRdWh4/2P+SedTS+Qn/FQ0zBbSGFfosy
eAJccEoK5NGMV/GHzbkbSQEKYVPMgsNumZ1+15g00Lk/GU4lr2eBlexBAACc88QJ
zd/0zl62WYNht7kb3yChgRGKK0P7LQc1pAsfPc5aPDOHPdcigAbD4oKiZCx0kbTf
J+wxEct+LIit5aPIEmVqo2wLYXjunV9KVFFELxW13dHhA/NpA+KyIzrL4OuKdZeU
UphOWVME9AFeXJT0cniwuNPGz8vID/lY2eAaAOWaVCgTvVxOc8azDDwYp3hP
-----END CERTIFICATE-----