Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/VIvJR-ELjPDDNwtDAs7jPXPRVS8.roa
File:                     VIvJR-ELjPDDNwtDAs7jPXPRVS8.roa (raw, json)
Hash identifier:          xlYWOAlcQ9qUm1X3p6cNrDPlijzSwOQVXOe0gD7Wm78=
Subject key identifier:   54:8B:C9:47:E1:0B:8C:F0:C3:37:0B:43:02:CE:E3:3D:73:D1:55:2F
Certificate issuer:       /CN=3ad734cf90c773428806b968209515b914831a9d
Certificate serial:       0199CE48E7505497CF77AA3C94B1E5C73F48
Authority key identifier: 3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/VIvJR-ELjPDDNwtDAs7jPXPRVS8.roa
Signing time:             Fri 10 Oct 2025 13:21:48 +0000
ROA not before:           Fri 10 Oct 2025 13:21:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397630
IP address blocks:        103.69.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:48:e7:50:54:97:cf:77:aa:3c:94:b1:e5:c7:3f:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad734cf90c773428806b968209515b914831a9d
        Validity
            Not Before: Oct 10 13:21:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=548bc947e10b8cf0c3370b4302cee33d73d1552f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f2:1d:32:14:ee:db:bf:45:a5:2b:da:c6:ac:
                    4a:70:a3:43:45:0c:a6:3d:8b:4e:b0:70:cd:bb:3b:
                    34:8d:cb:b7:80:bb:f4:ca:c0:30:e2:c6:ce:03:0b:
                    75:aa:60:bb:ee:ce:83:c1:06:23:db:0d:67:e7:d1:
                    43:82:d1:b3:e4:5e:a1:52:f0:61:84:ec:45:82:42:
                    6f:5a:9c:0e:e3:49:d7:b6:b6:dd:eb:ed:e5:63:11:
                    c3:52:96:16:60:c3:49:73:42:99:6e:18:80:07:09:
                    a5:fa:b2:93:c1:9b:b2:d4:25:c6:df:b8:f4:19:f7:
                    37:56:38:de:22:45:f2:9f:d4:af:3c:e1:e8:95:8d:
                    45:80:10:87:6d:38:87:4a:b7:7f:20:12:90:f7:ce:
                    82:9c:55:9f:70:9b:66:c5:ff:cd:5f:33:6d:a9:9b:
                    4c:70:6e:86:fc:92:18:8e:db:29:b3:59:df:2f:13:
                    06:6e:e1:b6:64:66:ea:79:6c:ec:46:8d:e0:d5:2d:
                    74:d7:75:e4:e7:d6:36:c3:bf:00:64:f4:1b:66:7e:
                    e7:67:13:7f:d6:b3:5b:04:e0:d4:95:da:b9:99:b9:
                    ad:e8:b5:00:a8:2b:09:d7:06:ae:1e:71:8c:9f:a8:
                    8c:81:ce:e9:2b:93:03:03:a7:11:ac:7c:e8:d9:6b:
                    8f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:8B:C9:47:E1:0B:8C:F0:C3:37:0B:43:02:CE:E3:3D:73:D1:55:2F
            X509v3 Authority Key Identifier:
                keyid:3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/VIvJR-ELjPDDNwtDAs7jPXPRVS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.69.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:d0:b5:08:82:0e:22:cc:8e:f1:bf:20:7c:f2:da:d9:ee:9c:
         03:52:4d:ec:54:f0:f7:ad:12:6b:56:fa:04:f2:a3:55:7a:19:
         15:6f:24:24:95:e9:75:d9:fd:be:2d:78:9b:46:19:1c:91:57:
         53:27:0c:2b:3b:fd:0c:a4:7f:aa:f2:5a:43:8e:00:97:a3:92:
         1b:d2:5f:f2:4d:2b:e7:dc:b6:86:76:37:43:48:fa:c9:28:ae:
         62:79:b3:d0:f2:77:0f:dc:cc:4a:94:af:10:05:de:d9:57:08:
         bf:5f:db:88:f4:02:63:03:bc:46:41:76:bc:19:02:7c:00:8a:
         8b:9f:22:98:aa:ce:25:70:5f:c7:b6:e2:92:54:d4:0d:99:5b:
         0c:43:53:53:a2:e9:58:42:21:15:de:40:c7:10:24:96:a7:5e:
         49:b6:b0:72:68:b3:fb:c5:b1:c1:f6:30:b2:f6:98:9f:86:ca:
         28:73:34:42:4f:5c:83:22:55:cd:19:64:71:15:56:8c:66:87:
         a3:09:1b:cd:c3:b1:1d:2e:90:41:bf:ad:6b:90:fd:7f:dd:99:
         b3:a2:1b:32:ff:e2:17:9b:d8:0b:45:45:7d:08:26:7f:79:16:
         ca:39:d0:87:a3:e9:75:4c:ba:81:2e:00:1e:af:da:5a:5f:65:
         ce:11:36:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnOSOdQVJfPd6o8lLHlxz9IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDczNGNmOTBjNzczNDI4ODA2Yjk2ODIwOTUxNWI5MTQ4
MzFhOWQwHhcNMjUxMDEwMTMyMTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDhiYzk0N2UxMGI4Y2YwYzMzNzBiNDMwMmNlZTMzZDczZDE1NTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPIdMhTu279FpSvaxqxKcKNDRQym
PYtOsHDNuzs0jcu3gLv0ysAw4sbOAwt1qmC77s6DwQYj2w1n59FDgtGz5F6hUvBh
hOxFgkJvWpwO40nXtrbd6+3lYxHDUpYWYMNJc0KZbhiABwml+rKTwZuy1CXG37j0
Gfc3VjjeIkXyn9SvPOHolY1FgBCHbTiHSrd/IBKQ986CnFWfcJtmxf/NXzNtqZtM
cG6G/JIYjtsps1nfLxMGbuG2ZGbqeWzsRo3g1S1013Xk59Y2w78AZPQbZn7nZxN/
1rNbBODUldq5mbmt6LUAqCsJ1wauHnGMn6iMgc7pK5MDA6cRrHzo2WuPTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFSLyUfhC4zwwzcLQwLO4z1z0VUvMB8GA1UdIwQY
MBaAFDrXNM+Qx3NCiAa5aCCVFbkUgxqdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMt
NzZhMWQ0ZDgzMTk3LzEvVkl2SlItRUxqUERETnd0REFzN2pQWFBSVlM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMtNzZhMWQ0ZDgzMTk3
LzEvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ0XjMA0G
CSqGSIb3DQEBCwUAA4IBAQAf0LUIgg4izI7xvyB88trZ7pwDUk3sVPD3rRJrVvoE
8qNVehkVbyQklel12f2+LXibRhkckVdTJwwrO/0MpH+q8lpDjgCXo5Ib0l/yTSvn
3LaGdjdDSPrJKK5iebPQ8ncP3MxKlK8QBd7ZVwi/X9uI9AJjA7xGQXa8GQJ8AIqL
nyKYqs4lcF/HtuKSVNQNmVsMQ1NToulYQiEV3kDHECSWp15JtrByaLP7xbHB9jCy
9pifhsooczRCT1yDIlXNGWRxFVaMZoejCRvNw7EdLpBBv61rkP1/3Zmzohsy/+IX
m9gLRUV9CCZ/eRbKOdCHo+l1TLqBLgAer9paX2XOETaq
-----END CERTIFICATE-----