Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/m8epfX6ALey9mozyTLJ0ovC6F2E.roa
File:                     m8epfX6ALey9mozyTLJ0ovC6F2E.roa (raw, json)
Hash identifier:          nEswDzlmuc7WOVjzf1OqhYzhCng69m/AkqBFVEn5Jd8=
Subject key identifier:   9B:C7:A9:7D:7E:80:2D:EC:BD:9A:8C:F2:4C:B2:74:A2:F0:BA:17:61
Certificate issuer:       /CN=3ad734cf90c773428806b968209515b914831a9d
Certificate serial:       0199CE48E6A3AB65988D6A81C92231020B4C
Authority key identifier: 3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/m8epfX6ALey9mozyTLJ0ovC6F2E.roa
Signing time:             Fri 10 Oct 2025 13:21:48 +0000
ROA not before:           Fri 10 Oct 2025 13:21:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        103.69.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 13:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:48:e6:a3:ab:65:98:8d:6a:81:c9:22:31:02:0b:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad734cf90c773428806b968209515b914831a9d
        Validity
            Not Before: Oct 10 13:21:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9bc7a97d7e802decbd9a8cf24cb274a2f0ba1761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3f:e1:42:b2:4a:f3:5f:e8:79:b6:1b:8d:e8:
                    cd:55:31:36:af:26:32:5a:5d:4e:7a:45:d8:27:36:
                    b2:dd:54:63:58:00:9d:e2:85:19:1d:50:44:8f:e1:
                    ad:44:10:de:26:80:42:d5:be:03:7e:ca:04:6e:c2:
                    c5:e8:6e:54:d0:d1:e3:db:01:5b:0d:6a:fc:b4:b4:
                    5e:29:9b:99:55:cd:49:e3:70:a8:6c:39:0f:c9:f0:
                    6a:67:41:de:72:e8:c2:96:86:b3:fd:cf:1f:4f:80:
                    ce:fc:48:36:bb:c6:60:88:8b:50:7d:15:e9:6c:4a:
                    c9:7d:61:30:17:23:95:a5:53:c1:a9:56:bc:3a:16:
                    0f:b9:e4:4e:36:e2:83:03:20:7c:9b:31:d0:7c:37:
                    5f:c1:8f:36:77:72:28:48:1c:fb:18:53:7f:67:02:
                    44:9e:41:3b:6d:17:ea:aa:9c:76:8e:9d:6a:b7:a7:
                    3f:33:cc:9c:3d:d5:45:3e:f7:bf:28:c6:50:77:7a:
                    28:c2:de:a0:74:1d:4c:3e:ca:d3:b8:68:e3:57:8f:
                    78:df:b3:ea:12:5f:41:95:6a:df:cc:ba:3d:83:35:
                    ab:d3:00:08:a8:3f:98:35:89:b0:0b:95:d0:0a:61:
                    a7:75:09:92:55:24:67:f4:9d:36:2d:4e:de:72:4c:
                    a4:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:C7:A9:7D:7E:80:2D:EC:BD:9A:8C:F2:4C:B2:74:A2:F0:BA:17:61
            X509v3 Authority Key Identifier:
                keyid:3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/m8epfX6ALey9mozyTLJ0ovC6F2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.69.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:3f:0b:dd:1b:5d:0f:87:11:66:25:53:b9:8c:2b:f7:0d:f2:
         78:d1:8b:71:05:c7:7b:72:a2:63:79:ef:8c:6b:4b:a8:75:2c:
         68:58:7d:82:2d:9c:32:dc:da:7d:6a:df:77:52:22:21:bf:33:
         7c:93:94:f7:77:9a:79:91:5f:90:2a:32:eb:c7:6a:ff:25:cc:
         3f:6a:a7:a9:7c:4a:df:63:71:60:03:34:fc:b0:5b:db:ba:24:
         70:4e:4b:a0:c0:65:8c:ff:0a:f6:71:de:d7:64:f5:dc:cf:44:
         bf:6e:74:57:c6:96:ca:a8:da:d4:09:f1:64:c3:e9:03:d9:45:
         84:b7:7f:16:67:09:4e:6a:3c:3d:f2:e6:a9:a1:52:56:4f:c2:
         5f:8b:c8:ba:d8:0e:c8:c8:93:cd:19:4c:09:aa:48:1a:54:e5:
         62:93:0c:41:9f:1b:f6:d4:bb:9d:5e:27:4d:96:5b:ea:7d:d0:
         8b:fd:f1:e2:14:eb:6c:17:22:7f:64:2d:27:e5:4d:7f:14:0e:
         7d:3c:65:aa:b2:34:78:93:ac:e4:9d:9f:94:ce:9c:53:fd:2b:
         ed:51:a7:21:dd:9d:95:56:6e:ed:cd:46:ec:7d:b2:dd:19:b5:
         ca:5c:94:5c:18:b2:69:c3:9a:19:7f:1b:3a:de:88:23:f4:c3:
         16:36:a2:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnOSOajq2WYjWqBySIxAgtMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDczNGNmOTBjNzczNDI4ODA2Yjk2ODIwOTUxNWI5MTQ4
MzFhOWQwHhcNMjUxMDEwMTMyMTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmM3YTk3ZDdlODAyZGVjYmQ5YThjZjI0Y2IyNzRhMmYwYmExNzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvj/hQrJK81/oebYbjejNVTE2ryYy
Wl1OekXYJzay3VRjWACd4oUZHVBEj+GtRBDeJoBC1b4DfsoEbsLF6G5U0NHj2wFb
DWr8tLReKZuZVc1J43CobDkPyfBqZ0HecujCloaz/c8fT4DO/Eg2u8ZgiItQfRXp
bErJfWEwFyOVpVPBqVa8OhYPueRONuKDAyB8mzHQfDdfwY82d3IoSBz7GFN/ZwJE
nkE7bRfqqpx2jp1qt6c/M8ycPdVFPve/KMZQd3oowt6gdB1MPsrTuGjjV49437Pq
El9BlWrfzLo9gzWr0wAIqD+YNYmwC5XQCmGndQmSVSRn9J02LU7eckykgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJvHqX1+gC3svZqM8kyydKLwuhdhMB8GA1UdIwQY
MBaAFDrXNM+Qx3NCiAa5aCCVFbkUgxqdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMt
NzZhMWQ0ZDgzMTk3LzEvbThlcGZYNkFMZXk5bW96eVRMSjBvdkM2RjJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMtNzZhMWQ0ZDgzMTk3
LzEvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ0XjMA0G
CSqGSIb3DQEBCwUAA4IBAQAJPwvdG10PhxFmJVO5jCv3DfJ40YtxBcd7cqJjee+M
a0uodSxoWH2CLZwy3Np9at93UiIhvzN8k5T3d5p5kV+QKjLrx2r/Jcw/aqepfErf
Y3FgAzT8sFvbuiRwTkugwGWM/wr2cd7XZPXcz0S/bnRXxpbKqNrUCfFkw+kD2UWE
t38WZwlOajw98uapoVJWT8Jfi8i62A7IyJPNGUwJqkgaVOVikwxBnxv21LudXidN
llvqfdCL/fHiFOtsFyJ/ZC0n5U1/FA59PGWqsjR4k6zknZ+UzpxT/SvtUach3Z2V
Vm7tzUbsfbLdGbXKXJRcGLJpw5oZfxs63ogj9MMWNqL/
-----END CERTIFICATE-----