Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/Jr5Ueq6kDwQSf4OCEjyXWyv4DJM.roa
File:                     Jr5Ueq6kDwQSf4OCEjyXWyv4DJM.roa (raw, json)
Hash identifier:          MSHb++tsJ50vTtX0YOcOx6674SSj9sRa1aeYtEOqqp0=
Subject key identifier:   26:BE:54:7A:AE:A4:0F:04:12:7F:83:82:12:3C:97:5B:2B:F8:0C:93
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       0199F275A180C5094B11C52F934A0C45C104
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/Jr5Ueq6kDwQSf4OCEjyXWyv4DJM.roa
Signing time:             Fri 17 Oct 2025 13:56:59 +0000
ROA not before:           Fri 17 Oct 2025 13:56:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        103.17.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f2:75:a1:80:c5:09:4b:11:c5:2f:93:4a:0c:45:c1:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Oct 17 13:56:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26be547aaea40f04127f8382123c975b2bf80c93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:4f:a8:94:b2:9a:ce:f0:88:28:19:9f:bb:f6:
                    87:ca:41:70:d3:89:aa:9a:18:c9:c9:7b:3a:d7:77:
                    d5:8d:90:fa:89:77:45:1f:8c:93:de:85:a9:7e:8a:
                    86:4b:2c:09:78:15:f3:67:0e:1b:b6:97:28:89:51:
                    62:0f:65:2f:a4:a4:53:07:6a:77:1f:f5:20:90:81:
                    e8:80:21:22:6b:11:f5:1a:76:e1:d1:be:e2:94:f8:
                    4c:e5:b9:24:56:af:92:61:63:e0:c9:35:4d:86:1c:
                    a9:0a:8a:28:5c:47:d4:a2:ba:e6:27:fd:db:41:66:
                    60:e4:f6:49:9b:21:d1:05:0d:c9:4c:4d:d3:79:41:
                    78:26:27:de:be:dd:50:6f:8f:96:1f:a3:b5:0a:97:
                    0d:59:3a:7c:60:d2:6c:eb:3c:81:fa:12:52:77:dc:
                    ae:d4:3a:69:9a:2f:14:91:44:b8:06:0a:a2:bb:2a:
                    5f:49:00:a7:88:3d:9f:60:85:32:7c:d6:ba:c6:99:
                    ff:b6:12:b4:be:ad:cf:f0:45:d7:9d:c6:ae:79:95:
                    96:78:06:30:60:06:ed:d7:e3:a0:6f:fb:2d:d0:58:
                    ed:cb:7d:ba:2b:16:40:37:96:9c:f7:b7:02:11:de:
                    6f:b5:11:ac:32:28:09:03:f9:9f:12:28:21:52:44:
                    7c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:BE:54:7A:AE:A4:0F:04:12:7F:83:82:12:3C:97:5B:2B:F8:0C:93
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/Jr5Ueq6kDwQSf4OCEjyXWyv4DJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.17.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:16:be:78:d9:33:73:9e:b2:fd:09:d4:aa:c1:09:2b:8a:e6:
         a7:f6:5b:77:63:ce:e7:1d:31:59:04:86:e7:a8:e9:cf:06:f4:
         29:fe:78:fc:e7:10:52:e2:f1:52:df:f4:99:cc:b0:25:de:ac:
         8d:d0:05:fb:c2:9a:e6:48:f5:40:5e:ba:20:8d:6c:2d:ac:aa:
         f9:2d:ca:0d:44:6c:59:fc:1b:3e:72:de:14:0b:a6:49:b8:da:
         75:97:2c:18:f2:f3:22:18:94:7d:1a:1e:22:5a:93:56:00:78:
         06:a2:c8:eb:4c:ed:f9:4e:d7:e6:6d:a9:0a:e6:bb:95:4a:97:
         e9:48:67:93:61:cd:35:a0:c6:4d:af:91:75:01:86:db:29:b9:
         8d:d4:de:40:56:e5:54:40:45:c2:cc:b6:01:52:23:54:38:44:
         38:03:54:36:b8:a7:8c:82:82:dd:89:d7:b5:2f:98:5b:a1:d2:
         67:4f:b7:d7:76:3a:00:66:0f:1d:f1:4f:7d:96:ba:34:44:63:
         02:50:ca:5e:e5:52:a8:59:25:b7:5e:f3:14:df:78:fa:15:67:
         85:86:e3:a5:d9:88:45:c3:ee:c7:da:02:e2:65:37:23:53:b7:
         c0:70:b9:b1:a8:d1:d1:28:db:40:43:44:ef:56:c8:d5:74:51:
         08:f7:0e:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnydaGAxQlLEcUvk0oMRcEEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUxMDE3MTM1NjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmJlNTQ3YWFlYTQwZjA0MTI3ZjgzODIxMjNjOTc1YjJiZjgwYzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0+olLKazvCIKBmfu/aHykFw04mq
mhjJyXs613fVjZD6iXdFH4yT3oWpfoqGSywJeBXzZw4btpcoiVFiD2UvpKRTB2p3
H/UgkIHogCEiaxH1Gnbh0b7ilPhM5bkkVq+SYWPgyTVNhhypCoooXEfUorrmJ/3b
QWZg5PZJmyHRBQ3JTE3TeUF4Jifevt1Qb4+WH6O1CpcNWTp8YNJs6zyB+hJSd9yu
1Dppmi8UkUS4BgqiuypfSQCniD2fYIUyfNa6xpn/thK0vq3P8EXXncaueZWWeAYw
YAbt1+Ogb/st0Fjty326KxZAN5ac97cCEd5vtRGsMigJA/mfEighUkR8ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCa+VHqupA8EEn+DghI8l1sr+AyTMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvSnI1VWVxNmtEd1FTZjRPQ0VqeVhXeXY0REpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZxFgMA0G
CSqGSIb3DQEBCwUAA4IBAQCDFr542TNznrL9CdSqwQkriuan9lt3Y87nHTFZBIbn
qOnPBvQp/nj85xBS4vFS3/SZzLAl3qyN0AX7wprmSPVAXrogjWwtrKr5LcoNRGxZ
/Bs+ct4UC6ZJuNp1lywY8vMiGJR9Gh4iWpNWAHgGosjrTO35TtfmbakK5ruVSpfp
SGeTYc01oMZNr5F1AYbbKbmN1N5AVuVUQEXCzLYBUiNUOEQ4A1Q2uKeMgoLdide1
L5hbodJnT7fXdjoAZg8d8U99lro0RGMCUMpe5VKoWSW3XvMU33j6FWeFhuOl2YhF
w+7H2gLiZTcjU7fAcLmxqNHRKNtAQ0TvVsjVdFEI9w7l
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:22:46 2025 by rpki-client