Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b7gCLwwMzjZjbVS32gLXIFWwbUk.roa
File:                     b7gCLwwMzjZjbVS32gLXIFWwbUk.roa (raw, json)
Hash identifier:          D2c9HayWxHwINiQBbZzPgdJmQPa3/hDkJ/z9pkwYKxE=
Subject key identifier:   6F:B8:02:2F:0C:0C:CE:36:63:6D:54:B7:DA:02:D7:20:55:B0:6D:49
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       0199F275A1B3A12805BD2C6CD4EADF49A495
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b7gCLwwMzjZjbVS32gLXIFWwbUk.roa
Signing time:             Fri 17 Oct 2025 13:56:59 +0000
ROA not before:           Fri 17 Oct 2025 13:56:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        103.17.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f2:75:a1:b3:a1:28:05:bd:2c:6c:d4:ea:df:49:a4:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Oct 17 13:56:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fb8022f0c0cce36636d54b7da02d72055b06d49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:68:28:93:7b:07:73:52:e8:e6:6f:84:00:40:
                    a5:ce:8f:1b:0e:61:f2:3c:e7:a4:79:9d:6a:61:55:
                    01:52:d4:1a:64:17:6e:32:29:29:1b:3f:4f:c8:ef:
                    10:19:55:22:a5:be:22:81:02:2f:8a:56:c4:ab:08:
                    c2:75:57:9e:76:60:8b:61:9a:4d:0c:d4:e1:c4:1f:
                    ad:e0:94:37:c3:3c:55:b0:79:35:5e:1d:c9:cf:7c:
                    aa:0b:6c:e4:a3:df:1d:3a:53:98:28:84:bb:1d:66:
                    1f:e3:e9:62:37:a1:93:dc:cd:53:eb:2a:c0:f3:da:
                    60:3b:8d:66:a4:c5:da:ee:83:55:08:73:31:18:ff:
                    b3:19:d6:e1:7b:4d:c3:a6:76:ef:e3:27:e0:50:34:
                    03:06:44:ff:6f:8c:f9:37:24:b8:0f:a2:f5:10:c1:
                    eb:4c:b8:40:09:f2:0f:3b:8b:f4:b1:44:b0:6e:c2:
                    48:e0:0d:ec:42:e0:98:2d:5f:a8:3f:d5:61:cb:2f:
                    5e:87:a6:9f:05:54:3f:4d:4e:29:69:c0:a2:30:8a:
                    49:b3:2a:cc:83:41:cc:37:94:e1:ad:ec:98:e8:89:
                    ce:47:21:4a:da:d0:20:74:18:25:6e:2a:3e:be:2f:
                    48:1d:d6:93:f5:eb:9a:4e:5c:fa:66:59:e7:fd:6b:
                    cf:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:B8:02:2F:0C:0C:CE:36:63:6D:54:B7:DA:02:D7:20:55:B0:6D:49
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b7gCLwwMzjZjbVS32gLXIFWwbUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.17.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:63:a6:ad:88:c3:03:1f:13:d1:7d:19:26:07:1f:4b:be:74:
         3d:6a:ba:8b:86:06:3a:29:b1:15:ae:ef:a3:92:b0:1d:6c:bd:
         42:bc:ea:7d:90:64:ae:23:f7:41:73:4c:32:e9:42:5a:fa:95:
         e3:e4:da:c1:c4:39:a8:57:96:f5:50:3b:8e:19:c1:e4:a8:97:
         7d:60:52:f7:2e:dd:5f:5a:90:fb:e5:a1:98:ce:a3:20:69:a8:
         69:9f:0f:7a:23:c5:10:da:40:04:4b:80:d2:9e:09:c6:83:44:
         e4:c5:08:36:fb:36:ad:dc:53:a0:22:58:30:dd:bd:f1:78:4f:
         33:45:cd:9a:bc:ce:a9:88:25:9b:2c:39:3d:9b:a0:8f:09:aa:
         e0:99:79:75:67:c8:9a:a0:6a:07:ef:9f:1b:94:a3:17:fd:75:
         13:d7:fa:c0:e9:83:5f:70:ab:f1:89:27:d8:37:f2:27:8d:41:
         45:9c:c4:08:ce:36:9f:57:d2:d3:ed:f1:85:20:a1:fe:fc:25:
         6b:f0:42:4d:6e:58:93:08:18:45:67:87:59:08:88:47:d7:2e:
         b0:9f:c2:5d:f1:09:65:2a:d1:29:2a:1b:0d:71:d5:52:9d:87:
         21:0c:06:3a:53:5b:7a:1b:b4:d7:03:e0:91:72:5b:96:12:65:
         9c:9c:7f:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnydaGzoSgFvSxs1OrfSaSVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUxMDE3MTM1NjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmI4MDIyZjBjMGNjZTM2NjM2ZDU0YjdkYTAyZDcyMDU1YjA2ZDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWgok3sHc1Lo5m+EAEClzo8bDmHy
POekeZ1qYVUBUtQaZBduMikpGz9PyO8QGVUipb4igQIvilbEqwjCdVeedmCLYZpN
DNThxB+t4JQ3wzxVsHk1Xh3Jz3yqC2zko98dOlOYKIS7HWYf4+liN6GT3M1T6yrA
89pgO41mpMXa7oNVCHMxGP+zGdbhe03Dpnbv4yfgUDQDBkT/b4z5NyS4D6L1EMHr
TLhACfIPO4v0sUSwbsJI4A3sQuCYLV+oP9Vhyy9eh6afBVQ/TU4pacCiMIpJsyrM
g0HMN5ThreyY6InORyFK2tAgdBglbio+vi9IHdaT9euaTlz6Zlnn/WvPcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+4Ai8MDM42Y21Ut9oC1yBVsG1JMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvYjdnQ0x3d016alpqYlZTMzJnTFhJRld3YlVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZxFgMA0G
CSqGSIb3DQEBCwUAA4IBAQCeY6atiMMDHxPRfRkmBx9LvnQ9arqLhgY6KbEVru+j
krAdbL1CvOp9kGSuI/dBc0wy6UJa+pXj5NrBxDmoV5b1UDuOGcHkqJd9YFL3Lt1f
WpD75aGYzqMgaahpnw96I8UQ2kAES4DSngnGg0TkxQg2+zat3FOgIlgw3b3xeE8z
Rc2avM6piCWbLDk9m6CPCargmXl1Z8iaoGoH758blKMX/XUT1/rA6YNfcKvxiSfY
N/InjUFFnMQIzjafV9LT7fGFIKH+/CVr8EJNbliTCBhFZ4dZCIhH1y6wn8Jd8Qll
KtEpKhsNcdVSnYchDAY6U1t6G7TXA+CRcluWEmWcnH9v
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:22:48 2025 by rpki-client