Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/fK9EW2umljzRQTYND4AfmE35XCA.roa
File:                     fK9EW2umljzRQTYND4AfmE35XCA.roa (raw, json)
Hash identifier:          9sqICXJrZxXGs4HmQ6by183Nbrj675bqVnqLvT99NXw=
Subject key identifier:   7C:AF:44:5B:6B:A6:96:3C:D1:41:36:0D:0F:80:1F:98:4D:F9:5C:20
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       0199F2759FEBBF9C5A58BDA5B32856DDDEE8
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/fK9EW2umljzRQTYND4AfmE35XCA.roa
Signing time:             Fri 17 Oct 2025 13:56:58 +0000
ROA not before:           Fri 17 Oct 2025 13:56:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        103.17.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f2:75:9f:eb:bf:9c:5a:58:bd:a5:b3:28:56:dd:de:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Oct 17 13:56:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7caf445b6ba6963cd141360d0f801f984df95c20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5c:0d:d7:07:2a:af:b7:b7:44:22:79:65:fa:
                    4f:fc:b3:d7:fd:3e:8b:e5:10:50:27:42:76:b1:18:
                    1f:59:49:41:53:6f:1e:f5:40:cb:f3:33:bc:17:56:
                    e6:ff:5a:54:26:cc:95:d7:35:d1:c4:9a:94:77:c8:
                    02:ee:23:e6:ca:b1:d1:73:5a:94:46:66:86:4b:a2:
                    26:63:60:c8:24:d3:55:c5:d3:24:45:8f:bc:63:68:
                    e6:1e:7c:da:ea:eb:9b:4e:58:c3:1d:b8:8f:64:de:
                    5f:7d:bd:94:ab:a1:a7:12:2f:23:80:07:37:3c:cc:
                    67:92:02:79:09:7e:71:70:d7:2c:0b:56:e2:77:c5:
                    d3:02:85:3c:b6:fa:a0:92:42:5d:d1:34:c4:30:1f:
                    ed:a8:45:bd:6a:28:cd:4c:f4:7a:e7:87:c0:a0:8c:
                    ec:7f:4a:af:a3:46:8a:28:01:ac:b0:34:ea:ab:60:
                    98:1f:f3:24:be:ce:96:0b:c2:5f:2f:19:a0:45:06:
                    19:d0:db:cc:64:fb:5f:0b:25:26:b2:af:ce:f0:3f:
                    22:94:da:c2:0a:e1:f3:1d:80:a4:ad:d3:e1:e1:22:
                    e9:d3:40:5b:e0:b8:06:f5:7a:54:14:ac:01:e6:7c:
                    e1:39:21:3c:b9:0f:fd:24:ad:54:62:38:3a:12:fd:
                    8e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:AF:44:5B:6B:A6:96:3C:D1:41:36:0D:0F:80:1F:98:4D:F9:5C:20
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/fK9EW2umljzRQTYND4AfmE35XCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.17.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:33:dd:14:76:ae:11:95:51:16:72:66:66:59:dc:72:dd:bd:
         4d:2e:5c:9f:b9:92:b8:aa:e2:8a:32:71:7a:e3:f4:da:04:6a:
         16:09:2f:9c:04:e0:3c:4c:7e:1e:b1:a3:38:c5:13:ee:ee:76:
         2f:fd:fb:9d:67:16:db:45:16:c1:fd:55:8d:cd:c4:61:66:8c:
         a0:08:72:20:78:ac:0f:fd:f0:8b:4f:27:19:ab:69:ca:fd:29:
         32:f2:b9:33:6a:68:13:fd:74:52:de:b8:c9:a7:e5:f4:06:57:
         45:dc:cf:0a:66:3d:3a:14:47:05:b1:2e:b7:61:15:36:bb:ad:
         07:ff:b2:4e:0d:a6:50:7b:94:0c:34:7a:e0:80:be:40:54:ed:
         7a:69:47:5d:bc:3b:55:fd:87:25:3a:75:92:ba:67:23:4a:f9:
         a1:f2:1d:86:01:6d:57:d2:01:2f:25:e9:3f:ce:63:37:10:d7:
         02:57:3f:e8:a5:38:20:ed:f3:c9:ae:fb:ad:b5:ef:7c:33:d9:
         80:a3:68:92:e8:9d:dc:68:8a:42:31:eb:3e:eb:7f:4a:eb:21:
         10:6d:ca:01:77:b2:5f:c0:f5:fd:ac:05:49:04:ca:03:82:47:
         39:bd:d1:53:69:24:b5:0f:57:ca:b6:79:16:7b:e4:21:d3:00:
         ed:c6:45:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnydZ/rv5xaWL2lsyhW3d7oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUxMDE3MTM1NjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2FmNDQ1YjZiYTY5NjNjZDE0MTM2MGQwZjgwMWY5ODRkZjk1YzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1wN1wcqr7e3RCJ5ZfpP/LPX/T6L
5RBQJ0J2sRgfWUlBU28e9UDL8zO8F1bm/1pUJsyV1zXRxJqUd8gC7iPmyrHRc1qU
RmaGS6ImY2DIJNNVxdMkRY+8Y2jmHnza6uubTljDHbiPZN5ffb2Uq6GnEi8jgAc3
PMxnkgJ5CX5xcNcsC1bid8XTAoU8tvqgkkJd0TTEMB/tqEW9aijNTPR654fAoIzs
f0qvo0aKKAGssDTqq2CYH/Mkvs6WC8JfLxmgRQYZ0NvMZPtfCyUmsq/O8D8ilNrC
CuHzHYCkrdPh4SLp00Bb4LgG9XpUFKwB5nzhOSE8uQ/9JK1UYjg6Ev2OkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHyvRFtrppY80UE2DQ+AH5hN+VwgMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvZks5RVcydW1sanpSUVRZTkQ0QWZtRTM1WENBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZxFgMA0G
CSqGSIb3DQEBCwUAA4IBAQBzM90Udq4RlVEWcmZmWdxy3b1NLlyfuZK4quKKMnF6
4/TaBGoWCS+cBOA8TH4esaM4xRPu7nYv/fudZxbbRRbB/VWNzcRhZoygCHIgeKwP
/fCLTycZq2nK/Sky8rkzamgT/XRS3rjJp+X0BldF3M8KZj06FEcFsS63YRU2u60H
/7JODaZQe5QMNHrggL5AVO16aUddvDtV/YclOnWSumcjSvmh8h2GAW1X0gEvJek/
zmM3ENcCVz/opTgg7fPJrvutte98M9mAo2iS6J3caIpCMes+639K6yEQbcoBd7Jf
wPX9rAVJBMoDgkc5vdFTaSS1D1fKtnkWe+Qh0wDtxkVJ
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:22:54 2025 by rpki-client