Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/9ufXbM9venYhxl-SvGpc6GfgiXw.roa
File:                     9ufXbM9venYhxl-SvGpc6GfgiXw.roa (raw, json)
Hash identifier:          Ac/t4dFO//WUk7pf4os6/uGOArEztMkq7kLNqY6xpWY=
Subject key identifier:   F6:E7:D7:6C:CF:6F:7A:76:21:C6:5F:92:BC:6A:5C:E8:67:E0:89:7C
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       0197AB6AF3A65F8F2D8E2C8FEDE951419964
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/9ufXbM9venYhxl-SvGpc6GfgiXw.roa
Signing time:             Thu 26 Jun 2025 08:46:42 +0000
ROA not before:           Thu 26 Jun 2025 08:46:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59253
IP address blocks:        103.148.140.0/24 maxlen: 24
                          103.149.84.0/24 maxlen: 24
                          103.151.102.0/24 maxlen: 24
                          103.152.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 17:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ab:6a:f3:a6:5f:8f:2d:8e:2c:8f:ed:e9:51:41:99:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Jun 26 08:46:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6e7d76ccf6f7a7621c65f92bc6a5ce867e0897c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3c:79:26:e1:de:df:e1:0e:2e:45:db:20:ea:
                    d4:9e:a6:47:e8:a2:0f:16:90:33:78:62:0a:b7:fd:
                    e2:02:e7:18:42:a4:33:53:cb:e8:54:30:40:65:d6:
                    23:e3:3a:84:d4:7f:2d:e0:44:3b:11:5f:84:d3:2b:
                    e9:50:19:38:a4:82:91:aa:c0:0d:03:db:0f:4c:b5:
                    02:9f:e0:e2:8f:6b:a2:cf:76:00:53:c3:c6:e4:14:
                    bf:f9:3f:0d:53:b1:bb:95:dd:c5:43:bd:e3:6f:c2:
                    82:98:22:62:37:79:e3:94:04:9c:dd:07:90:74:ee:
                    94:64:62:4b:84:e6:16:53:d4:ef:af:ad:c6:08:b9:
                    68:0c:dd:e9:65:94:6a:21:23:e8:ea:b0:3f:ef:db:
                    87:aa:11:12:03:84:19:f1:77:2d:e9:e9:fe:7c:2d:
                    93:05:67:3b:09:c7:bf:aa:83:c6:a7:41:ac:97:f2:
                    71:6c:ee:60:c3:34:42:a1:0b:d0:46:25:6f:30:62:
                    35:4a:62:2c:f8:75:b4:f6:45:87:1b:4a:9a:13:aa:
                    94:42:52:de:d0:bc:03:05:71:81:7d:32:e8:ed:96:
                    9a:0e:b4:11:8b:4d:56:64:fb:0d:91:9a:e4:23:a3:
                    c6:f7:04:de:54:00:5c:76:f8:44:58:3e:cf:16:97:
                    f5:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:E7:D7:6C:CF:6F:7A:76:21:C6:5F:92:BC:6A:5C:E8:67:E0:89:7C
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/9ufXbM9venYhxl-SvGpc6GfgiXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.148.140.0/24
                  103.149.84.0/24
                  103.151.102.0/24
                  103.152.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:c0:57:8e:f6:25:b8:42:2f:45:a9:f4:9d:3e:35:9e:38:8d:
         fe:e0:f1:9e:d2:8e:7e:26:17:8d:6b:94:28:14:4b:73:67:82:
         a2:02:d2:70:73:ca:84:f4:0a:7b:ae:36:63:f6:cb:ec:c1:49:
         11:2e:3d:30:81:81:98:61:ed:02:f1:8a:20:f9:7a:5a:a8:32:
         8c:d1:50:b2:4c:87:a2:db:c5:10:04:a2:32:32:b6:95:a6:90:
         4d:39:54:1b:16:9b:f8:7d:de:a4:91:8e:f3:04:5a:5b:84:11:
         30:fe:b1:1b:04:f2:0a:4d:ad:46:a6:a5:ce:11:c5:05:67:6e:
         9e:3c:a3:aa:28:ba:ed:bc:21:d9:9d:8a:2e:1e:f5:69:f8:b6:
         ee:bb:33:08:ac:64:bf:4b:fe:ab:e6:62:47:04:31:e1:32:17:
         48:f9:ba:73:09:2a:f3:5b:82:7a:ca:b8:58:b2:d3:81:99:01:
         0c:2e:ca:28:50:50:4c:17:ff:40:e2:d9:7e:84:22:cf:07:44:
         e0:66:b0:4d:49:4f:08:77:19:57:b7:d7:f1:55:c3:46:fc:17:
         f9:d3:3d:4c:2d:64:92:92:3e:a0:1e:d8:35:2c:d6:5c:cb:78:
         7d:97:26:c0:c9:1b:8e:34:40:86:e5:ff:4b:b4:e1:73:63:93:
         65:62:35:89
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZeravOmX48tjiyP7elRQZlkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwNjI2MDg0NjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmU3ZDc2Y2NmNmY3YTc2MjFjNjVmOTJiYzZhNWNlODY3ZTA4OTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTx5JuHe3+EOLkXbIOrUnqZH6KIP
FpAzeGIKt/3iAucYQqQzU8voVDBAZdYj4zqE1H8t4EQ7EV+E0yvpUBk4pIKRqsAN
A9sPTLUCn+Dij2uiz3YAU8PG5BS/+T8NU7G7ld3FQ73jb8KCmCJiN3njlASc3QeQ
dO6UZGJLhOYWU9Tvr63GCLloDN3pZZRqISPo6rA/79uHqhESA4QZ8Xct6en+fC2T
BWc7Cce/qoPGp0Gsl/JxbO5gwzRCoQvQRiVvMGI1SmIs+HW09kWHG0qaE6qUQlLe
0LwDBXGBfTLo7ZaaDrQRi01WZPsNkZrkI6PG9wTeVABcdvhEWD7PFpf1IQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPbn12zPb3p2IcZfkrxqXOhn4Il8MB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvOXVmWGJNOXZlblloeGwtU3ZHcGM2R2ZnaVh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAZ5SMAwQA
Z5VUAwQAZ5dmAwQAZ5gQMA0GCSqGSIb3DQEBCwUAA4IBAQCKwFeO9iW4Qi9FqfSd
PjWeOI3+4PGe0o5+JheNa5QoFEtzZ4KiAtJwc8qE9Ap7rjZj9svswUkRLj0wgYGY
Ye0C8Yog+XpaqDKM0VCyTIei28UQBKIyMraVppBNOVQbFpv4fd6kkY7zBFpbhBEw
/rEbBPIKTa1GpqXOEcUFZ26ePKOqKLrtvCHZnYouHvVp+LbuuzMIrGS/S/6r5mJH
BDHhMhdI+bpzCSrzW4J6yrhYstOBmQEMLsooUFBMF/9A4tl+hCLPB0TgZrBNSU8I
dxlXt9fxVcNG/Bf50z1MLWSSkj6gHtg1LNZcy3h9lybAyRuONECG5f9LtOFzY5Nl
YjWJ
-----END CERTIFICATE-----
Generated at Wed Jul 2 23:56:05 2025 by rpki-client