Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/wi7P2klzDoWzZPbBuUScvB6w9GE.roa
File:                     wi7P2klzDoWzZPbBuUScvB6w9GE.roa (raw, json)
Hash identifier:          haZht6otkDkWpVJ8lyAFOcllxlCvSCVGP51LwFpW/I8=
Subject key identifier:   C2:2E:CF:DA:49:73:0E:85:B3:64:F6:C1:B9:44:9C:BC:1E:B0:F4:61
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0198AD65C4AA6F7D07513D2C7C5AAABB81FC
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/wi7P2klzDoWzZPbBuUScvB6w9GE.roa
Signing time:             Fri 15 Aug 2025 11:03:04 +0000
ROA not before:           Fri 15 Aug 2025 11:03:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206230
IP address blocks:        103.73.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 08:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ad:65:c4:aa:6f:7d:07:51:3d:2c:7c:5a:aa:bb:81:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Aug 15 11:03:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c22ecfda49730e85b364f6c1b9449cbc1eb0f461
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:8b:7e:36:d0:d6:c0:cb:4a:07:3c:f1:6a:05:
                    8f:93:37:e1:c1:df:86:2d:fb:30:6d:df:7f:80:54:
                    49:58:74:24:78:5d:5a:43:9d:a7:23:cc:88:12:a1:
                    f1:0b:1e:17:65:aa:7e:95:f3:48:27:7c:c3:b0:66:
                    9b:41:7a:8f:2d:33:d4:7c:e1:7b:08:91:37:63:e2:
                    4d:e3:56:cb:de:26:94:cb:41:c3:05:3b:2e:b9:55:
                    a9:c4:0e:2d:ec:2f:35:b1:33:87:66:88:10:52:32:
                    b2:74:21:87:30:9f:c6:7b:df:55:ab:57:7c:33:b5:
                    4b:e9:a8:af:88:d0:74:4e:ca:31:3e:70:0f:06:0a:
                    b0:cd:11:bd:21:39:a9:aa:58:f6:a5:cd:a0:43:51:
                    c2:5a:34:4d:51:96:8d:78:6e:3c:cd:5d:5b:f1:b1:
                    fe:a7:51:34:53:28:72:1d:c7:c6:5b:3f:74:63:f8:
                    90:a2:01:b0:cf:63:3d:69:bc:3b:01:d2:b0:c7:3a:
                    db:f4:a9:74:d0:81:1c:de:e4:80:0b:da:2d:82:a9:
                    be:17:c2:fa:d6:65:37:09:da:e3:fd:9a:56:7e:fb:
                    a6:7c:bd:44:17:b8:13:de:2a:f4:0a:36:fe:22:92:
                    e2:d1:e2:a8:c7:8c:e3:7c:d2:4e:ff:79:45:4a:fc:
                    28:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:2E:CF:DA:49:73:0E:85:B3:64:F6:C1:B9:44:9C:BC:1E:B0:F4:61
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/wi7P2klzDoWzZPbBuUScvB6w9GE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.73.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:e8:60:1a:17:37:a1:2d:86:83:a9:61:5d:f3:f6:20:62:f8:
         4e:2f:9e:0e:56:3b:3b:39:96:9e:14:a1:03:ef:49:d9:fd:f6:
         e6:a0:5e:fa:fa:3e:13:32:a8:12:71:55:65:92:89:85:89:20:
         b7:3b:78:c1:0c:23:e3:f9:d7:82:f6:c8:ea:a0:ef:12:83:bb:
         9d:01:5a:b4:8d:4b:ba:8e:b5:c2:4a:31:83:59:58:03:13:e5:
         d7:cd:2f:82:b9:e8:4c:18:d6:fe:0a:34:83:ad:d3:a1:4a:5b:
         14:d0:b8:96:54:f4:5b:c4:70:2a:57:c3:52:07:04:a7:e8:7d:
         2d:05:77:6d:c0:13:cc:45:fc:2e:12:fa:6d:18:6e:d4:ef:5d:
         26:e1:16:1b:25:84:84:03:43:d8:f4:33:32:47:12:65:03:9f:
         59:26:27:25:d0:d5:3a:e7:c0:88:13:9c:af:05:dd:52:d1:f1:
         83:b3:85:47:a3:cf:a6:27:6e:94:fe:fa:0d:4e:24:42:12:69:
         c6:c8:f9:b1:58:b7:ca:9c:65:7d:b6:e8:3d:e4:15:18:b7:8c:
         95:98:27:d9:fb:92:60:b1:ab:6c:76:35:ba:4e:b8:25:0b:1e:
         9f:0e:c5:05:e2:0e:eb:eb:03:a0:68:1e:08:43:b6:41:e2:7c:
         7e:be:ae:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZitZcSqb30HUT0sfFqqu4H8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwODE1MTEwMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjJlY2ZkYTQ5NzMwZTg1YjM2NGY2YzFiOTQ0OWNiYzFlYjBmNDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvot+NtDWwMtKBzzxagWPkzfhwd+G
Lfswbd9/gFRJWHQkeF1aQ52nI8yIEqHxCx4XZap+lfNIJ3zDsGabQXqPLTPUfOF7
CJE3Y+JN41bL3iaUy0HDBTsuuVWpxA4t7C81sTOHZogQUjKydCGHMJ/Ge99Vq1d8
M7VL6aiviNB0TsoxPnAPBgqwzRG9ITmpqlj2pc2gQ1HCWjRNUZaNeG48zV1b8bH+
p1E0UyhyHcfGWz90Y/iQogGwz2M9abw7AdKwxzrb9Kl00IEc3uSAC9otgqm+F8L6
1mU3Cdrj/ZpWfvumfL1EF7gT3ir0Cjb+IpLi0eKox4zjfNJO/3lFSvwoYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMIuz9pJcw6Fs2T2wblEnLwesPRhMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvd2k3UDJrbHpEb1d6WlBiQnVVU2N2QjZ3OUdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ0kiMA0G
CSqGSIb3DQEBCwUAA4IBAQAS6GAaFzehLYaDqWFd8/YgYvhOL54OVjs7OZaeFKED
70nZ/fbmoF76+j4TMqgScVVlkomFiSC3O3jBDCPj+deC9sjqoO8Sg7udAVq0jUu6
jrXCSjGDWVgDE+XXzS+CuehMGNb+CjSDrdOhSlsU0LiWVPRbxHAqV8NSBwSn6H0t
BXdtwBPMRfwuEvptGG7U710m4RYbJYSEA0PY9DMyRxJlA59ZJicl0NU658CIE5yv
Bd1S0fGDs4VHo8+mJ26U/voNTiRCEmnGyPmxWLfKnGV9tug95BUYt4yVmCfZ+5Jg
satsdjW6TrglCx6fDsUF4g7r6wOgaB4IQ7ZB4nx+vq5M
-----END CERTIFICATE-----