Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/RjIDNrkyYFiUXAACYqdU6Zr9skA.roa
File:                     RjIDNrkyYFiUXAACYqdU6Zr9skA.roa (raw, json)
Hash identifier:          2nWH23XnIXOv7dQudhroqp4PyvZCCMFvs3Wd9uOXNrE=
Subject key identifier:   46:32:03:36:B9:32:60:58:94:5C:00:02:62:A7:54:E9:9A:FD:B2:40
Certificate issuer:       /CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
Certificate serial:       019D225B5BFB46D9CD909B95E349BE997368
Authority key identifier: B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/RjIDNrkyYFiUXAACYqdU6Zr9skA.roa
Signing time:             Wed 25 Mar 2026 00:18:25 +0000
ROA not before:           Wed 25 Mar 2026 00:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58026
IP address blocks:        103.124.182.0/23 maxlen: 23
                          103.250.172.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:22:5b:5b:fb:46:d9:cd:90:9b:95:e3:49:be:99:73:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
        Validity
            Not Before: Mar 25 00:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=46320336b9326058945c000262a754e99afdb240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:06:5c:69:38:7f:79:81:16:d2:e0:66:cd:09:
                    50:9a:81:5b:1f:5a:2f:e6:35:69:85:fa:f4:85:d1:
                    e6:1d:44:83:72:aa:83:eb:5b:44:bc:7c:89:22:72:
                    92:ce:8e:c6:0e:5c:a6:bf:8e:22:a4:eb:7a:29:c5:
                    7e:1b:93:a9:e3:18:4d:f9:c9:f5:fa:53:fc:96:fa:
                    3d:c4:96:14:be:6c:ab:64:9c:79:03:47:5b:64:e5:
                    79:11:76:55:c4:75:d5:93:b6:fe:35:72:b6:1f:82:
                    4f:eb:ec:3f:bd:04:2d:a4:63:e4:fc:e9:33:65:0d:
                    45:69:8c:58:89:68:b3:3f:6d:52:e0:7e:dc:f5:2f:
                    29:61:7a:37:15:91:03:84:43:d2:a5:70:71:20:13:
                    15:fe:07:d1:18:3d:b1:7d:2a:ae:18:df:a2:ef:0d:
                    b9:81:15:a9:d2:98:dc:06:39:67:57:e3:2e:76:13:
                    9c:85:56:24:50:00:70:31:2d:87:a7:5b:ee:f3:23:
                    e1:be:61:f8:82:c8:27:f0:f7:8e:4f:95:e3:79:bd:
                    8d:40:f3:cd:69:40:fa:fe:0c:39:62:5a:b6:63:97:
                    a1:49:76:c2:15:17:3e:6c:9b:34:2c:06:1b:3b:d2:
                    2c:6f:b5:34:6b:c8:b0:2f:1a:7b:53:af:71:86:2d:
                    bd:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:32:03:36:B9:32:60:58:94:5C:00:02:62:A7:54:E9:9A:FD:B2:40
            X509v3 Authority Key Identifier:
                keyid:B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/RjIDNrkyYFiUXAACYqdU6Zr9skA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.124.182.0/23
                  103.250.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:f1:1b:f3:14:2e:c8:52:58:92:86:e8:4d:5a:b9:ca:13:64:
         ae:69:35:2b:97:07:a2:03:b1:eb:61:06:dc:d5:ff:a2:58:83:
         c9:a2:3a:ec:1f:6e:47:6c:fc:71:bb:d8:4e:3f:95:c8:e9:77:
         03:24:ca:67:8e:23:9b:d5:73:fb:01:49:33:11:ce:9d:d3:06:
         01:c0:ca:c9:99:0c:4e:08:b6:94:c0:da:25:36:98:af:24:1a:
         39:bb:92:33:cf:31:4b:47:d3:ae:e0:f7:45:b3:1c:7c:49:56:
         9f:33:ff:26:e2:7e:80:bf:f2:f1:62:e2:db:91:7f:23:5e:b5:
         82:8a:fb:ce:49:f3:5c:bb:06:38:ed:bc:0f:2d:16:16:c5:8c:
         4c:e3:70:5d:7b:00:d7:22:b4:f5:86:dd:55:46:24:fd:ab:51:
         ec:7a:90:d7:9e:ba:e5:95:9a:e9:43:ef:8f:b6:bb:9d:46:09:
         13:bd:0c:99:81:8d:81:b0:99:d4:1f:82:e0:dc:15:f3:fa:b7:
         b3:3e:b1:e4:b6:ba:5c:30:b7:0d:67:19:ea:0f:03:6c:c3:3b:
         53:d6:4e:b2:c4:03:b2:ee:8d:54:cd:f6:6f:b8:f4:da:a4:a3:
         c5:07:30:e0:04:40:b4:0e:48:7b:73:0a:b3:3c:c2:be:2f:46:
         3f:92:6e:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0iW1v7RtnNkJuV40m+mXNoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MDRjYzBlMDM4ZWIwZTY5N2VjNmU3YWU0OWQwMjg2MTQ2
ZTBjMWEwHhcNMjYwMzI1MDAxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjMyMDMzNmI5MzI2MDU4OTQ1YzAwMDI2MmE3NTRlOTlhZmRiMjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AZcaTh/eYEW0uBmzQlQmoFbH1ov
5jVphfr0hdHmHUSDcqqD61tEvHyJInKSzo7GDlymv44ipOt6KcV+G5Op4xhN+cn1
+lP8lvo9xJYUvmyrZJx5A0dbZOV5EXZVxHXVk7b+NXK2H4JP6+w/vQQtpGPk/Okz
ZQ1FaYxYiWizP21S4H7c9S8pYXo3FZEDhEPSpXBxIBMV/gfRGD2xfSquGN+i7w25
gRWp0pjcBjlnV+MudhOchVYkUABwMS2Hp1vu8yPhvmH4gsgn8PeOT5Xjeb2NQPPN
aUD6/gw5Ylq2Y5ehSXbCFRc+bJs0LAYbO9Isb7U0a8iwLxp7U69xhi297QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEYyAza5MmBYlFwAAmKnVOma/bJAMB8GA1UdIwQY
MBaAFLQEzA4DjrDml+xueuSdAoYUbgwaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1Yjkt
ODZhMmYwNjdiNGU4LzEvUmpJRE5ya3lZRmlVWEFBQ1lxZFU2WnI5c2tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1YjktODZhMmYwNjdiNGU4
LzEvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBZ3y2AwQC
Z/qsMA0GCSqGSIb3DQEBCwUAA4IBAQCk8RvzFC7IUliShuhNWrnKE2SuaTUrlwei
A7HrYQbc1f+iWIPJojrsH25HbPxxu9hOP5XI6XcDJMpnjiOb1XP7AUkzEc6d0wYB
wMrJmQxOCLaUwNolNpivJBo5u5IzzzFLR9Ou4PdFsxx8SVafM/8m4n6Av/LxYuLb
kX8jXrWCivvOSfNcuwY47bwPLRYWxYxM43BdewDXIrT1ht1VRiT9q1HsepDXnrrl
lZrpQ++PtrudRgkTvQyZgY2BsJnUH4Lg3BXz+rezPrHktrpcMLcNZxnqDwNswztT
1k6yxAOy7o1UzfZvuPTapKPFBzDgBEC0Dkh7cwqzPMK+L0Y/km62
-----END CERTIFICATE-----