Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/9E1599NQd-t2hnSgMI8xzy_TxJU.roa
File:                     9E1599NQd-t2hnSgMI8xzy_TxJU.roa (raw, json)
Hash identifier:          eGi0nRloRS1ibNJKhJIoCOxUIGVgBBarZJJvHFzA8vo=
Subject key identifier:   F4:4D:79:F7:D3:50:77:EB:76:86:74:A0:30:8F:31:CF:2F:D3:C4:95
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019D200EE0A7524D1B01FEA720D2CF4304F5
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/9E1599NQd-t2hnSgMI8xzy_TxJU.roa
Signing time:             Tue 24 Mar 2026 13:35:38 +0000
ROA not before:           Tue 24 Mar 2026 13:35:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402047
IP address blocks:        103.17.201.0/24 maxlen: 24
                          222.167.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:20:0e:e0:a7:52:4d:1b:01:fe:a7:20:d2:cf:43:04:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Mar 24 13:35:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f44d79f7d35077eb768674a0308f31cf2fd3c495
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:45:6c:b0:88:5d:35:20:e6:64:3b:ba:73:c1:
                    c2:a1:c0:35:2c:13:ed:0f:69:f7:67:e1:de:e6:aa:
                    0e:61:74:bb:d1:37:73:ad:0a:3f:80:4f:ca:1f:c7:
                    2f:8b:27:23:26:da:3b:18:c5:b4:58:85:fe:6f:84:
                    6f:dd:aa:75:b6:45:94:cc:7e:f0:29:0a:3b:71:86:
                    f1:48:8e:63:86:0d:a1:a1:65:a9:55:6d:2b:02:55:
                    27:1c:2e:f8:e5:fd:1e:45:f5:8e:de:12:7a:ec:6f:
                    14:db:41:c2:04:4c:84:86:c3:dd:84:75:d7:66:0a:
                    ba:70:fa:d6:53:d9:06:b6:97:b8:1a:e8:be:f7:42:
                    73:2f:d6:9e:f0:c9:5f:76:26:32:cb:4a:f1:27:94:
                    3c:f1:8d:46:64:38:42:d6:41:95:85:8b:bf:02:f0:
                    53:53:9f:0a:57:9d:ab:df:ca:5a:ab:12:fa:6e:5e:
                    32:8d:16:56:e4:23:60:a4:b0:51:72:c0:d5:cd:d3:
                    53:03:21:68:1a:4b:f0:e6:f4:35:d6:8b:e7:af:7f:
                    a9:4d:aa:31:45:4b:5c:81:3d:9a:8d:15:27:23:ba:
                    a2:ff:55:96:59:c4:4f:82:6e:fe:aa:f5:4b:da:ae:
                    96:ca:0e:f2:23:55:17:0c:c7:79:e6:5d:7e:d0:62:
                    18:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:4D:79:F7:D3:50:77:EB:76:86:74:A0:30:8F:31:CF:2F:D3:C4:95
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/9E1599NQd-t2hnSgMI8xzy_TxJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.17.201.0/24
                  222.167.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:19:90:88:9d:d8:8a:43:8d:fd:6c:23:4f:12:75:1b:ae:6d:
         34:4f:86:bc:90:f8:ae:de:c8:f5:5e:f4:a5:5a:b5:01:d2:f2:
         0b:c7:86:64:5f:16:d0:b2:d4:14:f5:a0:f0:52:a8:5c:14:a0:
         b5:a0:be:7f:9e:20:6e:6c:75:07:04:8b:dc:64:ef:6e:36:39:
         59:58:7d:23:c4:6d:1c:80:ae:c3:e7:dc:bb:f0:fd:fc:87:ec:
         9b:72:e8:8d:30:bd:d4:6c:a0:01:0c:74:f2:87:2b:3f:1a:42:
         75:4e:5c:97:ae:2a:3c:28:f1:1c:52:fa:25:c8:8a:79:b7:a1:
         ba:1c:23:05:d1:21:09:d5:56:30:bb:44:ea:6c:8f:b0:96:df:
         5c:73:89:c1:43:a1:e2:db:1a:79:5c:32:96:8d:31:54:d5:d6:
         2f:29:a6:fd:cb:7a:26:eb:3b:f2:7b:ca:87:e3:be:35:03:a3:
         13:3a:19:63:39:75:c6:a5:3d:89:e2:17:1d:ee:3f:5d:0c:cd:
         60:cb:14:09:8f:5c:dc:75:46:48:ab:70:75:cd:35:bc:13:da:
         0b:07:28:ba:a7:d1:1f:d7:27:25:95:a3:03:88:61:52:a1:03:
         90:c1:24:0d:43:78:e1:3b:1b:9b:f5:30:d9:29:af:f4:4f:ed:
         71:75:f6:25
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0gDuCnUk0bAf6nINLPQwT1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzI0MTMzNTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDRkNzlmN2QzNTA3N2ViNzY4Njc0YTAzMDhmMzFjZjJmZDNjNDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkVssIhdNSDmZDu6c8HCocA1LBPt
D2n3Z+He5qoOYXS70TdzrQo/gE/KH8cviycjJto7GMW0WIX+b4Rv3ap1tkWUzH7w
KQo7cYbxSI5jhg2hoWWpVW0rAlUnHC745f0eRfWO3hJ67G8U20HCBEyEhsPdhHXX
Zgq6cPrWU9kGtpe4Gui+90JzL9ae8MlfdiYyy0rxJ5Q88Y1GZDhC1kGVhYu/AvBT
U58KV52r38paqxL6bl4yjRZW5CNgpLBRcsDVzdNTAyFoGkvw5vQ11ovnr3+pTaox
RUtcgT2ajRUnI7qi/1WWWcRPgm7+qvVL2q6Wyg7yI1UXDMd55l1+0GIYUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPRNeffTUHfrdoZ0oDCPMc8v08SVMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvOUUxNTk5TlFkLXQyaG5TZ01JOHh6eV9UeEpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZxHJAwQA
3qfVMA0GCSqGSIb3DQEBCwUAA4IBAQBXGZCIndiKQ439bCNPEnUbrm00T4a8kPiu
3sj1XvSlWrUB0vILx4ZkXxbQstQU9aDwUqhcFKC1oL5/niBubHUHBIvcZO9uNjlZ
WH0jxG0cgK7D59y78P38h+ybcuiNML3UbKABDHTyhys/GkJ1TlyXrio8KPEcUvol
yIp5t6G6HCMF0SEJ1VYwu0TqbI+wlt9cc4nBQ6Hi2xp5XDKWjTFU1dYvKab9y3om
6zvye8qH4741A6MTOhljOXXGpT2J4hcd7j9dDM1gyxQJj1zcdUZIq3B1zTW8E9oL
Byi6p9Ef1ycllaMDiGFSoQOQwSQNQ3jhOxub9TDZKa/0T+1xdfYl
-----END CERTIFICATE-----