Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/d2SZlsB-wtw2rdBFFD1jZgKbUm8.roa
File:                     d2SZlsB-wtw2rdBFFD1jZgKbUm8.roa (raw, json)
Hash identifier:          Cq2pDyZVOBD+G7jZq4pWQLc2fvZ4hQdcXPmjzpo8ybo=
Subject key identifier:   77:64:99:96:C0:7E:C2:DC:36:AD:D0:45:14:3D:63:66:02:9B:52:6F
Certificate issuer:       /CN=e754c347d68d15493de71bb962f0a567e134d603
Certificate serial:       019894B286F4A3E98461AA13BC22AB3BE10A
Authority key identifier: E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/d2SZlsB-wtw2rdBFFD1jZgKbUm8.roa
Signing time:             Sun 10 Aug 2025 15:56:24 +0000
ROA not before:           Sun 10 Aug 2025 15:56:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136744
IP address blocks:        103.35.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:94:b2:86:f4:a3:e9:84:61:aa:13:bc:22:ab:3b:e1:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e754c347d68d15493de71bb962f0a567e134d603
        Validity
            Not Before: Aug 10 15:56:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77649996c07ec2dc36add045143d6366029b526f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:12:1c:f4:2b:d6:28:76:89:36:0a:e3:93:64:
                    d4:1f:bb:f2:7e:d8:0b:20:6a:61:34:77:b2:b6:36:
                    cd:b0:b2:ee:ca:81:8c:32:74:cb:fc:37:1a:ea:d2:
                    b6:94:6e:f0:20:d2:c5:39:99:70:af:97:60:da:d2:
                    e0:9c:96:4d:1a:b7:c4:36:a8:74:97:47:05:be:5d:
                    b4:8b:d0:0b:37:d4:bd:bf:e6:03:75:fc:43:e9:39:
                    b6:39:c6:09:57:95:05:57:f4:cc:88:fd:eb:ae:fc:
                    d8:9f:24:11:86:14:78:fe:a2:3e:f8:0f:c9:d4:42:
                    94:4c:bd:e6:1e:14:ff:3b:ea:4b:4b:93:7d:3c:22:
                    22:b6:e8:f6:55:c8:f1:a5:02:bc:a8:80:fb:00:37:
                    c5:50:14:20:a6:c0:1d:16:70:5d:45:1a:69:d0:2a:
                    ec:96:5b:3a:89:42:37:72:0f:23:e3:19:ef:5f:3a:
                    65:b7:10:06:6c:fb:2c:bc:df:c6:34:ea:6e:e5:6e:
                    10:db:23:53:de:f3:b6:93:b9:ec:a8:5a:50:06:19:
                    fd:1e:81:94:fe:48:1e:92:e5:d0:a1:04:2f:92:fd:
                    cd:1a:e3:b5:05:b6:c9:88:ca:71:3a:53:dc:b4:c9:
                    8b:3f:07:c6:f7:78:be:4d:a8:4f:8f:2f:f7:42:49:
                    3e:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:64:99:96:C0:7E:C2:DC:36:AD:D0:45:14:3D:63:66:02:9B:52:6F
            X509v3 Authority Key Identifier:
                keyid:E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/d2SZlsB-wtw2rdBFFD1jZgKbUm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.35.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:f4:1c:17:6e:a4:11:69:be:9e:0d:c2:51:32:19:98:32:8a:
         2d:b6:07:1f:8a:b5:ff:74:15:83:81:44:8f:2d:44:21:11:97:
         eb:d5:68:65:b2:cd:23:d2:3d:9f:7b:e2:1c:c9:7e:6c:b3:8a:
         32:9f:b0:e9:0e:50:70:12:9b:32:5d:72:3a:b7:ab:0a:6b:0d:
         ab:67:b3:46:0d:11:cf:8d:64:1a:45:58:5b:50:c3:6b:54:de:
         4b:0e:17:bc:3c:a4:68:8a:e2:af:45:ac:9f:31:58:d6:6a:f7:
         2e:61:30:37:47:90:ea:aa:70:4a:cc:08:2b:8c:eb:2d:6a:d4:
         92:f3:07:9e:c6:66:bc:c9:99:05:2b:1a:3b:08:16:77:d0:61:
         79:1d:60:fe:03:79:13:ff:f6:05:85:8b:f1:36:d3:e2:44:e3:
         56:81:a6:7f:18:9b:d2:79:a0:bc:40:57:91:e2:e5:3f:33:8c:
         86:23:e7:f1:10:d9:06:a3:ee:cd:64:f6:a0:70:b0:b7:99:da:
         a1:34:63:77:fd:e0:2b:18:e1:1f:c1:f1:db:18:77:cc:3c:6b:
         6b:1d:9a:bc:28:7d:81:10:78:32:9f:3e:e8:85:a3:92:4b:11:
         e2:88:58:ce:ae:94:6b:7e:82:dc:61:42:75:4a:2a:9e:ef:97:
         cd:b4:af:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiUsob0o+mEYaoTvCKrO+EKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTRjMzQ3ZDY4ZDE1NDkzZGU3MWJiOTYyZjBhNTY3ZTEz
NGQ2MDMwHhcNMjUwODEwMTU1NjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzY0OTk5NmMwN2VjMmRjMzZhZGQwNDUxNDNkNjM2NjAyOWI1MjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0RIc9CvWKHaJNgrjk2TUH7vyftgL
IGphNHeytjbNsLLuyoGMMnTL/Dca6tK2lG7wINLFOZlwr5dg2tLgnJZNGrfENqh0
l0cFvl20i9ALN9S9v+YDdfxD6Tm2OcYJV5UFV/TMiP3rrvzYnyQRhhR4/qI++A/J
1EKUTL3mHhT/O+pLS5N9PCIituj2VcjxpQK8qID7ADfFUBQgpsAdFnBdRRpp0Crs
lls6iUI3cg8j4xnvXzpltxAGbPssvN/GNOpu5W4Q2yNT3vO2k7nsqFpQBhn9HoGU
/kgekuXQoQQvkv3NGuO1BbbJiMpxOlPctMmLPwfG93i+TahPjy/3Qkk+OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdkmZbAfsLcNq3QRRQ9Y2YCm1JvMB8GA1UdIwQY
MBaAFOdUw0fWjRVJPecbuWLwpWfhNNYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2It
MzdiNjJkMjIzOTI0LzEvZDJTWmxzQi13dHcycmRCRkZEMWpaZ0tiVW04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2ItMzdiNjJkMjIzOTI0
LzEvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCZyM4MA0G
CSqGSIb3DQEBCwUAA4IBAQA39BwXbqQRab6eDcJRMhmYMoottgcfirX/dBWDgUSP
LUQhEZfr1Whlss0j0j2fe+IcyX5ss4oyn7DpDlBwEpsyXXI6t6sKaw2rZ7NGDRHP
jWQaRVhbUMNrVN5LDhe8PKRoiuKvRayfMVjWavcuYTA3R5DqqnBKzAgrjOstatSS
8weexma8yZkFKxo7CBZ30GF5HWD+A3kT//YFhYvxNtPiRONWgaZ/GJvSeaC8QFeR
4uU/M4yGI+fxENkGo+7NZPagcLC3mdqhNGN3/eArGOEfwfHbGHfMPGtrHZq8KH2B
EHgynz7ohaOSSxHiiFjOrpRrfoLcYUJ1Siqe75fNtK+9
-----END CERTIFICATE-----