Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/uMkH66213_qhzEsky5w_eAzG4PE.roa
File:                     uMkH66213_qhzEsky5w_eAzG4PE.roa (raw, json)
Hash identifier:          G3FGAm6kI+ienzeulLOjE6SAFfTDkDGEtThcSAFVSsM=
Subject key identifier:   B8:C9:07:EB:AD:B5:DF:FA:A1:CC:4B:24:CB:9C:3F:78:0C:C6:E0:F1
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D1CB15ECD1FEF67FED90F5A693BF619F6
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/uMkH66213_qhzEsky5w_eAzG4PE.roa
Signing time:             Mon 23 Mar 2026 21:54:39 +0000
ROA not before:           Mon 23 Mar 2026 21:54:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63023
IP address blocks:        103.114.41.0/24 maxlen: 24
                          2a0f:1740::/29 maxlen: 29
                          2a13:18c2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1c:b1:5e:cd:1f:ef:67:fe:d9:0f:5a:69:3b:f6:19:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 23 21:54:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b8c907ebadb5dffaa1cc4b24cb9c3f780cc6e0f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:9d:bb:8e:cb:4b:11:79:61:7e:1d:84:ed:fc:
                    b4:0b:ae:d7:ab:52:28:95:74:5b:b8:04:57:5d:8f:
                    5e:07:70:70:7c:ea:e3:d4:42:13:5c:b3:20:c4:df:
                    e0:b6:5b:ba:63:1b:47:44:af:3c:b3:f4:4a:d4:f5:
                    8c:0a:ea:f8:1b:cd:2f:81:9b:1e:ba:23:e3:09:2d:
                    73:21:ce:55:44:f2:a4:1a:6e:ec:86:5c:cf:10:70:
                    3c:ae:c9:3e:bd:a2:db:0a:43:2b:f8:08:6f:26:f3:
                    89:4c:ef:16:a6:3c:8d:8d:19:ce:e6:a1:45:31:07:
                    40:b2:f8:2c:fe:5a:6b:b8:61:00:8e:69:fd:85:81:
                    57:ea:9b:d2:ce:8a:b8:e8:2d:d9:e6:ca:03:83:70:
                    cb:38:9f:c3:7a:4c:54:04:b1:8f:7d:85:8b:a7:89:
                    61:88:58:98:f9:7c:f5:fc:a9:3b:93:da:ad:3d:5c:
                    e2:97:a3:83:e0:2b:43:0d:84:87:ee:02:82:77:04:
                    6a:58:a7:46:e6:7d:1a:7f:e0:15:e8:5a:bc:87:68:
                    ba:06:45:94:ea:c2:81:8e:42:84:cc:8b:ba:ba:54:
                    b5:71:51:00:f6:ff:b6:e2:4a:19:bb:f1:18:34:f3:
                    ab:33:ca:2f:24:9e:8b:f7:c5:21:19:3b:79:5d:11:
                    68:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:C9:07:EB:AD:B5:DF:FA:A1:CC:4B:24:CB:9C:3F:78:0C:C6:E0:F1
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/uMkH66213_qhzEsky5w_eAzG4PE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.114.41.0/24
                IPv6:
                  2a0f:1740::/29
                  2a13:18c2::/32

    Signature Algorithm: sha256WithRSAEncryption
         81:ff:14:14:21:73:bf:85:eb:2e:07:ec:ed:2f:fd:ac:b7:a6:
         a5:3c:46:f9:a7:17:27:65:3d:a6:01:bb:b2:31:f1:82:71:17:
         dd:f5:bc:56:fb:65:55:33:d3:e3:28:bd:ba:7d:45:be:1e:b3:
         ac:30:50:f2:d2:2a:c0:43:b4:5a:ea:04:e6:44:01:2f:d2:65:
         4d:6e:bf:cb:c3:a8:99:55:20:81:60:b3:96:dd:47:10:f8:9b:
         cb:6b:c4:63:81:89:5d:25:c7:70:02:cc:b8:df:81:a9:43:be:
         c2:a7:c6:7d:26:28:3d:04:eb:f6:35:39:ed:62:7e:13:36:67:
         99:0a:41:32:48:24:30:da:26:a0:91:ec:40:3f:34:72:48:9d:
         58:d7:ec:15:b6:b9:85:f1:cb:0f:ba:33:1d:97:5e:2d:0f:1a:
         6a:d4:3d:57:c4:d5:9a:27:a0:dd:4e:11:d3:dc:2e:d2:21:83:
         12:03:e8:ce:34:2f:b4:37:f1:25:47:d8:9c:65:45:6a:11:f2:
         d4:88:ec:04:46:e8:42:b4:e2:3c:87:8b:cb:84:6c:47:6f:60:
         eb:b6:b8:83:bf:4f:7b:2d:c0:d8:4f:d9:9f:dc:33:20:30:61:
         3a:4a:c5:c7:a6:d5:00:4c:07:a2:20:3f:5a:a3:b1:00:ea:c0:
         75:38:83:ab
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZ0csV7NH+9n/tkPWmk79hn2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMzIzMjE1NDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGM5MDdlYmFkYjVkZmZhYTFjYzRiMjRjYjljM2Y3ODBjYzZlMGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJ27jstLEXlhfh2E7fy0C67Xq1Io
lXRbuARXXY9eB3BwfOrj1EITXLMgxN/gtlu6YxtHRK88s/RK1PWMCur4G80vgZse
uiPjCS1zIc5VRPKkGm7shlzPEHA8rsk+vaLbCkMr+AhvJvOJTO8WpjyNjRnO5qFF
MQdAsvgs/lpruGEAjmn9hYFX6pvSzoq46C3Z5soDg3DLOJ/DekxUBLGPfYWLp4lh
iFiY+Xz1/Kk7k9qtPVzil6OD4CtDDYSH7gKCdwRqWKdG5n0af+AV6Fq8h2i6BkWU
6sKBjkKEzIu6ulS1cVEA9v+24koZu/EYNPOrM8ovJJ6L98UhGTt5XRFoAwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFLjJB+uttd/6ocxLJMucP3gMxuDxMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvdU1rSDY2MjEzX3FoekVza3k1d19lQXpHNFBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQAZ3IpMBQE
AgACMA4DBQMqDxdAAwUAKhMYwjANBgkqhkiG9w0BAQsFAAOCAQEAgf8UFCFzv4Xr
Lgfs7S/9rLempTxG+acXJ2U9pgG7sjHxgnEX3fW8VvtlVTPT4yi9un1Fvh6zrDBQ
8tIqwEO0WuoE5kQBL9JlTW6/y8OomVUggWCzlt1HEPiby2vEY4GJXSXHcALMuN+B
qUO+wqfGfSYoPQTr9jU57WJ+EzZnmQpBMkgkMNomoJHsQD80ckidWNfsFba5hfHL
D7ozHZdeLQ8aatQ9V8TVmieg3U4R09wu0iGDEgPozjQvtDfxJUfYnGVFahHy1Ijs
BEboQrTiPIeLy4RsR29g67a4g79Pey3A2E/Zn9wzIDBhOkrFx6bVAEwHoiA/WqOx
AOrAdTiDqw==
-----END CERTIFICATE-----