Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/cmlHt4pOUi0T03itYcy6M25hFeI.roa
File:                     cmlHt4pOUi0T03itYcy6M25hFeI.roa (raw, json)
Hash identifier:          GfI/RTBs/mI2SnEu3Myt5rd1RHfAZXbegTZhtabUYwg=
Subject key identifier:   72:69:47:B7:8A:4E:52:2D:13:D3:78:AD:61:CC:BA:33:6E:61:15:E2
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       019CFBEA6AD44AC3BFEFF26C30F62E03AB64
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/cmlHt4pOUi0T03itYcy6M25hFeI.roa
Signing time:             Tue 17 Mar 2026 13:09:29 +0000
ROA not before:           Tue 17 Mar 2026 13:09:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26383
IP address blocks:        103.145.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fb:ea:6a:d4:4a:c3:bf:ef:f2:6c:30:f6:2e:03:ab:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Mar 17 13:09:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=726947b78a4e522d13d378ad61ccba336e6115e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:fd:0b:56:18:ba:ee:41:6e:5a:cb:d8:a3:3e:
                    34:1f:30:75:02:01:95:f9:1a:01:1f:31:12:dc:4d:
                    a1:07:de:d5:2a:ac:63:c3:7f:a7:9b:70:24:93:61:
                    52:b2:c6:d9:cd:e1:c1:83:d9:ee:9f:6b:e7:e7:95:
                    07:f8:96:e8:74:4d:80:6f:3f:a0:8f:5a:1e:df:5f:
                    f9:ef:5d:40:71:81:75:b4:bf:21:e1:31:72:db:fa:
                    03:31:39:1f:b4:18:65:b8:22:65:17:fe:56:c2:50:
                    d8:85:b4:b7:65:d4:c5:c4:a3:ea:0a:16:ec:12:51:
                    68:eb:b8:68:ea:de:df:9a:71:e6:32:a7:fc:15:92:
                    20:7d:67:ee:a2:10:e9:7a:f5:e7:88:38:1f:e6:4f:
                    41:83:0b:30:71:77:6a:11:89:79:4f:0e:5f:6b:85:
                    3e:91:43:5a:72:ff:53:cd:05:b1:7b:f2:b2:b8:d8:
                    92:bc:df:d5:8c:e3:ee:a4:f0:19:a4:47:a9:dc:28:
                    8c:41:aa:8f:b5:61:39:b3:98:53:4b:02:6a:41:8d:
                    00:14:f4:91:61:01:8a:14:80:2b:ec:20:25:ea:0e:
                    62:94:e2:b1:14:07:56:d4:cc:d1:6c:5e:5f:2a:04:
                    42:f1:f8:06:c7:d8:b6:52:dd:31:43:2a:e5:a9:8b:
                    86:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:69:47:B7:8A:4E:52:2D:13:D3:78:AD:61:CC:BA:33:6E:61:15:E2
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/cmlHt4pOUi0T03itYcy6M25hFeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.145.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:66:5c:25:1e:5a:fb:9a:6e:0c:75:bc:e4:1d:08:ba:a4:6e:
         35:53:60:09:bf:65:f1:af:22:62:2d:c6:8f:6d:f6:b2:61:1e:
         42:a3:6a:8a:f7:51:bb:b2:26:b9:f0:cf:a8:59:30:91:3c:69:
         c6:92:40:8d:5a:99:cb:f1:82:81:b0:43:a3:20:71:1a:66:4e:
         88:21:e1:92:c4:d3:40:fa:45:d2:62:1c:e6:c2:5b:3b:58:fc:
         38:8b:50:30:22:f5:3c:1b:36:e2:f7:00:c3:49:6c:1a:b9:1c:
         ce:38:ce:d0:bf:0e:5a:eb:d9:83:3b:af:ff:e9:d3:a6:28:ed:
         4a:fe:5d:3c:5b:d9:5e:b6:85:2a:5e:62:4f:57:b8:f0:a1:58:
         0e:a2:1e:96:35:a1:80:1c:08:ac:f1:3d:e7:88:2a:94:8a:16:
         98:e4:87:08:13:70:d4:0b:ec:01:45:90:7a:3d:1a:1c:7a:34:
         32:63:8d:2b:f5:92:f1:8e:9d:16:c2:29:54:a2:49:0b:21:dc:
         35:fe:e8:4e:e8:2a:1c:36:94:b3:24:13:6f:b1:ca:18:bc:b6:
         3f:b2:34:aa:d4:59:91:9b:d1:50:8e:27:e9:7c:ff:fa:9c:7e:
         33:33:dd:0d:c4:be:31:02:4a:0e:45:a7:2b:31:e9:76:45:be:
         ba:e2:f2:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz76mrUSsO/7/JsMPYuA6tkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjYwMzE3MTMwOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjY5NDdiNzhhNGU1MjJkMTNkMzc4YWQ2MWNjYmEzMzZlNjExNWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3f0LVhi67kFuWsvYoz40HzB1AgGV
+RoBHzES3E2hB97VKqxjw3+nm3Akk2FSssbZzeHBg9nun2vn55UH+JbodE2Abz+g
j1oe31/5711AcYF1tL8h4TFy2/oDMTkftBhluCJlF/5WwlDYhbS3ZdTFxKPqChbs
ElFo67ho6t7fmnHmMqf8FZIgfWfuohDpevXniDgf5k9BgwswcXdqEYl5Tw5fa4U+
kUNacv9TzQWxe/KyuNiSvN/VjOPupPAZpEep3CiMQaqPtWE5s5hTSwJqQY0AFPSR
YQGKFIAr7CAl6g5ilOKxFAdW1MzRbF5fKgRC8fgGx9i2Ut0xQyrlqYuGoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJpR7eKTlItE9N4rWHMujNuYRXiMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvY21sSHQ0cE9VaTBUMDNpdFljeTZNMjVoRmVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ5EUMA0G
CSqGSIb3DQEBCwUAA4IBAQCqZlwlHlr7mm4MdbzkHQi6pG41U2AJv2XxryJiLcaP
bfayYR5Co2qK91G7sia58M+oWTCRPGnGkkCNWpnL8YKBsEOjIHEaZk6IIeGSxNNA
+kXSYhzmwls7WPw4i1AwIvU8Gzbi9wDDSWwauRzOOM7Qvw5a69mDO6//6dOmKO1K
/l08W9letoUqXmJPV7jwoVgOoh6WNaGAHAis8T3niCqUihaY5IcIE3DUC+wBRZB6
PRocejQyY40r9ZLxjp0WwilUokkLIdw1/uhO6CocNpSzJBNvscoYvLY/sjSq1FmR
m9FQjifpfP/6nH4zM90NxL4xAkoORacrMel2Rb664vK/
-----END CERTIFICATE-----