Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/_Vz2AEmZ4dDgj8Ud8EDnRZzqDhg.roa
File:                     _Vz2AEmZ4dDgj8Ud8EDnRZzqDhg.roa (raw, json)
Hash identifier:          a0HQa5htazrnK7Glu+swssGtSBkAyFnuHUYyfJ+ATNo=
Subject key identifier:   FD:5C:F6:00:49:99:E1:D0:E0:8F:C5:1D:F0:40:E7:45:9C:EA:0E:18
Certificate issuer:       /CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Certificate serial:       019D0A08EA0FC0A2DC381A2AC606504842D4
Authority key identifier: 5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/_Vz2AEmZ4dDgj8Ud8EDnRZzqDhg.roa
Signing time:             Fri 20 Mar 2026 06:57:29 +0000
ROA not before:           Fri 20 Mar 2026 06:57:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        14.102.10.0/24 maxlen: 24
                          114.69.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0a:08:ea:0f:c0:a2:dc:38:1a:2a:c6:06:50:48:42:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
        Validity
            Not Before: Mar 20 06:57:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd5cf6004999e1d0e08fc51df040e7459cea0e18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:81:98:3e:6c:4d:f6:18:39:f4:a5:fe:f7:de:
                    8b:2d:e5:fd:24:57:0a:97:3a:67:e0:79:ac:d3:89:
                    10:a6:d0:e5:13:9a:60:26:7a:57:ff:d9:d6:8a:3e:
                    37:b0:75:28:a4:a0:7c:ac:ca:23:cb:99:f1:15:fe:
                    c2:7e:b0:53:19:00:77:8d:be:c7:20:f5:d1:0a:77:
                    f2:d1:bd:5c:e8:ec:1c:8c:d6:d0:e5:08:4f:5a:98:
                    c9:73:a0:6e:39:3b:e4:db:75:2b:e4:2c:34:32:7a:
                    21:7e:03:40:67:6f:af:c3:b9:03:ef:02:cb:44:b8:
                    ba:79:99:94:b6:c4:e5:05:11:a2:5d:7d:a0:bf:52:
                    15:b5:f0:3b:bb:35:2c:8c:eb:82:59:36:79:d1:11:
                    7b:fd:47:e9:89:7f:df:36:7e:55:d6:0d:c6:97:8b:
                    f6:1a:b2:45:a3:49:5b:3e:4a:6b:37:2e:b6:93:cf:
                    ee:1e:fd:26:f2:2f:e5:00:d5:3d:29:08:f0:57:d6:
                    3f:1b:6a:08:46:dc:c7:ef:96:cc:72:37:10:57:d7:
                    ea:c3:1e:8b:b4:97:ba:ec:6e:52:da:fb:c6:b4:b0:
                    4c:aa:4b:72:c8:3d:22:81:73:0c:d8:97:ca:df:83:
                    6a:de:c3:b2:45:42:2b:1f:6f:54:c6:61:04:e3:74:
                    88:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:5C:F6:00:49:99:E1:D0:E0:8F:C5:1D:F0:40:E7:45:9C:EA:0E:18
            X509v3 Authority Key Identifier:
                keyid:5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/_Vz2AEmZ4dDgj8Ud8EDnRZzqDhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.10.0/24
                  114.69.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:24:9c:00:64:07:d2:ff:d5:a9:4f:c7:d5:87:6e:8e:ef:eb:
         47:8e:bb:cf:df:5a:b2:07:3a:3d:b2:51:ce:9a:61:d9:61:21:
         90:95:9f:a2:1d:77:55:34:9d:05:01:01:40:ba:91:6d:f4:79:
         79:83:40:49:98:6e:32:78:cc:e1:7b:12:43:d0:bf:60:9c:db:
         19:8d:9f:07:df:23:49:1f:c0:a4:d1:1a:b8:d7:dd:a5:a1:91:
         85:18:79:a7:85:0f:06:b5:75:4a:8a:0e:1a:64:b2:90:5d:01:
         f9:2a:7c:98:8e:b7:bb:df:f4:5c:12:9f:e2:70:78:97:b2:e3:
         fd:8e:a7:99:2d:54:f7:93:4e:6d:b8:1c:32:52:2e:6a:44:d5:
         a2:8d:d8:b3:52:ec:62:69:ab:52:a5:0e:b9:09:6e:f1:a2:02:
         c4:08:87:9b:c4:e9:84:15:74:82:b6:be:22:27:db:81:79:14:
         36:3b:ad:e0:f4:41:30:d5:e0:d0:60:b9:b3:00:88:51:45:9e:
         56:a8:9b:6d:7f:21:89:5d:a5:78:a0:25:87:eb:e6:cc:56:b9:
         09:0b:75:e7:62:f4:ac:53:a7:56:f6:01:0b:bd:9e:fa:4a:55:
         de:39:72:78:74:4e:ca:9f:64:c8:d8:24:b4:64:b6:65:5f:6e:
         21:b5:ce:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0KCOoPwKLcOBoqxgZQSELUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZmNmQyOTliY2RlYzczZDEzZjJkODQyZmMxZGY0YmMx
ZWUyZDMwHhcNMjYwMzIwMDY1NzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDVjZjYwMDQ5OTllMWQwZTA4ZmM1MWRmMDQwZTc0NTljZWEwZTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoGYPmxN9hg59KX+996LLeX9JFcK
lzpn4Hms04kQptDlE5pgJnpX/9nWij43sHUopKB8rMojy5nxFf7CfrBTGQB3jb7H
IPXRCnfy0b1c6OwcjNbQ5QhPWpjJc6BuOTvk23Ur5Cw0MnohfgNAZ2+vw7kD7wLL
RLi6eZmUtsTlBRGiXX2gv1IVtfA7uzUsjOuCWTZ50RF7/UfpiX/fNn5V1g3Gl4v2
GrJFo0lbPkprNy62k8/uHv0m8i/lANU9KQjwV9Y/G2oIRtzH75bMcjcQV9fqwx6L
tJe67G5S2vvGtLBMqktyyD0igXMM2JfK34Nq3sOyRUIrH29UxmEE43SIcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP1c9gBJmeHQ4I/FHfBA50Wc6g4YMB8GA1UdIwQY
MBaAFF3W9tKZvN7HPRPy2EL8HfS8HuLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYt
NTFmNWZmODFjMTE3LzEvX1Z6MkFFbVo0ZERnajhVZDhFRG5SWnpxRGhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYtNTFmNWZmODFjMTE3
LzEvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQADmYKAwQA
ckX1MA0GCSqGSIb3DQEBCwUAA4IBAQByJJwAZAfS/9WpT8fVh26O7+tHjrvP31qy
Bzo9slHOmmHZYSGQlZ+iHXdVNJ0FAQFAupFt9Hl5g0BJmG4yeMzhexJD0L9gnNsZ
jZ8H3yNJH8Ck0Rq4192loZGFGHmnhQ8GtXVKig4aZLKQXQH5KnyYjre73/RcEp/i
cHiXsuP9jqeZLVT3k05tuBwyUi5qRNWijdizUuxiaatSpQ65CW7xogLECIebxOmE
FXSCtr4iJ9uBeRQ2O63g9EEw1eDQYLmzAIhRRZ5WqJttfyGJXaV4oCWH6+bMVrkJ
C3XnYvSsU6dW9gELvZ76SlXeOXJ4dE7Kn2TI2CS0ZLZlX24htc6z
-----END CERTIFICATE-----