Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Hy8NAk4JXBUfUHdtJsdgdVuDWCI.roa
File:                     Hy8NAk4JXBUfUHdtJsdgdVuDWCI.roa (raw, json)
Hash identifier:          4GlADzQeT3p18Y0wbU0SDr91jXtZvEw1WwFOb/jQ7/c=
Subject key identifier:   1F:2F:0D:02:4E:09:5C:15:1F:50:77:6D:26:C7:60:75:5B:83:58:22
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       01977EC2639B26EFD1405FA194BC53B742A3
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Hy8NAk4JXBUfUHdtJsdgdVuDWCI.roa
Signing time:             Tue 17 Jun 2025 16:39:18 +0000
ROA not before:           Tue 17 Jun 2025 16:39:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     132750
IP address blocks:        103.47.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7e:c2:63:9b:26:ef:d1:40:5f:a1:94:bc:53:b7:42:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jun 17 16:39:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f2f0d024e095c151f50776d26c760755b835822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e5:a2:6b:a0:b0:f5:d0:e6:b2:e2:f1:e5:a5:
                    f4:61:6f:d6:1d:9e:17:2b:6e:86:7a:0e:48:4a:ed:
                    2e:e4:90:2f:49:ba:14:f5:9c:8b:d4:18:c3:64:45:
                    2a:40:1f:46:8b:56:d6:91:18:80:37:10:ca:e9:e6:
                    74:90:7a:03:06:96:35:b7:83:49:35:2e:24:33:93:
                    2e:f0:fb:59:5a:8b:ee:87:7d:30:47:b7:bc:97:40:
                    28:ba:f7:20:4a:29:a7:2b:07:70:33:57:4c:5c:89:
                    46:43:60:33:20:54:b5:0a:8e:c6:b1:a2:f0:9f:c9:
                    bd:88:11:3f:9e:5f:23:32:2f:a8:e5:04:df:ea:3e:
                    b9:bf:d6:60:8e:d6:43:48:7a:fd:d8:5f:ca:6a:dd:
                    21:19:96:e3:87:dc:dc:83:b1:1f:f0:a8:60:d4:dd:
                    b0:0f:bc:44:fc:14:4c:21:82:9d:f2:c8:b7:c3:fa:
                    d7:bf:91:71:60:5e:54:22:9b:ea:65:39:73:2c:69:
                    92:7e:7f:b4:5c:1f:96:a6:21:07:cb:ec:22:13:83:
                    5d:0f:a3:ff:56:c0:d9:ce:41:af:92:ff:88:92:0f:
                    85:80:3a:50:bb:92:00:27:83:67:b5:4b:3a:3e:cf:
                    b3:45:78:e9:1c:c6:ba:63:77:8c:56:c1:4b:a6:44:
                    86:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:2F:0D:02:4E:09:5C:15:1F:50:77:6D:26:C7:60:75:5B:83:58:22
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Hy8NAk4JXBUfUHdtJsdgdVuDWCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.47.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:9f:a0:64:41:e6:68:94:dd:d3:b9:60:c0:d2:77:93:90:cc:
         bd:68:07:3c:a2:8a:19:5a:2e:d3:0d:29:b9:4c:e5:91:55:3a:
         60:1c:13:ad:97:90:35:1e:34:44:46:30:db:35:87:20:26:08:
         df:d9:3c:8b:3a:8e:d3:e7:0e:f5:54:6f:1b:65:de:73:b6:da:
         87:9c:9d:e5:f2:2d:5b:a3:06:7d:ef:08:dc:65:42:7f:ce:8d:
         c9:34:de:40:d7:ac:f2:2e:5b:84:de:f5:3b:82:35:43:b2:84:
         f2:1c:9a:92:c0:c9:28:22:ed:1e:4c:6e:a2:4b:e2:fc:10:a3:
         a2:00:ac:1c:80:0c:0b:51:1b:ef:e7:fa:ed:d1:83:55:71:d2:
         17:88:ed:8e:e8:ce:95:82:c7:08:09:83:ec:77:a9:3f:ac:e5:
         4e:e7:f9:91:09:12:bc:c0:e7:07:12:7d:cc:4e:af:0f:86:ec:
         09:1b:eb:32:5d:df:59:c9:ad:70:b4:9e:89:e0:46:1f:10:8e:
         af:bf:16:d8:59:ac:f9:67:24:21:54:29:8a:92:58:5a:6c:fc:
         93:27:cb:2a:76:72:11:14:37:37:ca:84:1b:d2:9f:5b:9a:39:
         89:88:9c:0e:bf:08:90:b0:7b:c2:5b:dc:ee:ed:f5:f3:c1:3b:
         a1:d8:d5:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd+wmObJu/RQF+hlLxTt0KjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNjE3MTYzOTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjJmMGQwMjRlMDk1YzE1MWY1MDc3NmQyNmM3NjA3NTViODM1ODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruWia6Cw9dDmsuLx5aX0YW/WHZ4X
K26Geg5ISu0u5JAvSboU9ZyL1BjDZEUqQB9Gi1bWkRiANxDK6eZ0kHoDBpY1t4NJ
NS4kM5Mu8PtZWovuh30wR7e8l0AouvcgSimnKwdwM1dMXIlGQ2AzIFS1Co7GsaLw
n8m9iBE/nl8jMi+o5QTf6j65v9ZgjtZDSHr92F/Kat0hGZbjh9zcg7Ef8Khg1N2w
D7xE/BRMIYKd8si3w/rXv5FxYF5UIpvqZTlzLGmSfn+0XB+WpiEHy+wiE4NdD6P/
VsDZzkGvkv+Ikg+FgDpQu5IAJ4NntUs6Ps+zRXjpHMa6Y3eMVsFLpkSG0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB8vDQJOCVwVH1B3bSbHYHVbg1giMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvSHk4TkFrNEpYQlVmVUhkdEpzZGdkVnVEV0NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZy84MA0G
CSqGSIb3DQEBCwUAA4IBAQDSn6BkQeZolN3TuWDA0neTkMy9aAc8oooZWi7TDSm5
TOWRVTpgHBOtl5A1HjRERjDbNYcgJgjf2TyLOo7T5w71VG8bZd5zttqHnJ3l8i1b
owZ97wjcZUJ/zo3JNN5A16zyLluE3vU7gjVDsoTyHJqSwMkoIu0eTG6iS+L8EKOi
AKwcgAwLURvv5/rt0YNVcdIXiO2O6M6VgscICYPsd6k/rOVO5/mRCRK8wOcHEn3M
Tq8PhuwJG+syXd9Zya1wtJ6J4EYfEI6vvxbYWaz5ZyQhVCmKklhabPyTJ8sqdnIR
FDc3yoQb0p9bmjmJiJwOvwiQsHvCW9zu7fXzwTuh2NWZ
-----END CERTIFICATE-----