Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/XHgKjO38pNfBvguSYH5AzB6NU48.roa
File:                     XHgKjO38pNfBvguSYH5AzB6NU48.roa (raw, json)
Hash identifier:          cLraLK0HrBC1+uwEoZJlLzb/oO0jxC4wj9o4Xo8AIII=
Subject key identifier:   5C:78:0A:8C:ED:FC:A4:D7:C1:BE:0B:92:60:7E:40:CC:1E:8D:53:8F
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       0198039D2B60A7FA68BE4CEE973FC77E43A4
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/XHgKjO38pNfBvguSYH5AzB6NU48.roa
Signing time:             Sun 13 Jul 2025 11:48:08 +0000
ROA not before:           Sun 13 Jul 2025 11:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63023
IP address blocks:        103.136.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 06:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:03:9d:2b:60:a7:fa:68:be:4c:ee:97:3f:c7:7e:43:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jul 13 11:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c780a8cedfca4d7c1be0b92607e40cc1e8d538f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bf:62:e5:52:d0:68:71:7e:bc:ea:6f:99:c2:
                    e2:3a:56:48:ed:cc:d9:95:03:14:a5:5f:f0:6f:cb:
                    f5:ff:a0:cb:ec:0f:bd:4b:98:c4:9a:14:2b:34:44:
                    53:ab:d6:c3:46:08:45:83:93:64:40:ed:b9:48:01:
                    0c:d9:d0:78:78:92:c6:d4:38:ee:c3:1d:18:36:53:
                    a2:3d:00:2c:65:bb:0c:6f:e2:4f:49:07:b6:c9:ea:
                    1d:22:f8:51:74:d5:ff:03:c0:85:ac:46:67:ad:8a:
                    f5:2f:28:6b:5a:11:d0:30:54:1d:de:68:1c:0c:ae:
                    79:9f:d1:ac:4e:40:71:f0:dc:f3:87:1f:3b:99:e1:
                    d2:b0:80:05:c8:fe:b3:a6:b0:f7:c4:bc:de:30:ce:
                    58:c6:29:d7:db:ec:fd:51:d9:25:6f:fd:6c:0d:1a:
                    8d:7a:b6:7a:23:90:8c:dd:12:1a:1f:28:87:60:2f:
                    d4:6b:13:b5:d4:d7:fb:02:62:54:cb:ce:a9:af:ae:
                    01:50:fd:f3:9f:71:41:4a:da:10:b8:32:14:55:c0:
                    0c:9e:47:c6:d9:fb:1a:1e:dd:08:23:cd:c4:d2:2c:
                    7e:d7:1d:69:a0:99:2a:5a:13:44:0c:db:ea:e3:ab:
                    28:a6:e0:7e:96:32:7b:bc:ea:97:66:c4:76:17:9b:
                    44:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:78:0A:8C:ED:FC:A4:D7:C1:BE:0B:92:60:7E:40:CC:1E:8D:53:8F
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/XHgKjO38pNfBvguSYH5AzB6NU48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.136.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:06:84:e6:b3:49:97:4b:8a:64:56:95:1a:59:69:b9:1f:b5:
         01:7b:70:91:53:d4:0c:ae:0a:28:08:71:e2:35:a6:07:49:94:
         6b:12:bc:8c:ef:a6:50:37:f7:32:92:90:39:d1:c8:f2:85:f6:
         8f:2d:ad:91:0f:a8:b8:fe:7a:c5:75:dd:5b:a1:67:d3:77:5a:
         61:af:db:9e:84:3f:9f:fa:84:28:2c:46:57:83:f6:ce:5e:68:
         8d:80:db:d1:70:2e:3e:3e:aa:62:ea:09:1d:65:2a:e5:b4:14:
         43:7c:c1:02:b6:df:51:fa:fb:88:ef:79:6f:27:42:73:85:98:
         06:85:e8:6e:b0:78:98:34:fd:6a:6c:ce:89:d1:c1:6d:ed:7c:
         f9:d3:31:bc:25:a7:df:46:c6:2f:44:fd:b4:ca:d8:7f:be:f3:
         41:0c:66:93:64:cb:82:d7:57:8b:ca:40:75:20:b2:2f:d2:1e:
         6b:fe:63:1f:fd:5d:a7:be:d4:38:24:7a:d1:05:c1:84:f6:71:
         55:a5:7a:15:ae:50:c8:83:24:54:ef:e6:41:91:16:83:11:7f:
         9a:54:57:a2:58:dc:70:2d:de:5d:50:f5:db:83:a7:d8:e2:9f:
         17:a3:af:22:85:8a:63:70:02:38:11:3f:f7:93:da:81:40:e8:
         b4:fa:8d:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgDnStgp/povkzulz/HfkOkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjUwNzEzMTE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzc4MGE4Y2VkZmNhNGQ3YzFiZTBiOTI2MDdlNDBjYzFlOGQ1MzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtL9i5VLQaHF+vOpvmcLiOlZI7czZ
lQMUpV/wb8v1/6DL7A+9S5jEmhQrNERTq9bDRghFg5NkQO25SAEM2dB4eJLG1Dju
wx0YNlOiPQAsZbsMb+JPSQe2yeodIvhRdNX/A8CFrEZnrYr1LyhrWhHQMFQd3mgc
DK55n9GsTkBx8Nzzhx87meHSsIAFyP6zprD3xLzeMM5YxinX2+z9Udklb/1sDRqN
erZ6I5CM3RIaHyiHYC/UaxO11Nf7AmJUy86pr64BUP3zn3FBStoQuDIUVcAMnkfG
2fsaHt0II83E0ix+1x1poJkqWhNEDNvq46sopuB+ljJ7vOqXZsR2F5tEWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFx4Cozt/KTXwb4LkmB+QMwejVOPMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvWEhnS2pPMzhwTmZCdmd1U1lINUF6QjZOVTQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ4hGMA0G
CSqGSIb3DQEBCwUAA4IBAQAUBoTms0mXS4pkVpUaWWm5H7UBe3CRU9QMrgooCHHi
NaYHSZRrEryM76ZQN/cykpA50cjyhfaPLa2RD6i4/nrFdd1boWfTd1phr9uehD+f
+oQoLEZXg/bOXmiNgNvRcC4+Pqpi6gkdZSrltBRDfMECtt9R+vuI73lvJ0JzhZgG
hehusHiYNP1qbM6J0cFt7Xz50zG8JaffRsYvRP20yth/vvNBDGaTZMuC11eLykB1
ILIv0h5r/mMf/V2nvtQ4JHrRBcGE9nFVpXoVrlDIgyRU7+ZBkRaDEX+aVFeiWNxw
Ld5dUPXbg6fY4p8Xo68ihYpjcAI4ET/3k9qBQOi0+o28
-----END CERTIFICATE-----