Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/JHyoQGfQfm2oIA6TznoPsdfAhVw.roa
File:                     JHyoQGfQfm2oIA6TznoPsdfAhVw.roa (raw, json)
Hash identifier:          6hdBLTpJKu+a91LFvhQLYo+qjB5p0SyUWysXPdpa6kE=
Subject key identifier:   24:7C:A8:40:67:D0:7E:6D:A8:20:0E:93:CE:7A:0F:B1:D7:C0:85:5C
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       0197C2060071355E726CA841DA12032C55EA
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/JHyoQGfQfm2oIA6TznoPsdfAhVw.roa
Signing time:             Mon 30 Jun 2025 18:07:42 +0000
ROA not before:           Mon 30 Jun 2025 18:07:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215287
IP address blocks:        103.216.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c2:06:00:71:35:5e:72:6c:a8:41:da:12:03:2c:55:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jun 30 18:07:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=247ca84067d07e6da8200e93ce7a0fb1d7c0855c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8e:78:3a:e2:d2:8d:cc:1b:e7:0a:45:11:b5:
                    86:61:04:13:e3:57:db:28:4d:dd:31:86:30:ea:01:
                    d7:12:27:56:be:ed:1d:a3:89:68:19:2d:1d:f0:81:
                    99:35:37:82:24:15:d5:08:75:1b:4d:d0:96:7d:d8:
                    80:71:90:90:30:72:d1:1e:c9:f6:5c:a3:4f:d3:ef:
                    24:64:98:f2:1e:4c:4d:f9:97:28:7f:85:5e:3a:10:
                    21:32:6f:88:a1:72:b6:e2:2d:b6:bc:9f:1d:67:33:
                    08:e5:99:4c:76:60:6e:75:7a:39:a3:66:6a:98:f6:
                    8a:63:e8:97:fb:0a:20:8a:2f:54:fd:8c:0b:25:9b:
                    88:38:f4:9d:8d:a6:3c:f2:d3:c5:c5:c6:f9:9f:e4:
                    20:62:39:89:20:f6:f1:a2:67:9a:30:73:1f:eb:7d:
                    87:ec:65:6e:97:2e:9f:4e:19:9d:4c:24:e5:4d:fe:
                    46:1e:a3:7b:93:68:dc:e6:a6:07:6e:21:20:2c:94:
                    f6:7c:02:99:53:35:f4:e7:7a:b7:b9:9a:7f:6d:e9:
                    86:cc:13:44:b3:53:4d:8b:ee:f3:69:df:b9:36:9e:
                    f4:08:c4:42:58:58:71:df:38:4a:7d:47:69:b7:eb:
                    61:02:d1:68:81:40:80:02:7e:2b:e6:20:47:12:c5:
                    7e:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:7C:A8:40:67:D0:7E:6D:A8:20:0E:93:CE:7A:0F:B1:D7:C0:85:5C
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/JHyoQGfQfm2oIA6TznoPsdfAhVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.216.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:49:40:13:4b:50:a2:0f:20:b5:9f:ea:a2:34:8c:48:e5:e7:
         9b:1d:cb:ed:72:95:17:fc:d3:8e:2c:9d:bf:44:da:76:fe:34:
         67:59:9a:04:bd:5d:91:ae:75:77:f9:e2:bc:b2:c3:c6:c7:8e:
         db:7b:5f:f7:90:c5:63:9e:bf:70:4c:8a:cf:6c:3f:e3:99:87:
         f2:fe:4b:4f:5b:d1:bf:05:69:8c:6c:b8:49:3e:60:a7:f6:75:
         39:ce:23:b3:24:07:f8:5b:d0:87:97:7f:d9:ec:81:03:56:3a:
         2a:3a:6e:28:01:66:e5:ee:75:7a:71:5d:54:55:76:6c:19:49:
         43:91:89:12:80:e4:59:53:34:ec:57:ad:9c:e5:e7:9c:69:6c:
         be:94:11:de:2d:d7:0b:b4:e9:e7:33:a6:85:78:c7:74:be:dd:
         08:18:35:13:c8:ce:e5:9a:64:4f:ea:a3:c3:c7:c0:d9:e1:7c:
         9b:49:37:c6:59:3a:e0:86:da:37:bf:12:58:1f:3b:d3:55:ed:
         f6:8d:07:71:ed:0d:36:94:bd:49:c2:46:a7:96:69:5b:81:8c:
         db:62:c1:0d:14:e7:0d:57:77:b9:81:fa:4e:ac:79:ca:ff:18:
         6b:01:3c:f1:66:87:a1:1d:ba:36:a5:ff:34:55:8f:ef:4e:56:
         34:2f:43:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfCBgBxNV5ybKhB2hIDLFXqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwNjMwMTgwNzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDdjYTg0MDY3ZDA3ZTZkYTgyMDBlOTNjZTdhMGZiMWQ3YzA4NTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt454OuLSjcwb5wpFEbWGYQQT41fb
KE3dMYYw6gHXEidWvu0do4loGS0d8IGZNTeCJBXVCHUbTdCWfdiAcZCQMHLRHsn2
XKNP0+8kZJjyHkxN+Zcof4VeOhAhMm+IoXK24i22vJ8dZzMI5ZlMdmBudXo5o2Zq
mPaKY+iX+wogii9U/YwLJZuIOPSdjaY88tPFxcb5n+QgYjmJIPbxomeaMHMf632H
7GVuly6fThmdTCTlTf5GHqN7k2jc5qYHbiEgLJT2fAKZUzX053q3uZp/bemGzBNE
s1NNi+7zad+5Np70CMRCWFhx3zhKfUdpt+thAtFogUCAAn4r5iBHEsV+sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCR8qEBn0H5tqCAOk856D7HXwIVcMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvSkh5b1FHZlFmbTJvSUE2VHpub1BzZGZBaFZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ9itMA0G
CSqGSIb3DQEBCwUAA4IBAQBeSUATS1CiDyC1n+qiNIxI5eebHcvtcpUX/NOOLJ2/
RNp2/jRnWZoEvV2RrnV3+eK8ssPGx47be1/3kMVjnr9wTIrPbD/jmYfy/ktPW9G/
BWmMbLhJPmCn9nU5ziOzJAf4W9CHl3/Z7IEDVjoqOm4oAWbl7nV6cV1UVXZsGUlD
kYkSgORZUzTsV62c5eecaWy+lBHeLdcLtOnnM6aFeMd0vt0IGDUTyM7lmmRP6qPD
x8DZ4XybSTfGWTrghto3vxJYHzvTVe32jQdx7Q02lL1JwkanlmlbgYzbYsENFOcN
V3e5gfpOrHnK/xhrATzxZoehHbo2pf80VY/vTlY0L0Ml
-----END CERTIFICATE-----