Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/1f-9tUF1QCZIsfJt2ipW4khRx9g.roa
File:                     1f-9tUF1QCZIsfJt2ipW4khRx9g.roa (raw, json)
Hash identifier:          qvsbL3ItSjRr+HrTxGxdX6hRWDpLj1yz143EUSJxB+k=
Subject key identifier:   D5:FF:BD:B5:41:75:40:26:48:B1:F2:6D:DA:2A:56:E2:48:51:C7:D8
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       01994E0D41E83C08F4A8E1EFC058061168C7
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/1f-9tUF1QCZIsfJt2ipW4khRx9g.roa
Signing time:             Mon 15 Sep 2025 15:45:15 +0000
ROA not before:           Mon 15 Sep 2025 15:45:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7922
IP address blocks:        103.130.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 16:33:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4e:0d:41:e8:3c:08:f4:a8:e1:ef:c0:58:06:11:68:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Sep 15 15:45:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5ffbdb54175402648b1f26dda2a56e24851c7d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:38:0e:bd:ee:60:de:02:b0:0c:c1:01:57:70:
                    c5:97:4a:39:83:14:c9:f6:fd:5d:d9:79:15:40:1f:
                    ed:04:c7:85:44:fb:8f:e7:b1:58:be:77:7e:02:22:
                    e8:2b:59:4a:77:c6:70:ef:80:ce:92:f5:a5:a7:3d:
                    d5:85:34:27:6c:88:65:8e:f3:7e:32:13:0d:c0:e0:
                    af:be:73:8d:2c:1d:41:b7:cb:08:53:a0:1f:d2:d0:
                    07:45:dc:8b:5c:71:f8:df:96:ed:4a:31:b4:01:a4:
                    71:e8:91:5c:3a:21:47:c8:de:63:61:07:d7:57:5b:
                    ad:5e:c4:29:cc:13:b2:61:22:1d:8b:d7:d4:08:a2:
                    2d:2c:28:79:8c:d7:38:4e:f5:e5:76:a3:98:5b:3d:
                    73:d0:a9:8f:21:8b:43:e1:27:c2:9f:f3:cd:e4:7c:
                    e8:13:3d:a8:8d:18:5c:68:b7:10:33:02:3e:4e:a4:
                    16:0c:4f:30:ed:b4:3e:c1:b6:3b:df:53:db:d1:3f:
                    7f:e3:0b:0b:1a:5f:dc:4c:e0:22:22:b3:fb:af:38:
                    46:20:59:2e:c2:63:7f:60:62:d7:b5:e1:fb:4a:d7:
                    c5:2c:5b:08:c5:f7:2d:31:3e:0a:0d:55:58:11:04:
                    64:05:41:b1:97:20:76:1a:1c:c1:29:0f:f3:46:ba:
                    e5:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:FF:BD:B5:41:75:40:26:48:B1:F2:6D:DA:2A:56:E2:48:51:C7:D8
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/1f-9tUF1QCZIsfJt2ipW4khRx9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.130.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:7b:45:73:96:c2:66:da:44:88:f5:51:93:f8:3b:ab:09:aa:
         cd:a9:d5:14:57:cb:46:85:da:7e:6f:3f:97:e1:c2:e1:61:d2:
         7d:67:d6:72:ef:4e:d9:34:0d:86:d1:e1:b7:a7:36:c6:2a:76:
         2c:10:43:d5:98:51:52:1c:46:47:86:c4:91:07:cc:d1:36:fe:
         fb:f5:a5:78:ef:2f:8f:c3:03:7d:fe:6b:7b:fb:e0:58:44:35:
         5a:1b:28:1f:2f:a3:fd:89:39:5e:6c:3d:ad:37:7a:47:19:57:
         0d:69:91:86:81:61:7a:69:72:12:59:04:01:af:25:c4:76:27:
         57:8d:b0:10:7e:b5:7b:df:64:c8:63:64:c3:ed:14:82:bf:11:
         3b:f0:2d:6f:97:05:d6:67:6e:9d:dc:5e:4e:04:d1:7b:76:07:
         16:65:2f:67:3f:47:1e:87:c7:31:4a:25:ed:cf:27:46:4b:5c:
         9b:54:ee:a9:64:d7:2e:46:c2:1d:c5:c2:71:0d:18:95:d5:f5:
         51:8c:f5:f5:f7:f3:33:07:da:0c:b9:f8:b8:06:fa:b6:fc:0d:
         1d:c8:c7:a3:99:e0:64:91:fc:9f:60:18:0f:4f:63:29:ed:7a:
         41:c2:b6:5b:82:02:5c:b6:8c:85:80:bf:ba:a1:48:49:39:0e:
         57:10:bd:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlODUHoPAj0qOHvwFgGEWjHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUwOTE1MTU0NTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWZmYmRiNTQxNzU0MDI2NDhiMWYyNmRkYTJhNTZlMjQ4NTFjN2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszgOve5g3gKwDMEBV3DFl0o5gxTJ
9v1d2XkVQB/tBMeFRPuP57FYvnd+AiLoK1lKd8Zw74DOkvWlpz3VhTQnbIhljvN+
MhMNwOCvvnONLB1Bt8sIU6Af0tAHRdyLXHH435btSjG0AaRx6JFcOiFHyN5jYQfX
V1utXsQpzBOyYSIdi9fUCKItLCh5jNc4TvXldqOYWz1z0KmPIYtD4SfCn/PN5Hzo
Ez2ojRhcaLcQMwI+TqQWDE8w7bQ+wbY731Pb0T9/4wsLGl/cTOAiIrP7rzhGIFku
wmN/YGLXteH7StfFLFsIxfctMT4KDVVYEQRkBUGxlyB2GhzBKQ/zRrrlGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNX/vbVBdUAmSLHybdoqVuJIUcfYMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvMWYtOXRVRjFRQ1pJc2ZKdDJpcFc0a2hSeDlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ4KyMA0G
CSqGSIb3DQEBCwUAA4IBAQBQe0VzlsJm2kSI9VGT+DurCarNqdUUV8tGhdp+bz+X
4cLhYdJ9Z9Zy707ZNA2G0eG3pzbGKnYsEEPVmFFSHEZHhsSRB8zRNv779aV47y+P
wwN9/mt7++BYRDVaGygfL6P9iTlebD2tN3pHGVcNaZGGgWF6aXISWQQBryXEdidX
jbAQfrV732TIY2TD7RSCvxE78C1vlwXWZ26d3F5OBNF7dgcWZS9nP0ceh8cxSiXt
zydGS1ybVO6pZNcuRsIdxcJxDRiV1fVRjPX19/MzB9oMufi4Bvq2/A0dyMejmeBk
kfyfYBgPT2Mp7XpBwrZbggJctoyFgL+6oUhJOQ5XEL1W
-----END CERTIFICATE-----