Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/nFQ-4d9mVifHam7-is3uppf5zEE.roa
File:                     nFQ-4d9mVifHam7-is3uppf5zEE.roa (raw, json)
Hash identifier:          Z0H1orr4k7Fxq1oyTd7PjbF2cno+QKF/rfOWpuxdOPQ=
Subject key identifier:   9C:54:3E:E1:DF:66:56:27:C7:6A:6E:FE:8A:CD:EE:A6:97:F9:CC:41
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019D9C485C84E559C0D2B7832B36CF28EA1C
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/nFQ-4d9mVifHam7-is3uppf5zEE.roa
Signing time:             Fri 17 Apr 2026 16:31:21 +0000
ROA not before:           Fri 17 Apr 2026 16:31:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199479
IP address blocks:        103.101.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Apr 2026 01:50:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9c:48:5c:84:e5:59:c0:d2:b7:83:2b:36:cf:28:ea:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Apr 17 16:31:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9c543ee1df665627c76a6efe8acdeea697f9cc41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:3b:84:6f:56:7f:4d:99:bf:91:0d:89:63:f3:
                    80:9a:e9:b8:39:7b:af:fe:e5:8f:7e:ab:6f:03:31:
                    c1:0d:9d:64:9e:4c:5c:a5:43:52:ef:22:ad:9c:9b:
                    b4:a4:59:c9:b2:f4:24:01:29:e7:11:06:4a:32:e5:
                    96:08:72:23:ed:1f:11:e5:f7:f2:83:9d:60:5b:b8:
                    f6:22:60:41:a4:94:c1:e3:51:11:a0:ad:a5:09:b9:
                    4e:e8:46:0c:e6:56:ff:22:48:fb:83:5d:98:ef:7b:
                    7d:ed:5b:b6:c3:d0:6b:25:59:64:76:81:08:31:f2:
                    c0:a5:9c:75:56:c6:53:db:34:2e:3a:4e:d7:1d:a6:
                    47:80:ec:a2:05:1e:b9:6a:6c:8d:90:02:f4:47:17:
                    0d:e5:84:21:12:7f:cc:db:07:48:cb:58:f7:bc:e7:
                    b0:07:8d:59:1f:24:8a:ca:52:6d:34:66:a8:64:6f:
                    0f:c5:ae:da:73:6f:22:05:07:8d:51:18:dd:11:af:
                    b8:f4:c9:1b:76:01:7b:20:16:79:73:51:2a:3b:a5:
                    45:b6:66:be:0f:be:e8:d8:20:ce:86:d0:d1:95:58:
                    c1:c3:67:fb:86:af:54:8f:96:25:eb:a0:94:9c:22:
                    7b:15:5c:ec:58:52:b8:10:2c:a4:14:09:1b:a1:d9:
                    b3:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:54:3E:E1:DF:66:56:27:C7:6A:6E:FE:8A:CD:EE:A6:97:F9:CC:41
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/nFQ-4d9mVifHam7-is3uppf5zEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.101.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:e5:fd:6f:d2:88:ba:db:03:32:b6:74:65:52:8e:34:32:78:
         b7:aa:d0:41:fe:7c:21:5f:7e:23:38:45:1a:59:34:63:d2:c9:
         67:43:3e:1c:67:7d:2f:c4:d3:9b:6e:80:d2:f3:c7:e0:18:ee:
         e0:3e:41:87:e4:9d:03:54:79:5c:80:98:00:98:de:fd:ca:7c:
         bd:e2:89:b1:1b:8d:4a:17:a1:30:bf:85:3e:c6:37:ac:6e:46:
         8d:cf:6a:16:e4:5e:49:13:43:08:1b:10:e6:d2:5e:8d:6b:ba:
         e1:31:55:df:f2:a8:d0:ca:da:e2:01:f8:23:1c:84:c6:e7:1e:
         1a:f4:44:5e:49:12:bc:15:62:65:bf:40:91:5d:72:24:38:41:
         45:a7:88:bf:df:ad:c9:04:cf:1a:15:ad:fe:c6:e2:b5:1c:94:
         48:24:23:e5:1b:9c:c7:19:f1:25:37:be:9a:22:0d:c7:f5:82:
         25:f8:bb:f1:03:98:af:47:ae:26:a8:b7:50:20:5f:85:cb:6d:
         dc:e5:b1:5f:11:32:ff:90:41:ba:d6:1e:d8:f4:c9:df:03:f3:
         fb:92:ea:c7:61:7a:6b:44:4f:9b:85:8d:34:84:6c:46:62:e3:
         31:16:43:0b:aa:66:78:c6:7d:f8:30:c0:14:f1:07:a7:bc:94:
         42:75:04:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2cSFyE5VnA0reDKzbPKOocMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjYwNDE3MTYzMTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzU0M2VlMWRmNjY1NjI3Yzc2YTZlZmU4YWNkZWVhNjk3ZjljYzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTuEb1Z/TZm/kQ2JY/OAmum4OXuv
/uWPfqtvAzHBDZ1knkxcpUNS7yKtnJu0pFnJsvQkASnnEQZKMuWWCHIj7R8R5ffy
g51gW7j2ImBBpJTB41ERoK2lCblO6EYM5lb/Ikj7g12Y73t97Vu2w9BrJVlkdoEI
MfLApZx1VsZT2zQuOk7XHaZHgOyiBR65amyNkAL0RxcN5YQhEn/M2wdIy1j3vOew
B41ZHySKylJtNGaoZG8Pxa7ac28iBQeNURjdEa+49MkbdgF7IBZ5c1EqO6VFtma+
D77o2CDOhtDRlVjBw2f7hq9Uj5Yl66CUnCJ7FVzsWFK4ECykFAkbodmzJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxUPuHfZlYnx2pu/orN7qaX+cxBMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvbkZRLTRkOW1WaWZIYW03LWlzM3VwcGY1ekVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ2VVMA0G
CSqGSIb3DQEBCwUAA4IBAQAa5f1v0oi62wMytnRlUo40Mni3qtBB/nwhX34jOEUa
WTRj0slnQz4cZ30vxNObboDS88fgGO7gPkGH5J0DVHlcgJgAmN79yny94omxG41K
F6Ewv4U+xjesbkaNz2oW5F5JE0MIGxDm0l6Na7rhMVXf8qjQytriAfgjHITG5x4a
9EReSRK8FWJlv0CRXXIkOEFFp4i/363JBM8aFa3+xuK1HJRIJCPlG5zHGfElN76a
Ig3H9YIl+LvxA5ivR64mqLdQIF+Fy23c5bFfETL/kEG61h7Y9MnfA/P7kurHYXpr
RE+bhY00hGxGYuMxFkMLqmZ4xn34MMAU8QenvJRCdQQa
-----END CERTIFICATE-----