Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/SmVxtwcyN-UxgNbiMGc-Y42mY14.roa
File:                     SmVxtwcyN-UxgNbiMGc-Y42mY14.roa (raw, json)
Hash identifier:          uOGlrbrFSAOdl6LtkKhYOQlSatf92jFk4CVqprWEWIk=
Subject key identifier:   4A:65:71:B7:07:32:37:E5:31:80:D6:E2:30:67:3E:63:8D:A6:63:5E
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       0199098A075E36128F9100EF27EEFA43CE0C
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/SmVxtwcyN-UxgNbiMGc-Y42mY14.roa
Signing time:             Tue 02 Sep 2025 08:27:44 +0000
ROA not before:           Tue 02 Sep 2025 08:27:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59432
IP address blocks:        103.216.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:09:8a:07:5e:36:12:8f:91:00:ef:27:ee:fa:43:ce:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Sep  2 08:27:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a6571b7073237e53180d6e230673e638da6635e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:8e:e7:3d:f5:d1:0e:60:bd:9f:86:83:8a:e3:
                    a3:75:1d:fe:cb:23:22:86:ba:b3:c8:9b:e9:63:7a:
                    ce:41:bc:2f:bf:e4:6f:c9:97:30:41:dc:c9:bf:3a:
                    94:5d:83:ed:1e:e6:a9:69:21:14:49:ca:e9:dd:e2:
                    0a:b6:09:f8:96:1d:1e:86:3d:8b:19:98:61:32:64:
                    e0:89:78:87:6d:69:6a:8a:c8:7c:2c:76:57:13:25:
                    c5:df:77:65:a8:87:4b:c4:ea:2d:a2:c1:21:70:cd:
                    b2:a3:dd:b6:15:ba:c5:fb:ba:f2:3f:93:ee:9e:31:
                    51:ef:ec:f1:62:cd:c6:78:65:83:41:51:3a:45:a7:
                    c4:af:bb:0c:89:15:70:fe:6f:a9:76:85:bc:21:75:
                    4c:0a:0d:05:c6:6c:34:00:39:fc:83:6a:20:1e:c8:
                    a8:68:88:61:5b:b5:9d:fc:f2:f3:8d:68:6b:24:c8:
                    4c:36:9b:87:7c:fd:44:c2:60:26:91:40:63:85:57:
                    aa:c5:34:f1:5c:31:f3:a2:4a:85:15:57:3b:07:80:
                    68:02:d2:5e:b2:11:9b:ff:dc:fc:b0:d0:72:22:cc:
                    ad:c4:d7:24:2b:69:14:82:4e:d8:f8:49:d9:0f:d4:
                    61:f2:b6:63:ec:1f:e3:c9:12:76:20:f7:ed:96:5e:
                    37:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:65:71:B7:07:32:37:E5:31:80:D6:E2:30:67:3E:63:8D:A6:63:5E
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/SmVxtwcyN-UxgNbiMGc-Y42mY14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.216.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:36:90:2d:33:35:72:8a:e7:ac:02:65:3e:93:2e:5f:d8:7c:
         08:be:1b:b9:90:c4:90:2e:b2:ef:dd:ad:af:fd:7c:43:5f:c8:
         1f:69:dc:5d:4f:53:94:e6:f4:00:27:8a:74:a8:18:14:b7:81:
         b1:b6:be:00:a4:e1:fd:9c:06:1d:d0:10:3a:b4:ed:d0:cc:f2:
         94:d0:e7:6f:b0:44:e4:84:e7:ac:09:01:1c:f1:d8:fb:47:03:
         f9:b8:a7:6d:73:95:f0:bd:e6:92:7e:39:45:a4:45:34:d0:f0:
         26:61:5e:69:75:f5:ce:06:d1:ce:4e:fa:17:67:6e:51:82:20:
         60:20:ee:8e:9d:23:08:79:e0:a6:81:1f:81:98:16:c6:2e:b5:
         3b:5a:b2:cf:75:5c:c3:5a:ec:7a:2f:22:45:6f:33:ab:a9:26:
         3a:d9:c6:c5:ba:7c:0b:7d:1e:f5:30:58:e9:e5:26:5a:21:d4:
         d0:3d:3b:32:07:b4:bf:79:f9:be:0a:ee:de:16:ae:55:1b:2f:
         1c:aa:a7:01:8c:df:39:91:11:9e:7e:be:d9:3f:0b:a5:a1:82:
         1b:3c:ff:98:4a:e8:ee:19:43:f2:29:fd:c7:0c:8b:8e:65:c9:
         c7:35:1a:fc:8c:e0:91:e8:2a:40:21:9c:62:3d:0e:36:d3:71:
         fc:8b:ba:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkJigdeNhKPkQDvJ+76Q84MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwOTAyMDgyNzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTY1NzFiNzA3MzIzN2U1MzE4MGQ2ZTIzMDY3M2U2MzhkYTY2MzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2o7nPfXRDmC9n4aDiuOjdR3+yyMi
hrqzyJvpY3rOQbwvv+RvyZcwQdzJvzqUXYPtHuapaSEUScrp3eIKtgn4lh0ehj2L
GZhhMmTgiXiHbWlqish8LHZXEyXF33dlqIdLxOotosEhcM2yo922FbrF+7ryP5Pu
njFR7+zxYs3GeGWDQVE6RafEr7sMiRVw/m+pdoW8IXVMCg0Fxmw0ADn8g2ogHsio
aIhhW7Wd/PLzjWhrJMhMNpuHfP1EwmAmkUBjhVeqxTTxXDHzokqFFVc7B4BoAtJe
shGb/9z8sNByIsytxNckK2kUgk7Y+EnZD9Rh8rZj7B/jyRJ2IPftll435QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEplcbcHMjflMYDW4jBnPmONpmNeMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvU21WeHR3Y3lOLVV4Z05iaU1HYy1ZNDJtWTE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ9itMA0G
CSqGSIb3DQEBCwUAA4IBAQAHNpAtMzVyiuesAmU+ky5f2HwIvhu5kMSQLrLv3a2v
/XxDX8gfadxdT1OU5vQAJ4p0qBgUt4Gxtr4ApOH9nAYd0BA6tO3QzPKU0OdvsETk
hOesCQEc8dj7RwP5uKdtc5XwveaSfjlFpEU00PAmYV5pdfXOBtHOTvoXZ25RgiBg
IO6OnSMIeeCmgR+BmBbGLrU7WrLPdVzDWux6LyJFbzOrqSY62cbFunwLfR71MFjp
5SZaIdTQPTsyB7S/efm+Cu7eFq5VGy8cqqcBjN85kRGefr7ZPwuloYIbPP+YSuju
GUPyKf3HDIuOZcnHNRr8jOCR6CpAIZxiPQ4203H8i7oF
-----END CERTIFICATE-----