Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/oGTKpjneUlwgag5M-NjvKwIlYUI.roa
File:                     oGTKpjneUlwgag5M-NjvKwIlYUI.roa (raw, json)
Hash identifier:          9QB4KV0rJF2RbXiIhAXA3LJl4e6VKrx30tyi94M4whg=
Subject key identifier:   A0:64:CA:A6:39:DE:52:5C:20:6A:0E:4C:F8:D8:EF:2B:02:25:61:42
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019E2808A97EE74BD5E403FB20BC127CA36E
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/oGTKpjneUlwgag5M-NjvKwIlYUI.roa
Signing time:             Thu 14 May 2026 19:48:36 +0000
ROA not before:           Thu 14 May 2026 19:48:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        103.216.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:28:08:a9:7e:e7:4b:d5:e4:03:fb:20:bc:12:7c:a3:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: May 14 19:48:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a064caa639de525c206a0e4cf8d8ef2b02256142
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e2:6e:a1:2c:d0:74:4e:e0:1b:e1:c6:db:4e:
                    bb:c7:7c:b8:ad:d1:5f:76:ec:2f:db:1c:da:28:25:
                    51:b7:4b:e9:ef:e1:d5:13:ea:5c:84:b2:fd:ce:2f:
                    e6:41:5e:a2:9d:90:ee:0c:81:8f:48:a0:85:0b:e2:
                    5c:ea:43:74:d8:8f:6a:78:27:10:fa:b3:2b:f0:e3:
                    a0:40:d5:78:fc:d3:4f:3b:5c:a8:31:99:dc:5b:0b:
                    93:c8:7c:2a:07:59:02:a9:02:8f:ca:2d:e5:f8:22:
                    41:3c:e2:69:9f:a2:9a:76:fb:3f:c7:18:cd:f1:93:
                    12:af:6f:48:aa:7c:7d:6b:25:42:ff:c7:c6:65:c2:
                    cb:b3:4d:12:70:f6:91:51:a8:a1:06:cf:12:23:85:
                    bb:e4:71:b8:cd:74:dd:88:b7:6a:85:1c:fb:14:0d:
                    e6:53:0b:6c:d2:53:29:15:99:54:6c:dd:63:97:e3:
                    cf:21:a8:1c:ac:fb:8c:66:bb:5b:b3:b7:32:97:4c:
                    5f:e4:11:28:47:c6:e1:2d:99:ac:ec:24:0a:c9:5f:
                    2e:ed:bf:b1:76:f4:cb:39:59:d4:af:6c:50:9b:ef:
                    d9:80:5d:4c:f8:07:cf:ac:ad:17:34:c4:b8:f9:47:
                    8c:c2:3a:d3:59:65:93:03:38:86:f1:e1:73:6e:69:
                    77:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:64:CA:A6:39:DE:52:5C:20:6A:0E:4C:F8:D8:EF:2B:02:25:61:42
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/oGTKpjneUlwgag5M-NjvKwIlYUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.216.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:ba:45:7b:78:6d:d5:2b:9a:3a:57:17:f1:6c:9f:be:c6:c8:
         e5:28:a6:3a:23:eb:ea:7c:b0:f6:e8:a3:f3:0f:c4:42:06:24:
         8c:6d:b1:df:3e:3e:95:8c:83:c0:63:81:32:d2:76:cf:35:a2:
         90:96:d5:b7:e9:fe:80:b9:0c:00:5e:f2:9d:0b:c1:ad:e3:5d:
         02:dc:ad:6b:82:d7:87:8c:f1:28:d8:82:46:c6:33:12:d5:4e:
         5e:ed:1d:d0:1d:43:92:e2:ac:d8:0d:dc:18:2a:11:22:98:96:
         ae:5a:0f:f8:b5:46:b0:11:01:2a:b6:6f:29:f1:b0:81:a7:c3:
         29:fd:34:9c:41:1e:76:2c:57:f6:25:41:13:7d:84:dc:01:e2:
         69:fe:f0:a6:f2:5a:4c:8e:d0:0e:dc:a6:a9:05:da:43:4a:bd:
         87:2d:82:b2:f6:4f:e5:06:67:27:d6:e6:27:68:69:3e:a7:a8:
         fd:46:2e:1a:b4:a3:d2:55:31:f3:7c:5b:5f:14:fd:26:ca:ac:
         13:fb:7b:a7:49:fc:2a:09:87:d6:2b:ac:35:53:a3:9e:15:81:
         f1:26:8b:0d:a4:2b:89:b3:a2:bd:b7:b1:c3:ce:f8:13:43:78:
         7f:d4:ae:f7:ec:8e:64:af:8a:f6:50:88:41:84:92:25:a7:69:
         30:7d:fd:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4oCKl+50vV5AP7ILwSfKNuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjYwNTE0MTk0ODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDY0Y2FhNjM5ZGU1MjVjMjA2YTBlNGNmOGQ4ZWYyYjAyMjU2MTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeJuoSzQdE7gG+HG2067x3y4rdFf
duwv2xzaKCVRt0vp7+HVE+pchLL9zi/mQV6inZDuDIGPSKCFC+Jc6kN02I9qeCcQ
+rMr8OOgQNV4/NNPO1yoMZncWwuTyHwqB1kCqQKPyi3l+CJBPOJpn6Kadvs/xxjN
8ZMSr29Iqnx9ayVC/8fGZcLLs00ScPaRUaihBs8SI4W75HG4zXTdiLdqhRz7FA3m
Uwts0lMpFZlUbN1jl+PPIagcrPuMZrtbs7cyl0xf5BEoR8bhLZms7CQKyV8u7b+x
dvTLOVnUr2xQm+/ZgF1M+AfPrK0XNMS4+UeMwjrTWWWTAziG8eFzbml3kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKBkyqY53lJcIGoOTPjY7ysCJWFCMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvb0dUS3BqbmVVbHdnYWc1TS1OanZLd0lsWVVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ9iuMA0G
CSqGSIb3DQEBCwUAA4IBAQASukV7eG3VK5o6VxfxbJ++xsjlKKY6I+vqfLD26KPz
D8RCBiSMbbHfPj6VjIPAY4Ey0nbPNaKQltW36f6AuQwAXvKdC8Gt410C3K1rgteH
jPEo2IJGxjMS1U5e7R3QHUOS4qzYDdwYKhEimJauWg/4tUawEQEqtm8p8bCBp8Mp
/TScQR52LFf2JUETfYTcAeJp/vCm8lpMjtAO3KapBdpDSr2HLYKy9k/lBmcn1uYn
aGk+p6j9Ri4atKPSVTHzfFtfFP0myqwT+3unSfwqCYfWK6w1U6OeFYHxJosNpCuJ
s6K9t7HDzvgTQ3h/1K737I5kr4r2UIhBhJIlp2kwff0Q
-----END CERTIFICATE-----