Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/OlqOPmFqPpJSoZP-tukdY1l_GuM.roa
File:                     OlqOPmFqPpJSoZP-tukdY1l_GuM.roa (raw, json)
Hash identifier:          Ph8vNelmKj3+2Hf768pdcdh1jtxFW42O13UEnCZiEKw=
Subject key identifier:   3A:5A:8E:3E:61:6A:3E:92:52:A1:93:FE:B6:E9:1D:63:59:7F:1A:E3
Certificate issuer:       /CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
Certificate serial:       019A54BC8A337E9C434A447575DD4751FB6A
Authority key identifier: 9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/OlqOPmFqPpJSoZP-tukdY1l_GuM.roa
Signing time:             Wed 05 Nov 2025 15:57:13 +0000
ROA not before:           Wed 05 Nov 2025 15:57:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52000
IP address blocks:        103.76.86.0/24 maxlen: 24
                          195.78.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Nov 2025 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:54:bc:8a:33:7e:9c:43:4a:44:75:75:dd:47:51:fb:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
        Validity
            Not Before: Nov  5 15:57:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a5a8e3e616a3e9252a193feb6e91d63597f1ae3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:67:7d:0b:3d:ed:e7:65:90:b3:86:e9:b4:7c:
                    23:b5:b0:38:ad:e5:ad:81:2e:37:d9:4e:b0:58:d7:
                    58:1a:f6:03:7c:3d:8b:14:bd:f3:c0:19:d6:10:c5:
                    48:4f:51:c4:ca:37:73:72:b7:9d:76:1d:41:45:ef:
                    1a:4b:92:7a:c2:dc:ea:94:be:bd:44:94:51:8b:91:
                    a4:8e:b9:68:a4:3e:df:8c:c1:98:0c:10:ca:60:bd:
                    c1:a0:95:ae:df:e5:88:82:0c:33:22:65:07:ed:03:
                    67:b7:73:48:0d:7a:66:ba:fd:61:ea:62:64:2f:e1:
                    d7:51:92:73:38:23:99:b9:d0:01:22:5b:c0:b5:a0:
                    85:06:86:78:de:8a:9f:91:51:d6:9a:dc:34:3c:29:
                    f0:37:b5:d1:a0:34:96:fe:73:96:0e:78:e3:b2:ae:
                    c0:df:19:59:f0:0e:2f:91:6e:a5:b0:f0:76:37:1e:
                    8f:11:7a:46:e7:5d:59:d0:f5:89:42:6a:35:e2:2b:
                    93:26:03:d4:dd:23:03:14:59:f4:17:bb:38:e8:6d:
                    a7:47:1e:c1:be:90:96:d2:a0:04:76:24:03:42:c3:
                    8a:09:15:69:72:79:84:ef:f6:a5:87:59:ee:e0:a2:
                    0f:5f:24:d5:25:70:d5:1c:b7:51:54:54:d1:a2:a7:
                    6c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:5A:8E:3E:61:6A:3E:92:52:A1:93:FE:B6:E9:1D:63:59:7F:1A:E3
            X509v3 Authority Key Identifier:
                keyid:9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/OlqOPmFqPpJSoZP-tukdY1l_GuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.76.86.0/24
                  195.78.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:f9:62:94:54:30:4e:5f:8d:fc:90:6c:8f:eb:e7:f6:b0:23:
         a9:d5:eb:2e:6e:ee:a2:f2:5a:d2:25:75:9d:be:e2:a8:27:34:
         6c:dd:9a:3c:b2:ba:6e:69:a2:e7:a7:e2:87:86:39:37:1e:7a:
         ab:34:17:3b:09:73:3c:7a:c9:17:c8:ce:41:5a:c7:71:31:67:
         9c:01:19:2c:c2:bc:44:f8:84:cb:a5:f8:fb:7f:71:5e:37:f0:
         43:99:7b:56:3e:eb:08:f9:a0:85:26:ef:c8:74:48:4d:8a:c4:
         dd:3b:26:46:e0:ec:5a:2d:f0:57:fd:93:20:4a:c5:47:b6:f1:
         3f:85:8f:1b:c3:63:ca:69:83:0d:e3:af:47:e2:b6:65:17:b6:
         53:3c:a2:b0:fd:b7:52:22:04:8a:ee:88:87:bb:99:a2:d4:a1:
         f4:a7:31:69:1d:1c:fb:f0:28:95:35:08:33:29:f3:da:e8:af:
         9a:93:1b:fa:04:e9:06:91:3f:b0:22:6b:a3:8f:18:b0:a7:3a:
         ed:5f:68:71:83:90:f0:c8:95:96:24:03:8d:5f:ef:30:29:f2:
         2c:71:25:cf:a7:47:26:76:08:18:5a:2c:41:c8:a8:32:89:06:
         8c:70:21:93:11:75:ab:6d:ef:47:c5:1d:ea:5a:c4:2d:8c:f6:
         1a:af:cf:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpUvIozfpxDSkR1dd1HUftqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMzEyZTkyOTdiYzFkMjdlYmViNDc2ZGVhMGVlMTVkZDc1
NjU0MmQwHhcNMjUxMTA1MTU1NzEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTVhOGUzZTYxNmEzZTkyNTJhMTkzZmViNmU5MWQ2MzU5N2YxYWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGd9Cz3t52WQs4bptHwjtbA4reWt
gS432U6wWNdYGvYDfD2LFL3zwBnWEMVIT1HEyjdzcreddh1BRe8aS5J6wtzqlL69
RJRRi5GkjrlopD7fjMGYDBDKYL3BoJWu3+WIggwzImUH7QNnt3NIDXpmuv1h6mJk
L+HXUZJzOCOZudABIlvAtaCFBoZ43oqfkVHWmtw0PCnwN7XRoDSW/nOWDnjjsq7A
3xlZ8A4vkW6lsPB2Nx6PEXpG511Z0PWJQmo14iuTJgPU3SMDFFn0F7s46G2nRx7B
vpCW0qAEdiQDQsOKCRVpcnmE7/alh1nu4KIPXyTVJXDVHLdRVFTRoqdsAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDpajj5haj6SUqGT/rbpHWNZfxrjMB8GA1UdIwQY
MBaAFJ8xLpKXvB0n6+tHbeoO4V3XVlQtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnpFdWtwZThIU2ZyNjBkdDZnN2hYZGRXVkMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9kZDVhMjgtZGY5ZC00NjI3LTgwOWQt
YmQ1ZDNmMDBmYmIyLzEvT2xxT1BtRnFQcEpTb1pQLXR1a2RZMWxfR3VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9kZDVhMjgtZGY5ZC00NjI3LTgwOWQtYmQ1ZDNmMDBmYmIy
LzEvbnpFdWtwZThIU2ZyNjBkdDZnN2hYZGRXVkMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ0xWAwQA
w04xMA0GCSqGSIb3DQEBCwUAA4IBAQB1+WKUVDBOX438kGyP6+f2sCOp1esubu6i
8lrSJXWdvuKoJzRs3Zo8srpuaaLnp+KHhjk3HnqrNBc7CXM8eskXyM5BWsdxMWec
ARkswrxE+ITLpfj7f3FeN/BDmXtWPusI+aCFJu/IdEhNisTdOyZG4OxaLfBX/ZMg
SsVHtvE/hY8bw2PKaYMN469H4rZlF7ZTPKKw/bdSIgSK7oiHu5mi1KH0pzFpHRz7
8CiVNQgzKfPa6K+akxv6BOkGkT+wImujjxiwpzrtX2hxg5DwyJWWJAONX+8wKfIs
cSXPp0cmdggYWixByKgyiQaMcCGTEXWrbe9HxR3qWsQtjPYar8/G
-----END CERTIFICATE-----