Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/29Fc1Lg9g2T7-8fsTeaoBPl-NPc.roa
File:                     29Fc1Lg9g2T7-8fsTeaoBPl-NPc.roa (raw, json)
Hash identifier:          jlm0xWa4/qtyOFq07c45Ep2Kb2oU5AJsA2LrnBsR7WQ=
Subject key identifier:   DB:D1:5C:D4:B8:3D:83:64:FB:FB:C7:EC:4D:E6:A8:04:F9:7E:34:F7
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       019E886CB6904305176B0F569A459B2FFD13
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/29Fc1Lg9g2T7-8fsTeaoBPl-NPc.roa
Signing time:             Tue 02 Jun 2026 13:01:26 +0000
ROA not before:           Tue 02 Jun 2026 13:01:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154132
IP address blocks:        103.17.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 13:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:88:6c:b6:90:43:05:17:6b:0f:56:9a:45:9b:2f:fd:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Jun  2 13:01:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dbd15cd4b83d8364fbfbc7ec4de6a804f97e34f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:81:b5:4c:26:b1:3e:b9:1f:79:ce:18:89:61:
                    90:d3:7b:37:3e:95:42:f1:62:b9:72:0b:a2:e1:27:
                    4e:8f:ec:46:83:fb:a4:6a:63:04:da:44:69:ec:50:
                    59:92:6f:d9:07:d3:45:45:75:e7:b3:ba:13:9f:12:
                    7c:ea:1c:d4:97:e0:31:77:59:01:28:10:16:da:d5:
                    24:ae:9d:bb:1b:49:05:c4:04:10:53:2f:17:f9:d1:
                    f2:cc:0c:57:9e:94:93:cd:cf:bb:45:ae:f0:f1:8e:
                    71:ac:a5:d0:d7:af:f1:8e:24:6f:b6:2d:f4:ad:5c:
                    17:09:d6:d8:9c:74:a1:27:da:bd:3a:fe:39:7b:4e:
                    21:c4:45:51:7c:63:83:13:8e:03:6e:59:76:22:fe:
                    d4:72:9a:bd:24:c3:09:6d:a4:0d:5b:2e:e4:19:92:
                    b9:1b:78:57:7a:56:f5:52:24:0e:e8:67:0e:10:b0:
                    2f:74:aa:b1:40:78:0c:d7:9d:2f:76:47:48:7d:99:
                    bc:fc:4c:6e:b2:ee:6b:b6:1c:d7:e3:a9:4a:b3:84:
                    b5:46:15:49:7f:4b:83:00:c1:32:8d:d0:de:e0:68:
                    b8:ae:2a:97:eb:ec:bd:0f:37:8f:2e:94:c4:a0:e1:
                    78:20:59:21:8c:8d:4d:5c:24:a4:43:69:8c:ec:84:
                    ea:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:D1:5C:D4:B8:3D:83:64:FB:FB:C7:EC:4D:E6:A8:04:F9:7E:34:F7
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/29Fc1Lg9g2T7-8fsTeaoBPl-NPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.17.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:36:bd:6d:08:b9:92:c6:d7:70:b6:8a:17:5f:95:6e:62:39:
         40:48:46:01:d0:fa:9b:36:7d:52:2a:a1:b2:37:48:4d:b3:96:
         58:25:2f:f2:56:ae:33:98:90:82:58:7e:41:0a:72:9a:49:da:
         15:d7:22:65:90:2a:89:e5:3f:93:92:45:7a:13:e9:d9:54:c9:
         d1:c0:fe:cc:be:ed:83:5f:fb:60:67:f9:5c:01:17:be:a1:72:
         74:c2:19:7b:b9:f1:13:3c:c2:92:83:b7:6a:01:92:31:92:10:
         60:fd:95:8b:6e:fe:f9:86:07:37:5b:0d:66:57:6d:2f:10:4f:
         2c:e0:35:1a:ad:35:48:a0:66:59:cb:f6:ee:74:14:fd:30:aa:
         99:79:32:84:d1:96:54:16:db:59:af:35:cb:4d:1c:88:c6:4c:
         bf:e2:85:a2:6a:1d:99:f5:58:a3:e2:b3:73:a9:44:9b:d5:da:
         e5:3a:8c:3e:b4:a6:6b:95:bc:f7:3e:63:fc:7a:5f:3d:48:f5:
         6d:5b:20:cc:cc:e3:d2:cc:0d:e6:19:30:c4:3a:2d:4a:0b:e6:
         cb:bd:5d:67:fc:57:72:f3:ed:1f:e6:8f:95:ef:b7:8f:dc:5a:
         85:0b:15:37:23:e8:58:64:a3:51:43:8f:9a:e4:ae:ca:62:e5:
         49:b3:0c:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6IbLaQQwUXaw9WmkWbL/0TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjYwNjAyMTMwMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmQxNWNkNGI4M2Q4MzY0ZmJmYmM3ZWM0ZGU2YTgwNGY5N2UzNGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44G1TCaxPrkfec4YiWGQ03s3PpVC
8WK5cgui4SdOj+xGg/ukamME2kRp7FBZkm/ZB9NFRXXns7oTnxJ86hzUl+Axd1kB
KBAW2tUkrp27G0kFxAQQUy8X+dHyzAxXnpSTzc+7Ra7w8Y5xrKXQ16/xjiRvti30
rVwXCdbYnHShJ9q9Ov45e04hxEVRfGODE44Dbll2Iv7Ucpq9JMMJbaQNWy7kGZK5
G3hXelb1UiQO6GcOELAvdKqxQHgM150vdkdIfZm8/Exusu5rthzX46lKs4S1RhVJ
f0uDAMEyjdDe4Gi4riqX6+y9DzePLpTEoOF4IFkhjI1NXCSkQ2mM7ITqdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvRXNS4PYNk+/vH7E3mqAT5fjT3MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvMjlGYzFMZzlnMlQ3LThmc1RlYW9CUGwtTlBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZxFgMA0G
CSqGSIb3DQEBCwUAA4IBAQBENr1tCLmSxtdwtooXX5VuYjlASEYB0PqbNn1SKqGy
N0hNs5ZYJS/yVq4zmJCCWH5BCnKaSdoV1yJlkCqJ5T+TkkV6E+nZVMnRwP7Mvu2D
X/tgZ/lcARe+oXJ0whl7ufETPMKSg7dqAZIxkhBg/ZWLbv75hgc3Ww1mV20vEE8s
4DUarTVIoGZZy/budBT9MKqZeTKE0ZZUFttZrzXLTRyIxky/4oWiah2Z9Vij4rNz
qUSb1drlOow+tKZrlbz3PmP8el89SPVtWyDMzOPSzA3mGTDEOi1KC+bLvV1n/Fdy
8+0f5o+V77eP3FqFCxU3I+hYZKNRQ4+a5K7KYuVJswxO
-----END CERTIFICATE-----