Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/xakVfcHMl_3waxWLag9wjIyIEyY.roa
File:                     xakVfcHMl_3waxWLag9wjIyIEyY.roa (raw, json)
Hash identifier:          8zAufra/LX45mNIP6WBoxyrn6rEShlzjSf5RR8HSpQA=
Subject key identifier:   C5:A9:15:7D:C1:CC:97:FD:F0:6B:15:8B:6A:0F:70:8C:8C:88:13:26
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       019E5A8269F570D8D34B0B8F6C08F54E0521
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/xakVfcHMl_3waxWLag9wjIyIEyY.roa
Signing time:             Sun 24 May 2026 15:02:36 +0000
ROA not before:           Sun 24 May 2026 15:02:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401776
IP address blocks:        103.17.98.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 13:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5a:82:69:f5:70:d8:d3:4b:0b:8f:6c:08:f5:4e:05:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: May 24 15:02:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c5a9157dc1cc97fdf06b158b6a0f708c8c881326
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:02:15:b3:17:e2:11:0d:52:e7:4a:85:f8:16:
                    d5:d5:af:d9:78:29:5b:86:2e:10:97:48:9d:4a:de:
                    35:95:35:5e:d1:cd:e2:e2:9d:9f:08:a7:85:ce:0d:
                    5c:5d:f2:54:9a:09:a5:ed:4a:6a:76:c4:de:95:3f:
                    0f:fa:f4:c6:74:7e:9b:d4:af:5c:0c:83:8e:92:83:
                    44:8d:76:9f:49:18:8b:79:4c:ce:b3:a1:32:c5:ec:
                    d9:f7:87:55:41:b8:47:ca:25:80:60:31:71:e0:30:
                    b6:d8:11:46:5b:6e:e2:ce:34:f9:4f:d7:03:35:70:
                    69:c6:3e:27:f0:a6:f1:1d:a2:50:21:0e:17:09:ce:
                    47:73:89:7d:dd:00:3a:50:1d:ab:fc:e9:cc:20:eb:
                    c2:e1:55:db:86:99:18:49:8c:a1:58:9c:04:31:7e:
                    43:62:1c:9c:10:9f:f2:f4:b6:82:d9:a3:5d:a3:3d:
                    ed:fa:39:fe:3a:14:f1:9a:6b:a3:ae:27:53:ea:a2:
                    9b:5d:93:e0:0f:55:79:a0:4e:22:a8:09:4f:6e:a7:
                    78:e9:b6:4b:1e:aa:26:0d:90:6f:f9:50:b7:fc:c2:
                    17:28:ea:8d:ac:ba:fc:a9:0a:54:03:f3:73:0b:0e:
                    e0:e0:af:75:f9:48:34:5c:03:3f:bf:e7:f0:af:fb:
                    1b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:A9:15:7D:C1:CC:97:FD:F0:6B:15:8B:6A:0F:70:8C:8C:88:13:26
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/xakVfcHMl_3waxWLag9wjIyIEyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.17.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:92:f6:f7:c2:05:9a:57:b5:ae:93:05:4a:9b:8f:94:21:d1:
         1a:2d:60:d2:de:1f:52:27:be:c2:a5:10:bc:9b:e4:3e:d8:e3:
         13:2e:8a:70:77:9f:8c:95:68:f2:2d:f5:bb:6b:1a:28:f1:d7:
         a1:04:53:06:6b:02:01:a7:be:8a:56:72:80:ba:da:44:7b:c0:
         31:57:10:18:9e:da:56:fc:7b:d6:55:38:2f:d9:13:99:8c:50:
         cd:54:36:91:00:53:df:0c:ec:ff:1e:d1:b1:97:1d:02:07:d3:
         90:20:5a:9b:40:3a:6b:f5:ea:02:fa:26:c5:8f:ce:c3:f0:6c:
         53:fd:09:af:26:c7:aa:c2:77:4f:e4:b4:ea:68:01:4c:62:c6:
         7f:df:99:c0:b8:a5:9e:47:ca:fa:de:21:11:d1:af:63:f5:55:
         c5:99:df:39:db:fc:cb:f8:9f:1e:4a:67:88:5e:88:42:8a:2d:
         27:be:03:7a:1a:b3:d0:db:65:59:c0:80:ac:6a:cf:b5:3f:33:
         86:cb:ec:ae:7b:ec:bf:95:c9:d2:37:de:7d:65:b3:5e:da:c5:
         c5:41:af:ac:54:df:ae:aa:14:b9:56:97:31:fe:ca:5b:75:a5:
         d8:45:de:d9:18:1b:4e:04:e6:bd:ad:54:9e:ab:3a:51:f2:55:
         af:fa:8f:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5agmn1cNjTSwuPbAj1TgUhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjYwNTI0MTUwMjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWE5MTU3ZGMxY2M5N2ZkZjA2YjE1OGI2YTBmNzA4YzhjODgxMzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzAIVsxfiEQ1S50qF+BbV1a/ZeClb
hi4Ql0idSt41lTVe0c3i4p2fCKeFzg1cXfJUmgml7UpqdsTelT8P+vTGdH6b1K9c
DIOOkoNEjXafSRiLeUzOs6EyxezZ94dVQbhHyiWAYDFx4DC22BFGW27izjT5T9cD
NXBpxj4n8KbxHaJQIQ4XCc5Hc4l93QA6UB2r/OnMIOvC4VXbhpkYSYyhWJwEMX5D
YhycEJ/y9LaC2aNdoz3t+jn+OhTxmmujridT6qKbXZPgD1V5oE4iqAlPbqd46bZL
HqomDZBv+VC3/MIXKOqNrLr8qQpUA/NzCw7g4K91+Ug0XAM/v+fwr/sbkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWpFX3BzJf98GsVi2oPcIyMiBMmMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEveGFrVmZjSE1sXzN3YXhXTGFnOXdqSXlJRXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZxFiMA0G
CSqGSIb3DQEBCwUAA4IBAQAjkvb3wgWaV7WukwVKm4+UIdEaLWDS3h9SJ77CpRC8
m+Q+2OMTLopwd5+MlWjyLfW7axoo8dehBFMGawIBp76KVnKAutpEe8AxVxAYntpW
/HvWVTgv2ROZjFDNVDaRAFPfDOz/HtGxlx0CB9OQIFqbQDpr9eoC+ibFj87D8GxT
/QmvJseqwndP5LTqaAFMYsZ/35nAuKWeR8r63iER0a9j9VXFmd852/zL+J8eSmeI
XohCii0nvgN6GrPQ22VZwICsas+1PzOGy+yue+y/lcnSN959ZbNe2sXFQa+sVN+u
qhS5Vpcx/spbdaXYRd7ZGBtOBOa9rVSeqzpR8lWv+o+q
-----END CERTIFICATE-----