Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/xT-jpLErIamZE0qrfTVbXvdE5u0.roa
File:                     xT-jpLErIamZE0qrfTVbXvdE5u0.roa (raw, json)
Hash identifier:          PETbWBTWC2IHCffOSKwMEvtLth5eHk0yTOpEOn8vGvI=
Subject key identifier:   C5:3F:A3:A4:B1:2B:21:A9:99:13:4A:AB:7D:35:5B:5E:F7:44:E6:ED
Certificate issuer:       /CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
Certificate serial:       019E8D4458A5EAD5B0D01D9E0B940C0C56D1
Authority key identifier: FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/xT-jpLErIamZE0qrfTVbXvdE5u0.roa
Signing time:             Wed 03 Jun 2026 11:35:27 +0000
ROA not before:           Wed 03 Jun 2026 11:35:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63930
IP address blocks:        103.166.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8d:44:58:a5:ea:d5:b0:d0:1d:9e:0b:94:0c:0c:56:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
        Validity
            Not Before: Jun  3 11:35:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c53fa3a4b12b21a999134aab7d355b5ef744e6ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:99:4f:ed:a9:e7:a9:1b:23:99:ed:28:d3:55:
                    6f:73:07:fd:73:70:83:b0:bf:17:cc:72:41:a1:78:
                    ec:50:50:0e:3c:bd:77:48:f0:bd:0f:74:4c:a1:b7:
                    f8:e3:bb:c0:31:94:b6:b5:ff:ef:95:3d:d2:6d:f7:
                    b4:14:39:77:40:2e:37:dc:d1:ea:7f:9b:82:8a:b0:
                    a3:aa:7c:6c:b0:83:1e:98:66:0a:26:6c:27:79:60:
                    c6:f3:21:fd:d1:6f:3e:65:80:81:11:20:6d:ab:b2:
                    06:42:1e:6a:5a:c7:ff:66:ba:1b:46:c8:14:08:30:
                    2c:20:27:09:1c:7e:24:ec:a5:f0:9e:32:10:bc:de:
                    49:8d:c1:ff:56:66:dc:db:53:d3:54:b3:1f:d3:dd:
                    1a:08:08:78:57:ac:03:9b:76:4d:2a:c6:31:e5:ef:
                    b8:77:0b:55:5d:e9:25:88:73:d9:46:62:59:88:ed:
                    97:4f:fb:75:c0:6e:2a:ff:f5:2e:fd:81:76:a5:fe:
                    2e:03:a2:9b:b6:76:71:f7:cb:1e:17:fc:61:5f:cd:
                    35:c5:4e:96:77:7e:e5:70:07:01:04:b8:6c:68:17:
                    ba:a5:c4:d9:4f:4b:3e:65:8f:8e:75:13:9a:4c:8e:
                    1c:53:0f:11:4e:48:79:64:5c:60:fc:50:56:1f:1a:
                    c0:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:3F:A3:A4:B1:2B:21:A9:99:13:4A:AB:7D:35:5B:5E:F7:44:E6:ED
            X509v3 Authority Key Identifier:
                keyid:FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/xT-jpLErIamZE0qrfTVbXvdE5u0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.166.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:93:ce:ab:01:13:bd:ac:5a:7c:49:51:c4:8b:d5:f0:fe:98:
         83:ec:99:51:a5:86:b4:47:47:ae:0e:78:c2:0c:e5:72:79:49:
         72:bc:45:8a:c5:7b:9a:0f:dd:68:a2:4c:74:29:3a:01:c3:71:
         79:cc:2e:2e:2d:bc:b1:e3:90:96:03:1d:1a:c9:64:8c:a6:04:
         73:ff:2a:fb:05:94:16:d0:e6:36:e3:ef:27:50:dc:e6:01:8f:
         ad:f7:7d:ba:2b:e3:0d:91:6d:b9:1a:7c:fa:46:96:4e:c9:4c:
         a0:49:74:52:19:89:cc:00:56:04:ca:1e:4c:f6:8c:4d:1e:32:
         cf:e7:81:88:a6:a5:05:b6:d2:37:7b:7f:2c:36:df:64:37:51:
         5f:02:e4:ce:b4:41:94:52:a0:be:45:90:89:8d:16:65:97:85:
         9d:a0:44:a6:d5:cc:40:70:a3:f3:74:dc:0b:82:bc:cf:c6:ed:
         33:92:41:dd:d7:2b:96:75:02:81:a0:ea:26:bd:18:2d:43:f2:
         60:8e:4e:74:aa:eb:05:cb:1e:70:58:e0:0a:bb:92:0f:38:58:
         f4:22:a6:4e:f8:c1:f5:a1:78:0a:24:f8:e0:00:ec:19:83:1f:
         46:d9:e1:48:94:2b:66:64:18:36:0d:7a:ad:44:8d:3a:9a:cf:
         3c:e4:18:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6NRFil6tWw0B2eC5QMDFbRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYjI2Mjc2NzI4NzdkMGY2ZGU5YmM0ZTdlMTg2ZWVkZDEz
NTYxMTAwHhcNMjYwNjAzMTEzNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTNmYTNhNGIxMmIyMWE5OTkxMzRhYWI3ZDM1NWI1ZWY3NDRlNmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZlP7annqRsjme0o01Vvcwf9c3CD
sL8XzHJBoXjsUFAOPL13SPC9D3RMobf447vAMZS2tf/vlT3Sbfe0FDl3QC433NHq
f5uCirCjqnxssIMemGYKJmwneWDG8yH90W8+ZYCBESBtq7IGQh5qWsf/ZrobRsgU
CDAsICcJHH4k7KXwnjIQvN5JjcH/Vmbc21PTVLMf090aCAh4V6wDm3ZNKsYx5e+4
dwtVXekliHPZRmJZiO2XT/t1wG4q//Uu/YF2pf4uA6KbtnZx98seF/xhX801xU6W
d37lcAcBBLhsaBe6pcTZT0s+ZY+OdROaTI4cUw8RTkh5ZFxg/FBWHxrAuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMU/o6SxKyGpmRNKq301W173RObtMB8GA1UdIwQY
MBaAFP+yYnZyh30Pbem8Tn4Ybu3RNWEQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgt
MTk3NDY5NDc1NThkLzEveFQtanBMRXJJYW1aRTBxcmZUVmJYdmRFNXUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgtMTk3NDY5NDc1NThk
LzEvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ6aaMA0G
CSqGSIb3DQEBCwUAA4IBAQBCk86rARO9rFp8SVHEi9Xw/piD7JlRpYa0R0euDnjC
DOVyeUlyvEWKxXuaD91ookx0KToBw3F5zC4uLbyx45CWAx0ayWSMpgRz/yr7BZQW
0OY24+8nUNzmAY+t9326K+MNkW25Gnz6RpZOyUygSXRSGYnMAFYEyh5M9oxNHjLP
54GIpqUFttI3e38sNt9kN1FfAuTOtEGUUqC+RZCJjRZll4WdoESm1cxAcKPzdNwL
grzPxu0zkkHd1yuWdQKBoOomvRgtQ/Jgjk50qusFyx5wWOAKu5IPOFj0IqZO+MH1
oXgKJPjgAOwZgx9G2eFIlCtmZBg2DXqtRI06ms885BiB
-----END CERTIFICATE-----