Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/vlOdF_uibG-huW-j6fXH-UDEaY4.roa
File:                     vlOdF_uibG-huW-j6fXH-UDEaY4.roa (raw, json)
Hash identifier:          OXZs4OBvNEbNcTeLJRMeH9QOxHFAesReIyqbgtBtOHQ=
Subject key identifier:   BE:53:9D:17:FB:A2:6C:6F:A1:B9:6F:A3:E9:F5:C7:F9:40:C4:69:8E
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019DBAEBC519CB160B579B2462D048046559
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/vlOdF_uibG-huW-j6fXH-UDEaY4.roa
Signing time:             Thu 23 Apr 2026 15:18:26 +0000
ROA not before:           Thu 23 Apr 2026 15:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150293
IP address blocks:        103.17.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 02 May 2026 23:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ba:eb:c5:19:cb:16:0b:57:9b:24:62:d0:48:04:65:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Apr 23 15:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=be539d17fba26c6fa1b96fa3e9f5c7f940c4698e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c3:8e:a6:9d:33:6d:39:03:5f:62:4f:9e:69:
                    ad:a2:ec:28:b0:36:f1:b9:20:c4:6b:92:a6:80:b0:
                    51:85:f0:08:b4:b5:fc:af:8d:43:3f:23:9f:6b:e4:
                    cf:d4:2a:14:47:18:68:48:7a:79:24:75:ff:f1:0f:
                    5b:e5:44:80:e8:5f:f4:b3:05:a3:3e:ac:40:e0:b0:
                    06:d3:f8:45:30:a0:ee:6d:c6:b3:e2:d4:af:b7:36:
                    90:0a:f4:63:59:c5:b6:9f:ad:ef:0a:c7:36:8e:5e:
                    76:08:7b:cd:95:6a:b6:de:d7:6f:4e:8a:db:76:6e:
                    79:54:0d:54:01:5d:93:ad:a6:59:64:16:64:cd:b0:
                    74:83:6c:5d:b9:86:62:9b:22:40:f3:96:2a:0c:30:
                    b4:c6:3b:c6:cc:39:18:91:bc:33:ed:bc:49:51:a3:
                    a4:5d:15:cf:a5:ca:8e:0c:5a:aa:3b:d2:ed:7d:d4:
                    e8:f0:13:3c:bd:fd:ea:47:c9:a0:27:e0:a4:4b:60:
                    d4:f7:99:92:3b:45:96:26:35:7a:92:b8:2e:35:81:
                    7e:83:d9:c2:d3:75:ee:bc:f0:37:f5:5c:01:b9:be:
                    5a:ae:f4:34:ac:f8:43:a4:6d:0b:1e:c7:7e:60:4f:
                    3e:92:51:79:80:93:f9:02:dd:76:04:ff:56:64:3a:
                    52:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:53:9D:17:FB:A2:6C:6F:A1:B9:6F:A3:E9:F5:C7:F9:40:C4:69:8E
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/vlOdF_uibG-huW-j6fXH-UDEaY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.17.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:05:34:ff:34:b8:06:e2:e3:a7:a5:60:1e:a8:28:a6:7c:ba:
         71:31:fd:0c:28:ab:05:a4:e8:70:68:cf:57:f4:72:d8:86:09:
         4b:25:17:c9:1f:84:c1:3d:43:9d:b5:56:9d:5b:c1:e2:27:59:
         b0:7c:aa:2a:64:65:9c:7b:2b:34:76:51:68:97:02:70:df:80:
         a0:fa:02:fa:db:05:fe:bb:cc:9a:b4:9f:8f:a2:30:83:ef:68:
         f0:1e:01:5e:8e:c2:d7:7b:c3:6d:45:61:bf:49:6b:1f:10:8c:
         58:84:9d:fc:01:66:c7:fd:75:37:b4:ac:69:54:a2:32:bf:07:
         a4:45:97:53:85:59:0a:21:3d:64:a8:fe:28:47:fb:dd:98:17:
         cf:48:95:e7:6d:d0:18:db:2b:39:3d:85:b7:e8:b0:6a:a5:f3:
         f7:f8:a9:cd:54:ae:67:c3:b2:50:ad:73:0a:36:8d:97:f4:21:
         ec:5d:9f:38:1b:35:c3:29:d7:33:88:20:f8:17:e0:ec:c0:0d:
         fd:9c:e1:37:25:a8:d2:55:d9:00:00:15:34:76:e7:8e:d8:ee:
         5d:63:8b:9f:80:f1:12:8a:ba:a1:81:14:2e:b4:c0:c1:e2:89:
         3d:d5:c8:74:87:e9:cd:5b:aa:36:17:16:67:7d:1d:4c:53:b3:
         a8:9b:02:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2668UZyxYLV5skYtBIBGVZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNDIzMTUxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTUzOWQxN2ZiYTI2YzZmYTFiOTZmYTNlOWY1YzdmOTQwYzQ2OThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMOOpp0zbTkDX2JPnmmtouwosDbx
uSDEa5KmgLBRhfAItLX8r41DPyOfa+TP1CoURxhoSHp5JHX/8Q9b5USA6F/0swWj
PqxA4LAG0/hFMKDubcaz4tSvtzaQCvRjWcW2n63vCsc2jl52CHvNlWq23tdvTorb
dm55VA1UAV2TraZZZBZkzbB0g2xduYZimyJA85YqDDC0xjvGzDkYkbwz7bxJUaOk
XRXPpcqODFqqO9LtfdTo8BM8vf3qR8mgJ+CkS2DU95mSO0WWJjV6krguNYF+g9nC
03XuvPA39VwBub5arvQ0rPhDpG0LHsd+YE8+klF5gJP5At12BP9WZDpSeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5TnRf7omxvoblvo+n1x/lAxGmOMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvdmxPZEZfdWliRy1odVctajZmWEgtVURFYVk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZxHLMA0G
CSqGSIb3DQEBCwUAA4IBAQAtBTT/NLgG4uOnpWAeqCimfLpxMf0MKKsFpOhwaM9X
9HLYhglLJRfJH4TBPUOdtVadW8HiJ1mwfKoqZGWceys0dlFolwJw34Cg+gL62wX+
u8yatJ+PojCD72jwHgFejsLXe8NtRWG/SWsfEIxYhJ38AWbH/XU3tKxpVKIyvwek
RZdThVkKIT1kqP4oR/vdmBfPSJXnbdAY2ys5PYW36LBqpfP3+KnNVK5nw7JQrXMK
No2X9CHsXZ84GzXDKdcziCD4F+DswA39nOE3JajSVdkAABU0dueO2O5dY4ufgPES
irqhgRQutMDB4ok91ch0h+nNW6o2FxZnfR1MU7OomwKS
-----END CERTIFICATE-----