Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/zj6uyef49nXvuOQ5HnBYE21EEbo.roa
File:                     zj6uyef49nXvuOQ5HnBYE21EEbo.roa (raw, json)
Hash identifier:          sFC56MynYpbNdgBV5ulPA1mcU1LFECyTpsEz7+G4BXY=
Subject key identifier:   CE:3E:AE:C9:E7:F8:F6:75:EF:B8:E4:39:1E:70:58:13:6D:44:11:BA
Certificate issuer:       /CN=af734108705a95796e8577125dd300c751dfd9a8
Certificate serial:       0199287E84E727076C6F5CB0D8AB30E7D663
Authority key identifier: AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/zj6uyef49nXvuOQ5HnBYE21EEbo.roa
Signing time:             Mon 08 Sep 2025 08:43:23 +0000
ROA not before:           Mon 08 Sep 2025 08:43:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48551
IP address blocks:        103.215.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 05:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:28:7e:84:e7:27:07:6c:6f:5c:b0:d8:ab:30:e7:d6:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af734108705a95796e8577125dd300c751dfd9a8
        Validity
            Not Before: Sep  8 08:43:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce3eaec9e7f8f675efb8e4391e7058136d4411ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:14:27:79:c5:5d:c9:b4:86:ca:92:70:93:71:
                    a7:4d:9a:32:5b:e0:49:51:96:4f:49:54:7a:df:87:
                    67:75:46:7e:35:d0:24:c0:92:ad:60:0b:10:42:9b:
                    47:29:13:6d:fa:c5:fb:aa:23:99:f1:b7:ee:cb:92:
                    22:d0:16:f9:40:0a:68:0a:63:a0:23:2e:c6:f4:1c:
                    2d:b1:24:f3:7e:b4:3a:71:b8:b4:dc:e7:89:df:ea:
                    f8:48:18:46:5e:72:cb:10:8d:48:55:fa:27:17:b9:
                    34:c8:51:8f:fd:56:55:5d:ea:61:ff:da:40:09:e1:
                    80:69:a1:1d:6e:04:14:c3:ac:e2:6e:7c:ff:5b:17:
                    49:07:ae:e4:f0:ad:61:c9:3c:ce:ed:a4:f4:05:3d:
                    4a:f9:09:6d:e4:bb:52:96:ae:54:ac:8c:bf:fd:0e:
                    50:37:24:26:2e:5e:e8:eb:d3:93:a8:50:9b:99:8f:
                    76:e9:53:f9:f8:d4:9a:d1:cd:76:e3:79:24:21:d9:
                    67:9f:fa:93:30:c3:8d:da:89:d3:c7:b6:80:36:77:
                    9e:03:77:ad:75:b9:da:5b:6c:3b:7c:29:2d:92:a3:
                    26:e2:fd:a9:dc:a3:97:60:2f:ff:9a:f3:5a:82:c3:
                    aa:76:a2:33:81:31:79:71:05:ac:31:54:f1:29:d2:
                    08:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:3E:AE:C9:E7:F8:F6:75:EF:B8:E4:39:1E:70:58:13:6D:44:11:BA
            X509v3 Authority Key Identifier:
                keyid:AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/zj6uyef49nXvuOQ5HnBYE21EEbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.215.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:7d:36:85:a7:29:dc:d5:f3:40:fa:e1:8f:c0:4a:6e:4d:cb:
         70:1a:73:52:77:8e:40:89:1b:a3:c1:69:29:43:53:3e:a4:7d:
         d4:b2:33:ce:66:9e:1a:58:c8:33:f7:30:dd:f9:cf:0e:0a:01:
         62:44:d1:e0:88:7c:e5:de:22:7c:bd:a2:83:c5:61:bc:25:16:
         5c:bd:3e:9b:9c:dd:b4:d0:05:a8:4d:f8:9d:2e:e8:2b:e3:bf:
         9b:33:e3:d9:2c:e9:33:ef:d4:9b:b8:22:72:83:81:d2:23:fc:
         c4:af:df:fa:48:9b:c3:67:d1:18:1f:ed:53:a4:7b:53:af:e4:
         a0:5d:21:f8:9d:5f:f2:4e:e6:9f:d9:78:d0:83:5a:e0:ee:ef:
         0e:f6:91:5e:0d:31:8c:e5:dd:c2:41:fb:92:3c:0b:68:c5:ab:
         a7:6d:18:dd:fa:db:16:4f:fa:05:ea:bc:1d:b4:c1:80:dc:ea:
         1f:b2:0a:1c:2c:83:07:a7:d6:c1:06:de:28:0f:8f:59:14:6a:
         5d:7e:b0:a1:39:c3:fe:bb:60:12:54:63:9e:df:7d:8e:80:af:
         10:88:71:a1:61:33:00:23:f2:a9:82:a8:f9:cc:e2:02:e6:9a:
         cf:3d:2f:f3:07:d0:24:5d:f3:a1:3f:4e:09:8f:25:f4:4d:d2:
         ec:25:b2:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkofoTnJwdsb1yw2Ksw59ZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzM0MTA4NzA1YTk1Nzk2ZTg1NzcxMjVkZDMwMGM3NTFk
ZmQ5YTgwHhcNMjUwOTA4MDg0MzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTNlYWVjOWU3ZjhmNjc1ZWZiOGU0MzkxZTcwNTgxMzZkNDQxMWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBQnecVdybSGypJwk3GnTZoyW+BJ
UZZPSVR634dndUZ+NdAkwJKtYAsQQptHKRNt+sX7qiOZ8bfuy5Ii0Bb5QApoCmOg
Iy7G9BwtsSTzfrQ6cbi03OeJ3+r4SBhGXnLLEI1IVfonF7k0yFGP/VZVXeph/9pA
CeGAaaEdbgQUw6zibnz/WxdJB67k8K1hyTzO7aT0BT1K+Qlt5LtSlq5UrIy//Q5Q
NyQmLl7o69OTqFCbmY926VP5+NSa0c1243kkIdlnn/qTMMON2onTx7aANneeA3et
dbnaW2w7fCktkqMm4v2p3KOXYC//mvNagsOqdqIzgTF5cQWsMVTxKdIIcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4+rsnn+PZ177jkOR5wWBNtRBG6MB8GA1UdIwQY
MBaAFK9zQQhwWpV5boV3El3TAMdR39moMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUt
MThkMWE0MDZhYWVkLzEvemo2dXllZjQ5blh2dU9RNUhuQllFMjFFRWJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUtMThkMWE0MDZhYWVk
LzEvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ9feMA0G
CSqGSIb3DQEBCwUAA4IBAQBufTaFpync1fNA+uGPwEpuTctwGnNSd45AiRujwWkp
Q1M+pH3UsjPOZp4aWMgz9zDd+c8OCgFiRNHgiHzl3iJ8vaKDxWG8JRZcvT6bnN20
0AWoTfidLugr47+bM+PZLOkz79SbuCJyg4HSI/zEr9/6SJvDZ9EYH+1TpHtTr+Sg
XSH4nV/yTuaf2XjQg1rg7u8O9pFeDTGM5d3CQfuSPAtoxaunbRjd+tsWT/oF6rwd
tMGA3OofsgocLIMHp9bBBt4oD49ZFGpdfrChOcP+u2ASVGOe332OgK8QiHGhYTMA
I/Kpgqj5zOIC5prPPS/zB9AkXfOhP04JjyX0TdLsJbJ3
-----END CERTIFICATE-----