Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1-Boo50kngk4kJGoCOg2QDkNtX5E.roa
File:                     1-Boo50kngk4kJGoCOg2QDkNtX5E.roa (raw, json)
Hash identifier:          3+BBFqGEZbBoRjxfdp+gs4C5E0HbNx2NCgzd7yBrYgI=
Subject key identifier:   F8:1A:28:E7:49:27:82:4E:24:24:6A:02:3A:0D:90:0E:43:6D:5F:91
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       019CBA28921A335D3FD02CF707B9F9CDF850
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1-Boo50kngk4kJGoCOg2QDkNtX5E.roa
Signing time:             Wed 04 Mar 2026 18:42:26 +0000
ROA not before:           Wed 04 Mar 2026 18:42:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205489
IP address blocks:        103.110.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 13:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ba:28:92:1a:33:5d:3f:d0:2c:f7:07:b9:f9:cd:f8:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Mar  4 18:42:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f81a28e74927824e24246a023a0d900e436d5f91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a8:3d:33:92:f5:85:a0:94:fd:74:10:e5:47:
                    1f:c3:c8:7f:f1:9e:9d:43:2d:0c:99:5d:f7:78:f9:
                    1e:35:d6:14:a7:bc:a6:89:30:68:30:1b:68:b4:b1:
                    88:1a:80:e3:74:af:ed:21:c9:ab:2c:23:f6:3b:25:
                    38:2d:5e:f6:d6:d1:e7:87:b7:a7:6a:d5:19:72:b2:
                    9b:28:ba:01:d3:04:6a:54:10:66:7a:c6:b5:5e:c8:
                    1b:e4:0e:2b:66:88:40:d3:9e:92:44:95:dc:3c:bc:
                    00:f0:51:7b:f6:da:3f:b4:dd:b3:7e:ed:1e:c6:01:
                    77:85:af:4d:3b:89:8e:78:02:1b:47:39:56:d1:2b:
                    1e:2f:33:3b:0a:ff:0e:50:57:d2:b7:d0:f4:71:e0:
                    fa:8c:15:0f:96:e9:97:02:88:b4:8a:80:84:ff:ae:
                    a6:09:4e:0a:1c:41:8a:84:43:d7:f1:db:40:ac:4d:
                    9d:18:78:30:9b:e9:12:6d:26:05:b3:f7:d1:06:41:
                    2f:45:22:ae:97:49:dd:d5:b5:29:a0:6f:54:0c:12:
                    c5:1c:b1:f3:ee:84:e3:aa:5d:ad:d4:95:36:e4:34:
                    7e:05:49:cd:70:78:25:26:2b:c5:2f:bd:00:19:41:
                    31:35:af:f7:63:89:d0:00:f5:d9:40:f1:66:53:86:
                    39:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:1A:28:E7:49:27:82:4E:24:24:6A:02:3A:0D:90:0E:43:6D:5F:91
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1-Boo50kngk4kJGoCOg2QDkNtX5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.110.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:b4:a3:e4:da:c4:8d:08:f1:88:a3:bd:5c:45:ac:21:c4:22:
         7e:87:c7:14:53:0c:bc:d2:82:f4:84:b9:f6:91:8b:82:f6:4e:
         c8:cb:a2:82:85:bd:d2:b7:49:94:3b:91:b9:c3:51:e4:62:97:
         1a:0c:d5:a0:c9:af:29:2a:8b:fb:1a:da:ee:b3:17:95:1b:19:
         d9:67:d3:6a:0f:68:62:73:b2:8d:a3:b2:3a:eb:cd:ea:67:6d:
         a2:12:cd:4a:f2:2c:d1:20:3c:ae:99:91:dc:65:5e:77:ac:b7:
         fc:0c:3a:5c:70:5d:73:de:ae:c1:5c:69:67:8f:62:db:dd:d9:
         19:de:6b:7f:0c:fc:3f:ec:a3:96:b3:0c:04:29:50:4d:cb:24:
         b3:99:88:a8:e8:70:05:ff:2c:cb:dd:32:06:d7:50:b7:a5:cb:
         1c:16:69:9d:0b:0c:3e:2f:49:6c:a7:99:86:63:bf:e7:5a:03:
         82:71:7e:54:ce:f4:d9:89:f7:25:45:77:73:80:4b:8f:4d:86:
         e4:9a:45:ec:44:01:ad:66:bc:13:f4:f9:31:30:a7:16:b8:a0:
         b3:de:5d:e1:90:0f:8a:e9:69:1f:35:e4:1f:73:8f:d1:7d:7c:
         6b:3d:0d:c1:98:63:e3:96:4a:63:31:88:95:24:61:3f:93:38:
         f0:02:01:37
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZy6KJIaM10/0Cz3B7n5zfhQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwMzA0MTg0MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODFhMjhlNzQ5Mjc4MjRlMjQyNDZhMDIzYTBkOTAwZTQzNmQ1ZjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjag9M5L1haCU/XQQ5Ucfw8h/8Z6d
Qy0MmV33ePkeNdYUp7ymiTBoMBtotLGIGoDjdK/tIcmrLCP2OyU4LV721tHnh7en
atUZcrKbKLoB0wRqVBBmesa1Xsgb5A4rZohA056SRJXcPLwA8FF79to/tN2zfu0e
xgF3ha9NO4mOeAIbRzlW0SseLzM7Cv8OUFfSt9D0ceD6jBUPlumXAoi0ioCE/66m
CU4KHEGKhEPX8dtArE2dGHgwm+kSbSYFs/fRBkEvRSKul0nd1bUpoG9UDBLFHLHz
7oTjql2t1JU25DR+BUnNcHglJivFL70AGUExNa/3Y4nQAPXZQPFmU4Y5AwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPgaKOdJJ4JOJCRqAjoNkA5DbV+RMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvMS1Cb281MGtuZ2s0a0pHb0NPZzJRRGtOdFg1RS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZGMvMTVkMjcxLTA1Y2QtNDYxZS1hN2I2LTQzMDEzYjI4ZDlk
Ni8xLzFMbFRNSE5NbXE5bTBSdk5LLTNUZ1BRUS1UOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGduQzAN
BgkqhkiG9w0BAQsFAAOCAQEAY7Sj5NrEjQjxiKO9XEWsIcQifofHFFMMvNKC9IS5
9pGLgvZOyMuigoW90rdJlDuRucNR5GKXGgzVoMmvKSqL+xra7rMXlRsZ2WfTag9o
YnOyjaOyOuvN6mdtohLNSvIs0SA8rpmR3GVed6y3/Aw6XHBdc96uwVxpZ49i293Z
Gd5rfwz8P+yjlrMMBClQTcsks5mIqOhwBf8sy90yBtdQt6XLHBZpnQsMPi9JbKeZ
hmO/51oDgnF+VM702Yn3JUV3c4BLj02G5JpF7EQBrWa8E/T5MTCnFrigs95d4ZAP
iulpHzXkH3OP0X18az0NwZhj45ZKYzGIlSRhP5M48AIBNw==
-----END CERTIFICATE-----