Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/3b721iVPXhPrfQ5uahuCZ44BMCQ.roa
File:                     3b721iVPXhPrfQ5uahuCZ44BMCQ.roa (raw, json)
Hash identifier:          JcxOQtPYz8quo5toVQJKeZMI0XlmDd4cW81yVaBnRh4=
Subject key identifier:   DD:BE:F6:D6:25:4F:5E:13:EB:7D:0E:6E:6A:1B:82:67:8E:01:30:24
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019EA7E51C402E2998BC8DA583EDCF63F8F6
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/3b721iVPXhPrfQ5uahuCZ44BMCQ.roa
Signing time:             Mon 08 Jun 2026 15:41:10 +0000
ROA not before:           Mon 08 Jun 2026 15:41:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197246
IP address blocks:        103.41.46.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 16:09:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a7:e5:1c:40:2e:29:98:bc:8d:a5:83:ed:cf:63:f8:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jun  8 15:41:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ddbef6d6254f5e13eb7d0e6e6a1b82678e013024
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:6d:65:7f:27:64:2c:5f:e1:90:13:0a:a8:d6:
                    59:d2:61:2b:cd:32:c4:dc:1b:03:93:5b:bf:39:41:
                    64:37:c6:44:a6:4d:d0:02:b4:82:c5:b3:dc:b5:21:
                    82:8a:8a:b2:81:bd:0f:bf:80:cb:fa:d6:93:33:dc:
                    f2:a8:b4:5d:65:77:30:1f:b5:9a:5b:33:fa:f2:a9:
                    33:4b:4e:f4:d0:ea:10:ee:44:18:24:a1:ec:e1:d7:
                    62:83:6c:82:cb:f8:04:75:d5:af:1f:a7:14:62:c6:
                    f3:b4:53:08:60:60:c4:8c:5f:7f:56:d8:7e:ab:a9:
                    41:2d:50:5c:49:41:4d:74:67:62:ce:71:46:04:44:
                    ee:54:b2:91:a1:c3:c2:a0:2e:c3:5c:6c:03:80:03:
                    4d:9c:eb:af:42:6d:ce:6a:56:f4:11:3f:e5:ec:b0:
                    9d:01:b5:03:6b:d5:d5:30:6e:bb:b2:ef:1a:8b:eb:
                    c2:48:3d:bf:8c:a7:c9:d1:74:72:00:e3:91:e5:d6:
                    02:5c:f3:9b:b2:06:16:86:b0:f4:03:ba:11:d5:f0:
                    92:c4:e8:10:21:cb:bc:c3:c3:63:64:22:60:9c:8a:
                    78:b0:88:dc:22:d8:77:99:d6:6b:31:d2:74:64:ae:
                    34:0f:98:d7:ae:2a:e6:53:56:93:d6:67:f9:c7:a3:
                    c8:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:BE:F6:D6:25:4F:5E:13:EB:7D:0E:6E:6A:1B:82:67:8E:01:30:24
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/3b721iVPXhPrfQ5uahuCZ44BMCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.41.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:1e:c2:5d:24:f0:60:20:79:ec:e0:fc:cd:d9:b9:9d:79:8b:
         1b:79:bd:98:33:68:75:23:be:f9:5f:ff:ee:4e:a9:97:7f:19:
         43:c2:d7:13:a7:24:10:a7:1c:e7:98:3e:1d:b5:91:70:3a:3c:
         03:d2:0c:12:1b:61:b5:a8:14:08:75:c4:a4:ef:06:09:78:87:
         44:95:4e:68:c1:e5:ea:ed:48:8b:d1:45:6b:89:5b:34:d7:b3:
         ca:f4:af:36:f5:8a:3c:5c:e0:d6:71:d3:97:33:27:db:67:02:
         2d:95:02:61:89:f9:40:30:8a:e5:12:c5:cd:b6:05:51:52:cc:
         66:03:72:0d:e9:5a:c2:16:39:95:ea:06:09:c6:75:bc:75:51:
         ad:c0:63:ff:a8:16:23:3b:12:1e:da:ae:84:36:c4:04:cf:5b:
         00:27:67:20:3f:5a:60:32:c5:47:13:bb:40:b4:49:9b:15:39:
         d6:eb:62:d4:f4:3e:3b:07:87:8e:80:89:07:f0:8e:18:97:84:
         df:98:f2:aa:9e:ac:b0:a5:8c:dc:06:66:43:16:bf:98:f2:81:
         71:92:8e:ad:85:3c:5f:bb:92:7b:d7:03:fa:9d:8a:ed:be:1d:
         a6:d5:65:cc:85:f8:a8:fa:c5:db:f9:2c:88:f5:7d:91:0d:53:
         19:49:79:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6n5RxALimYvI2lg+3PY/j2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNjA4MTU0MTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGJlZjZkNjI1NGY1ZTEzZWI3ZDBlNmU2YTFiODI2NzhlMDEzMDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx21lfydkLF/hkBMKqNZZ0mErzTLE
3BsDk1u/OUFkN8ZEpk3QArSCxbPctSGCioqygb0Pv4DL+taTM9zyqLRdZXcwH7Wa
WzP68qkzS0700OoQ7kQYJKHs4ddig2yCy/gEddWvH6cUYsbztFMIYGDEjF9/Vth+
q6lBLVBcSUFNdGdiznFGBETuVLKRocPCoC7DXGwDgANNnOuvQm3Oalb0ET/l7LCd
AbUDa9XVMG67su8ai+vCSD2/jKfJ0XRyAOOR5dYCXPObsgYWhrD0A7oR1fCSxOgQ
Icu8w8NjZCJgnIp4sIjcIth3mdZrMdJ0ZK40D5jXrirmU1aT1mf5x6PIkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN2+9tYlT14T630ObmobgmeOATAkMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvM2I3MjFpVlBYaFByZlE1dWFodUNaNDRCTUNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZykuMA0G
CSqGSIb3DQEBCwUAA4IBAQCXHsJdJPBgIHns4PzN2bmdeYsbeb2YM2h1I775X//u
TqmXfxlDwtcTpyQQpxznmD4dtZFwOjwD0gwSG2G1qBQIdcSk7wYJeIdElU5oweXq
7UiL0UVriVs017PK9K829Yo8XODWcdOXMyfbZwItlQJhiflAMIrlEsXNtgVRUsxm
A3IN6VrCFjmV6gYJxnW8dVGtwGP/qBYjOxIe2q6ENsQEz1sAJ2cgP1pgMsVHE7tA
tEmbFTnW62LU9D47B4eOgIkH8I4Yl4TfmPKqnqywpYzcBmZDFr+Y8oFxko6thTxf
u5J71wP6nYrtvh2m1WXMhfio+sXb+SyI9X2RDVMZSXne
-----END CERTIFICATE-----