Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/BrBKHOsxOXTPDaDTFE_0ht1sPj0.roa
File:                     BrBKHOsxOXTPDaDTFE_0ht1sPj0.roa (raw, json)
Hash identifier:          D9QGOL/R8abF0av4nWcGSjWPmZZKdQq/REJnBWzwZ5c=
Subject key identifier:   06:B0:4A:1C:EB:31:39:74:CF:0D:A0:D3:14:4F:F4:86:DD:6C:3E:3D
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0198F8A40999332DC879A4A98C5300C591D1
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/BrBKHOsxOXTPDaDTFE_0ht1sPj0.roa
Signing time:             Sat 30 Aug 2025 01:42:36 +0000
ROA not before:           Sat 30 Aug 2025 01:42:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214432
IP address blocks:        103.47.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 23:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f8:a4:09:99:33:2d:c8:79:a4:a9:8c:53:00:c5:91:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Aug 30 01:42:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06b04a1ceb313974cf0da0d3144ff486dd6c3e3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:2a:29:d1:99:09:cc:9f:ae:83:8e:19:db:b4:
                    13:cd:b0:27:fe:f9:73:11:6e:53:77:4e:64:bf:6f:
                    3c:bd:a7:ca:7b:d9:94:34:69:88:89:7a:a0:81:57:
                    92:d9:40:cf:09:8b:3c:12:07:6c:25:00:f5:35:a1:
                    ec:e7:26:7e:fe:37:72:b4:f9:35:67:11:7b:07:b0:
                    40:94:b0:f4:5e:77:94:87:2b:08:2d:0f:37:05:5c:
                    53:4e:86:4e:ed:f5:4d:48:46:87:d8:ce:10:ac:46:
                    dc:6c:9e:12:14:b6:c1:df:87:b2:d5:02:40:a6:fc:
                    9b:50:3b:22:c6:5f:8d:7a:8f:83:32:24:50:26:f7:
                    9a:56:e4:c0:9d:b2:db:5c:12:6e:e2:3b:a9:81:d5:
                    d5:64:34:5f:fc:c4:fc:95:a8:9b:cd:39:a1:97:3d:
                    d5:ef:12:82:87:32:62:e9:45:00:d8:02:86:92:24:
                    4f:bf:a5:e5:80:37:ce:84:40:4f:b4:3f:e3:9e:d2:
                    79:98:d0:66:3f:1a:43:98:85:e4:b7:06:46:a0:45:
                    d5:7d:29:23:e3:ee:29:da:25:0d:6f:60:5e:f7:82:
                    9b:bf:b9:01:cf:c8:d4:aa:d8:e9:f3:f0:49:97:60:
                    8a:6c:e7:59:05:61:4d:ae:de:49:ac:bd:7b:fb:dc:
                    df:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:B0:4A:1C:EB:31:39:74:CF:0D:A0:D3:14:4F:F4:86:DD:6C:3E:3D
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/BrBKHOsxOXTPDaDTFE_0ht1sPj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.47.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:7b:36:75:b7:cd:29:b0:62:11:c4:ed:0d:47:00:e1:21:fa:
         b5:1d:34:2c:e5:9f:8e:92:bb:79:ae:50:8a:30:3f:83:c2:1f:
         2f:aa:74:f2:de:7a:cc:c5:ba:df:b9:72:d8:b8:c1:d2:21:48:
         1e:46:29:ac:01:55:ea:22:3c:fa:af:33:13:38:7a:c3:18:47:
         09:66:23:00:b0:c5:1a:e2:68:2e:83:11:b0:8a:d4:87:d1:a9:
         39:fc:d8:f4:f7:6f:05:8a:85:77:08:bf:b4:ae:6c:ec:ef:e3:
         38:00:fa:98:9b:00:1c:bd:7c:25:80:e0:6b:8e:2b:5d:e5:e0:
         2b:0b:df:82:ff:c4:09:55:76:da:cd:15:c8:86:a0:c7:c9:01:
         16:a6:b7:3e:d0:4f:63:c0:ea:8d:37:81:26:f8:fa:20:38:71:
         61:0f:b6:8c:92:4c:d5:16:bf:1f:c0:6b:5d:2d:14:6e:04:e4:
         ee:70:66:59:eb:57:b0:7f:91:ba:f6:c4:58:1b:f1:6b:23:54:
         65:3d:bb:f2:17:01:c2:cd:6e:25:5e:28:86:8a:94:78:8f:bd:
         f3:15:63:1b:80:1a:ca:ac:f8:7f:7c:fd:9f:6c:7a:f4:e8:cb:
         ec:af:b8:50:ed:a3:a6:8c:8d:7d:0b:8c:6c:65:b7:87:7b:c8:
         9b:33:67:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj4pAmZMy3IeaSpjFMAxZHRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwODMwMDE0MjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmIwNGExY2ViMzEzOTc0Y2YwZGEwZDMxNDRmZjQ4NmRkNmMzZTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSop0ZkJzJ+ug44Z27QTzbAn/vlz
EW5Td05kv288vafKe9mUNGmIiXqggVeS2UDPCYs8EgdsJQD1NaHs5yZ+/jdytPk1
ZxF7B7BAlLD0XneUhysILQ83BVxTToZO7fVNSEaH2M4QrEbcbJ4SFLbB34ey1QJA
pvybUDsixl+Neo+DMiRQJveaVuTAnbLbXBJu4jupgdXVZDRf/MT8laibzTmhlz3V
7xKChzJi6UUA2AKGkiRPv6XlgDfOhEBPtD/jntJ5mNBmPxpDmIXktwZGoEXVfSkj
4+4p2iUNb2Be94Kbv7kBz8jUqtjp8/BJl2CKbOdZBWFNrt5JrL17+9zfpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAawShzrMTl0zw2g0xRP9IbdbD49MB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvQnJCS0hPc3hPWFRQRGFEVEZFXzBodDFzUGowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZy87MA0G
CSqGSIb3DQEBCwUAA4IBAQANezZ1t80psGIRxO0NRwDhIfq1HTQs5Z+Okrt5rlCK
MD+Dwh8vqnTy3nrMxbrfuXLYuMHSIUgeRimsAVXqIjz6rzMTOHrDGEcJZiMAsMUa
4mgugxGwitSH0ak5/Nj0928FioV3CL+0rmzs7+M4APqYmwAcvXwlgOBrjitd5eAr
C9+C/8QJVXbazRXIhqDHyQEWprc+0E9jwOqNN4Em+PogOHFhD7aMkkzVFr8fwGtd
LRRuBOTucGZZ61ewf5G69sRYG/FrI1RlPbvyFwHCzW4lXiiGipR4j73zFWMbgBrK
rPh/fP2fbHr06Mvsr7hQ7aOmjI19C4xsZbeHe8ibM2c1
-----END CERTIFICATE-----