Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/s48sSyJHNJwSvunqtsfcyOdkKRo.roa
File:                     s48sSyJHNJwSvunqtsfcyOdkKRo.roa (raw, json)
Hash identifier:          DBTYguqX/+2azhbvezY83UbGDSF278yEDKqBBt5lyWU=
Subject key identifier:   B3:8F:2C:4B:22:47:34:9C:12:BE:E9:EA:B6:C7:DC:C8:E7:64:29:1A
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019CF77C15063FCC8F9557A2A9FC23C9CF54
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/s48sSyJHNJwSvunqtsfcyOdkKRo.roa
Signing time:             Mon 16 Mar 2026 16:30:30 +0000
ROA not before:           Mon 16 Mar 2026 16:30:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        43.242.139.0/24 maxlen: 24
                          103.102.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Mar 2026 00:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f7:7c:15:06:3f:cc:8f:95:57:a2:a9:fc:23:c9:cf:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Mar 16 16:30:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b38f2c4b2247349c12bee9eab6c7dcc8e764291a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:df:a7:23:3d:14:4b:97:94:7e:52:39:1e:90:
                    6b:06:c9:f8:11:66:8d:8b:78:55:5b:c2:9f:63:15:
                    5c:aa:aa:0d:49:71:62:34:c4:44:08:3b:f1:7a:ff:
                    0b:26:37:28:36:49:7e:47:69:28:fd:b0:e9:48:d7:
                    12:da:3e:49:23:cf:69:38:29:d5:b3:9b:af:3b:09:
                    c0:e1:65:61:86:5f:d8:c2:63:08:23:fd:e9:4e:15:
                    49:79:44:70:0f:0a:ff:31:75:18:07:4e:f6:4c:ea:
                    12:1c:ae:48:fb:ed:53:64:d0:11:0e:b5:98:f3:8e:
                    48:59:38:09:00:0a:2f:f7:0f:3a:91:7d:e8:7f:f8:
                    22:ab:46:6d:1c:21:c7:3f:56:30:ce:09:01:ed:ac:
                    37:0f:9c:b3:44:9c:48:e6:61:1a:bb:c7:f1:2b:65:
                    67:73:f6:56:b6:4d:1c:85:42:52:69:91:04:61:11:
                    f8:73:f6:62:6c:35:9d:ba:a0:16:8b:98:1b:a3:67:
                    4e:09:1e:bb:1f:37:f9:16:9e:e6:1b:60:c8:3a:43:
                    dd:25:a1:b4:3d:99:81:00:5d:0b:c2:0e:e3:2f:f3:
                    2c:ea:19:62:ba:55:bf:af:7a:91:f2:4f:3a:af:56:
                    27:0e:9d:3b:90:4c:86:1f:aa:24:d8:bb:16:ae:66:
                    2b:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:8F:2C:4B:22:47:34:9C:12:BE:E9:EA:B6:C7:DC:C8:E7:64:29:1A
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/s48sSyJHNJwSvunqtsfcyOdkKRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.242.139.0/24
                  103.102.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:c1:2e:f6:73:fa:40:09:ac:c4:97:44:11:eb:c1:c3:44:99:
         7a:c6:e1:e5:26:c0:b3:cc:5c:f2:d4:1c:cb:87:38:03:29:6c:
         e5:fa:4f:89:c3:89:f7:8e:0c:d1:ce:59:60:75:53:95:09:04:
         da:15:70:25:ba:c7:d4:42:ab:36:1d:38:2d:d4:de:c3:c0:c3:
         35:f4:87:16:5b:ec:c5:3d:ec:a5:c6:a1:74:85:38:99:9e:ec:
         81:2e:01:66:8a:f7:0e:9e:2d:99:4a:a8:c5:7f:65:59:5b:0c:
         9d:93:ad:69:34:22:d2:6a:03:2e:2b:d2:b8:86:05:c5:4e:1c:
         af:60:95:c1:8d:2c:70:c9:df:be:b3:7a:7a:f6:d4:67:be:93:
         24:ee:94:c2:7c:04:d5:0e:f0:0f:9b:81:f3:17:48:78:79:42:
         0b:45:3b:9a:74:f8:e5:8d:e1:ea:9b:27:5e:50:e0:c8:a0:aa:
         50:fd:fa:5a:aa:e2:61:5a:b0:7a:7f:6c:ff:dd:52:ea:9b:16:
         7a:72:3f:60:d7:e4:87:ef:4d:8b:7e:2d:7d:0a:f0:e5:9c:3a:
         58:51:4a:c3:8a:ac:dc:1d:50:9a:e4:47:5f:26:fb:ac:32:74:
         f3:5f:ed:a3:7a:43:44:e2:a8:69:ae:65:7d:a3:fc:db:39:b9:
         3c:3a:52:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZz3fBUGP8yPlVeiqfwjyc9UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwMzE2MTYzMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzhmMmM0YjIyNDczNDljMTJiZWU5ZWFiNmM3ZGNjOGU3NjQyOTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnt+nIz0US5eUflI5HpBrBsn4EWaN
i3hVW8KfYxVcqqoNSXFiNMRECDvxev8LJjcoNkl+R2ko/bDpSNcS2j5JI89pOCnV
s5uvOwnA4WVhhl/YwmMII/3pThVJeURwDwr/MXUYB072TOoSHK5I++1TZNARDrWY
845IWTgJAAov9w86kX3of/giq0ZtHCHHP1YwzgkB7aw3D5yzRJxI5mEau8fxK2Vn
c/ZWtk0chUJSaZEEYRH4c/ZibDWduqAWi5gbo2dOCR67Hzf5Fp7mG2DIOkPdJaG0
PZmBAF0Lwg7jL/Ms6hliulW/r3qR8k86r1YnDp07kEyGH6ok2LsWrmYrCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLOPLEsiRzScEr7p6rbH3MjnZCkaMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvczQ4c1N5SkhOSndTdnVucXRzZmN5T2RrS1JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAK/KLAwQA
Z2aFMA0GCSqGSIb3DQEBCwUAA4IBAQBDwS72c/pACazEl0QR68HDRJl6xuHlJsCz
zFzy1BzLhzgDKWzl+k+Jw4n3jgzRzllgdVOVCQTaFXAlusfUQqs2HTgt1N7DwMM1
9IcWW+zFPeylxqF0hTiZnuyBLgFmivcOni2ZSqjFf2VZWwydk61pNCLSagMuK9K4
hgXFThyvYJXBjSxwyd++s3p69tRnvpMk7pTCfATVDvAPm4HzF0h4eUILRTuadPjl
jeHqmydeUODIoKpQ/fpaquJhWrB6f2z/3VLqmxZ6cj9g1+SH702Lfi19CvDlnDpY
UUrDiqzcHVCa5EdfJvusMnTzX+2jekNE4qhprmV9o/zbObk8OlKI
-----END CERTIFICATE-----