Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/fJTMMWwByN7hphZb0tv_TE2Yvo4.roa
File:                     fJTMMWwByN7hphZb0tv_TE2Yvo4.roa (raw, json)
Hash identifier:          angDRpJs0fbux+XYuzP3Y/VKJHLeYhAHfy7qvUCjIek=
Subject key identifier:   7C:94:CC:31:6C:01:C8:DE:E1:A6:16:5B:D2:DB:FF:4C:4D:98:BE:8E
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       019A0341017C01BACB46D9C730A540060FF1
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/fJTMMWwByN7hphZb0tv_TE2Yvo4.roa
Signing time:             Mon 20 Oct 2025 20:13:03 +0000
ROA not before:           Mon 20 Oct 2025 20:13:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210456
IP address blocks:        103.102.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Oct 2025 05:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:03:41:01:7c:01:ba:cb:46:d9:c7:30:a5:40:06:0f:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: Oct 20 20:13:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c94cc316c01c8dee1a6165bd2dbff4c4d98be8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:46:99:8a:c3:01:df:0f:bb:41:aa:9e:28:54:
                    8d:6d:18:d8:4f:43:de:2e:ca:f5:41:b4:dc:46:8c:
                    ae:33:ef:2e:90:db:52:13:5b:87:60:18:06:0e:87:
                    f4:98:bb:ad:56:cc:38:41:54:e5:f6:c4:b8:f3:cb:
                    e1:48:e5:bd:c5:6a:62:76:25:87:e8:4a:b6:77:88:
                    86:25:9f:0d:48:bc:cd:50:e6:7e:1c:ee:4b:ff:e8:
                    65:97:47:f1:87:eb:bd:b3:8e:f6:ad:f0:bd:9f:51:
                    59:5a:56:2e:c2:f4:75:cb:80:b6:f4:e9:c1:b6:33:
                    13:93:91:0f:30:e8:2c:5b:d5:88:15:bb:98:06:64:
                    d2:bf:4c:04:f1:42:73:d8:63:76:aa:0d:7c:90:38:
                    c0:a2:4c:13:df:56:a2:b9:80:a3:71:b9:aa:37:a5:
                    af:b8:4f:a1:2c:b7:d2:12:0a:35:0d:87:bc:b4:96:
                    90:03:f1:5d:f5:66:e2:f4:86:57:d2:3b:cc:9d:6a:
                    34:91:6e:68:e4:cf:08:14:74:a7:e6:b4:e4:97:a4:
                    50:58:d6:54:07:7c:72:2e:1b:eb:29:f2:59:5d:16:
                    9a:dd:93:20:ba:90:09:d9:91:6f:76:dc:88:d0:e8:
                    2b:47:3a:93:fb:5d:f3:2c:68:d3:2f:68:ba:28:b1:
                    29:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:94:CC:31:6C:01:C8:DE:E1:A6:16:5B:D2:DB:FF:4C:4D:98:BE:8E
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/fJTMMWwByN7hphZb0tv_TE2Yvo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.102.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:12:e5:ab:49:f6:a9:78:50:cd:78:e3:99:91:77:08:5a:45:
         1a:0f:3a:d7:3c:21:5c:71:c1:87:cc:5c:4a:6f:04:37:ca:7c:
         1c:35:36:c4:5c:1f:26:79:83:95:68:00:41:b6:38:be:99:47:
         15:0e:07:ba:e1:1b:75:a1:c9:3e:1b:27:7f:26:63:7d:04:79:
         fb:6d:cb:76:b6:71:11:50:7b:d3:2d:f3:0e:bf:b3:09:51:d9:
         40:85:ed:65:a8:f7:4a:01:1c:c6:7d:8f:65:2f:ed:61:02:e4:
         22:93:b0:77:3d:27:7c:99:ae:d3:25:ab:1e:db:f0:1a:b5:b5:
         bb:3a:e5:c5:48:71:75:92:64:fa:07:23:97:dd:5b:d5:ce:85:
         53:7e:e2:94:16:a3:58:13:14:79:bd:d2:12:da:b5:87:fd:3c:
         9e:ca:23:ed:72:bc:9f:70:72:4b:53:4b:6a:4d:b5:68:92:af:
         98:aa:d9:0b:06:35:02:a1:6f:f8:26:84:06:a6:8f:2d:8c:47:
         c4:7f:d7:14:cf:3b:91:a5:87:ba:84:b6:f5:09:7e:cf:63:e9:
         dc:69:43:87:38:f4:13:c7:12:12:5a:72:77:7f:8c:34:90:57:
         dd:51:67:ab:b6:dd:38:0d:ec:54:14:5b:49:d0:e9:49:da:47:
         39:c7:7d:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoDQQF8AbrLRtnHMKVABg/xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjUxMDIwMjAxMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzk0Y2MzMTZjMDFjOGRlZTFhNjE2NWJkMmRiZmY0YzRkOThiZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkaZisMB3w+7QaqeKFSNbRjYT0Pe
Lsr1QbTcRoyuM+8ukNtSE1uHYBgGDof0mLutVsw4QVTl9sS488vhSOW9xWpidiWH
6Eq2d4iGJZ8NSLzNUOZ+HO5L/+hll0fxh+u9s472rfC9n1FZWlYuwvR1y4C29OnB
tjMTk5EPMOgsW9WIFbuYBmTSv0wE8UJz2GN2qg18kDjAokwT31aiuYCjcbmqN6Wv
uE+hLLfSEgo1DYe8tJaQA/Fd9Wbi9IZX0jvMnWo0kW5o5M8IFHSn5rTkl6RQWNZU
B3xyLhvrKfJZXRaa3ZMgupAJ2ZFvdtyI0OgrRzqT+13zLGjTL2i6KLEpvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHyUzDFsAcje4aYWW9Lb/0xNmL6OMB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEvZkpUTU1Xd0J5TjdocGhaYjB0dl9URTJZdm80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ2bnMA0G
CSqGSIb3DQEBCwUAA4IBAQBBEuWrSfapeFDNeOOZkXcIWkUaDzrXPCFcccGHzFxK
bwQ3ynwcNTbEXB8meYOVaABBtji+mUcVDge64Rt1ock+Gyd/JmN9BHn7bct2tnER
UHvTLfMOv7MJUdlAhe1lqPdKARzGfY9lL+1hAuQik7B3PSd8ma7TJase2/AatbW7
OuXFSHF1kmT6ByOX3VvVzoVTfuKUFqNYExR5vdIS2rWH/TyeyiPtcryfcHJLU0tq
TbVokq+YqtkLBjUCoW/4JoQGpo8tjEfEf9cUzzuRpYe6hLb1CX7PY+ncaUOHOPQT
xxISWnJ3f4w0kFfdUWertt04DexUFFtJ0OlJ2kc5x331
-----END CERTIFICATE-----