Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/a49ed1-42d2-4306-99aa-05b89ef992df/1/sJ-_Jswaoq22XpYWMBXCNUf0ooQ.roa
File:                     sJ-_Jswaoq22XpYWMBXCNUf0ooQ.roa (raw, json)
Hash identifier:          XUjTFcYk7iuRwGLtHc2xalVLS5lHNB0fofvZ8DgQ5GE=
Subject key identifier:   B0:9F:BF:26:CC:1A:A2:AD:B6:5E:96:16:30:15:C2:35:47:F4:A2:84
Certificate issuer:       /CN=150a373493a10acbaf31fdf445617a62c4d46fcf
Certificate serial:       019D5324FC131BC6D12831EE72B44C171653
Authority key identifier: 15:0A:37:34:93:A1:0A:CB:AF:31:FD:F4:45:61:7A:62:C4:D4:6F:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FQo3NJOhCsuvMf30RWF6YsTUb88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/a49ed1-42d2-4306-99aa-05b89ef992df/1/sJ-_Jswaoq22XpYWMBXCNUf0ooQ.roa
Signing time:             Fri 03 Apr 2026 11:40:25 +0000
ROA not before:           Fri 03 Apr 2026 11:40:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208677
IP address blocks:        131.222.134.0/23 maxlen: 23
                          131.222.134.0/24 maxlen: 24
                          131.222.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/a49ed1-42d2-4306-99aa-05b89ef992df/1/FQo3NJOhCsuvMf30RWF6YsTUb88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/a49ed1-42d2-4306-99aa-05b89ef992df/1/FQo3NJOhCsuvMf30RWF6YsTUb88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FQo3NJOhCsuvMf30RWF6YsTUb88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:53:24:fc:13:1b:c6:d1:28:31:ee:72:b4:4c:17:16:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=150a373493a10acbaf31fdf445617a62c4d46fcf
        Validity
            Not Before: Apr  3 11:40:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b09fbf26cc1aa2adb65e96163015c23547f4a284
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:cc:1b:cf:39:76:e1:a2:3c:78:db:71:3f:14:
                    80:3c:56:0c:c7:c9:36:0c:c9:89:eb:6d:06:e3:a3:
                    5a:bb:3b:8c:11:a0:f2:62:8c:b1:b6:0a:18:c7:ce:
                    1e:c2:d7:f3:9f:86:0a:85:57:ef:4d:88:03:f8:f1:
                    92:6f:a8:3a:09:5b:31:4d:59:bd:93:7d:32:67:71:
                    fa:80:2f:34:d1:1d:9b:c6:34:e9:f0:9b:fc:37:28:
                    91:8e:ed:a9:e6:2a:6d:0a:0f:16:49:c0:4e:fb:bf:
                    5e:35:68:f1:ea:16:0e:cc:0e:0a:07:cf:b6:33:6a:
                    56:fa:dd:58:38:85:54:3f:67:35:e1:75:5c:c8:c1:
                    98:1a:ff:52:3e:6c:52:43:63:af:5c:e1:e1:dc:99:
                    0e:6e:86:a9:4d:57:7d:ae:37:4f:b1:8f:8e:58:5f:
                    ac:2c:6f:75:f1:6f:8a:cb:20:ec:2c:50:8d:ec:ca:
                    22:94:f6:da:9e:c3:1c:79:02:3e:f0:e9:c4:ae:c8:
                    12:e4:2e:04:1c:f3:1b:68:be:48:a8:e0:62:c9:65:
                    c7:83:e4:c8:32:9e:33:c2:00:04:cb:21:53:ab:a0:
                    ce:6f:a3:65:94:6c:16:7c:23:98:c9:ad:f3:ed:a7:
                    db:ce:c7:45:d4:83:69:cf:9f:65:75:93:83:06:53:
                    0f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:9F:BF:26:CC:1A:A2:AD:B6:5E:96:16:30:15:C2:35:47:F4:A2:84
            X509v3 Authority Key Identifier:
                keyid:15:0A:37:34:93:A1:0A:CB:AF:31:FD:F4:45:61:7A:62:C4:D4:6F:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FQo3NJOhCsuvMf30RWF6YsTUb88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a49ed1-42d2-4306-99aa-05b89ef992df/1/sJ-_Jswaoq22XpYWMBXCNUf0ooQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a49ed1-42d2-4306-99aa-05b89ef992df/1/FQo3NJOhCsuvMf30RWF6YsTUb88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.222.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:ec:4f:54:ad:85:83:02:3b:24:8c:e1:f8:ae:dd:3f:86:1a:
         71:32:ae:de:ff:08:40:ba:f8:a9:c9:90:75:4b:b0:b5:0d:f2:
         89:f4:94:c1:5f:42:1d:e0:08:7f:e1:3f:95:38:4c:dd:1f:06:
         75:1c:da:37:9e:e9:7e:eb:57:fa:f9:94:26:a6:35:00:16:56:
         e8:e1:4f:98:ac:fe:89:31:b8:79:99:64:4a:32:85:3d:9f:69:
         2f:71:83:52:42:96:e2:6d:ca:ec:11:f2:bd:43:d4:e6:4f:cc:
         62:e3:32:6e:9e:7e:05:1a:58:c2:8f:87:22:01:81:30:b1:ea:
         33:7c:b1:5a:9b:99:49:25:88:81:96:53:7e:23:73:8f:dd:12:
         d1:f9:99:9c:d6:ce:1b:8c:04:4e:5b:79:85:32:47:07:38:be:
         1c:c8:94:dc:4b:e1:74:a8:3a:9c:bf:6c:e7:3b:18:0a:65:4e:
         3b:f9:b8:9e:7e:c2:84:08:e8:5b:6d:f7:1b:e6:65:df:25:5b:
         f7:d7:09:68:fd:37:33:58:53:02:ac:17:b0:51:13:c3:05:9d:
         b2:f8:7f:72:f7:62:ae:de:13:be:b9:83:54:54:74:e5:da:98:
         78:82:af:cf:86:1b:ed:93:07:7e:65:fa:fa:26:75:d2:51:25:
         98:1d:13:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1TJPwTG8bRKDHucrRMFxZTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MGEzNzM0OTNhMTBhY2JhZjMxZmRmNDQ1NjE3YTYyYzRk
NDZmY2YwHhcNMjYwNDAzMTE0MDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDlmYmYyNmNjMWFhMmFkYjY1ZTk2MTYzMDE1YzIzNTQ3ZjRhMjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8wbzzl24aI8eNtxPxSAPFYMx8k2
DMmJ620G46NauzuMEaDyYoyxtgoYx84ewtfzn4YKhVfvTYgD+PGSb6g6CVsxTVm9
k30yZ3H6gC800R2bxjTp8Jv8NyiRju2p5iptCg8WScBO+79eNWjx6hYOzA4KB8+2
M2pW+t1YOIVUP2c14XVcyMGYGv9SPmxSQ2OvXOHh3JkOboapTVd9rjdPsY+OWF+s
LG918W+KyyDsLFCN7MoilPbansMceQI+8OnErsgS5C4EHPMbaL5IqOBiyWXHg+TI
Mp4zwgAEyyFTq6DOb6NllGwWfCOYya3z7afbzsdF1INpz59ldZODBlMPSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLCfvybMGqKttl6WFjAVwjVH9KKEMB8GA1UdIwQY
MBaAFBUKNzSToQrLrzH99EVhemLE1G/PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlFvM05KT2hDc3V2TWYzMFJXRjZZc1RVYjg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9hNDllZDEtNDJkMi00MzA2LTk5YWEt
MDViODllZjk5MmRmLzEvc0otX0pzd2FvcTIyWHBZV01CWENOVWYwb29RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9hNDllZDEtNDJkMi00MzA2LTk5YWEtMDViODllZjk5MmRm
LzEvRlFvM05KT2hDc3V2TWYzMFJXRjZZc1RVYjg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBg96GMA0G
CSqGSIb3DQEBCwUAA4IBAQAy7E9UrYWDAjskjOH4rt0/hhpxMq7e/whAuvipyZB1
S7C1DfKJ9JTBX0Id4Ah/4T+VOEzdHwZ1HNo3nul+61f6+ZQmpjUAFlbo4U+YrP6J
Mbh5mWRKMoU9n2kvcYNSQpbibcrsEfK9Q9TmT8xi4zJunn4FGljCj4ciAYEwseoz
fLFam5lJJYiBllN+I3OP3RLR+Zmc1s4bjAROW3mFMkcHOL4cyJTcS+F0qDqcv2zn
OxgKZU47+biefsKECOhbbfcb5mXfJVv31wlo/TczWFMCrBewURPDBZ2y+H9y92Ku
3hO+uYNUVHTl2ph4gq/Phhvtkwd+Zfr6JnXSUSWYHRNj
-----END CERTIFICATE-----