Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/61vkx5cTuJfy11SYBKGteIsk6XY.roa
File:                     61vkx5cTuJfy11SYBKGteIsk6XY.roa (raw, json)
Hash identifier:          lFnxD8tGbpkzJUZRzZ8NyJhhcL7VxznZnfZXWmDByYA=
Subject key identifier:   EB:5B:E4:C7:97:13:B8:97:F2:D7:54:98:04:A1:AD:78:8B:24:E9:76
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019D683FE423B83C041673C8F1FDE4ED7F72
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/61vkx5cTuJfy11SYBKGteIsk6XY.roa
Signing time:             Tue 07 Apr 2026 14:01:50 +0000
ROA not before:           Tue 07 Apr 2026 14:01:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200506
IP address blocks:        222.167.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:68:3f:e4:23:b8:3c:04:16:73:c8:f1:fd:e4:ed:7f:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Apr  7 14:01:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eb5be4c79713b897f2d7549804a1ad788b24e976
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:a6:b3:e0:95:b7:a8:ba:ee:48:f2:df:51:fd:
                    31:7a:f2:54:a1:1b:f9:f0:54:40:da:6e:df:4b:2c:
                    4b:f9:cc:88:c3:20:69:87:9a:ce:cc:0d:ed:66:7a:
                    e5:b4:20:2c:d0:64:68:ce:65:3f:a5:2f:8c:5a:cd:
                    ec:7c:b3:01:30:b1:51:67:a8:7b:ba:84:4f:eb:5e:
                    6f:1b:02:a6:1e:28:d3:2d:f1:cf:4a:30:a8:7f:06:
                    83:32:4e:43:ef:f5:c8:a5:f4:71:af:80:01:2b:5d:
                    45:62:c4:8c:34:16:e8:8e:6a:da:0b:9f:25:e1:db:
                    3c:90:f8:45:f0:09:66:08:77:b8:53:6e:4b:17:40:
                    71:fe:19:08:4e:8b:63:02:d3:d7:dd:a4:4a:0e:52:
                    3f:72:1a:03:f1:81:c3:c5:06:ab:23:e2:d1:e2:3f:
                    a1:3f:ec:85:6d:41:ee:ee:74:ff:b6:e0:c8:60:16:
                    2c:bc:85:c2:d3:a2:b7:e6:b5:e5:c9:93:60:25:04:
                    9b:e5:8b:a7:09:06:90:57:c6:dc:e0:e5:f1:d6:f7:
                    43:08:15:7b:a5:81:1e:ec:d3:a5:63:e7:85:6d:f0:
                    ba:b6:d5:1c:0c:1a:99:9c:f1:56:99:40:a0:19:bb:
                    27:94:1d:f7:89:56:76:0e:e1:71:59:ea:87:e9:46:
                    d0:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:5B:E4:C7:97:13:B8:97:F2:D7:54:98:04:A1:AD:78:8B:24:E9:76
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/61vkx5cTuJfy11SYBKGteIsk6XY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:32:58:53:e5:9e:f4:d3:2c:a1:16:d4:75:dd:95:46:ca:19:
         6a:af:ea:62:52:77:78:0e:ae:65:5d:9d:6b:f6:47:22:8c:6c:
         fc:71:32:28:88:d1:78:3a:41:b1:16:f2:02:65:e0:b3:32:d9:
         ec:8b:c8:b3:fa:73:8e:4e:5b:d1:73:94:07:53:52:af:f3:44:
         55:01:d4:73:67:00:d5:57:15:fa:71:9b:4d:11:2f:81:70:0b:
         7c:ea:70:18:d2:df:ec:10:7f:f8:ba:7b:13:85:17:4a:7a:f3:
         45:23:be:3d:cf:bd:12:f1:a6:77:3b:ef:ab:05:15:ab:d4:99:
         08:db:3b:c2:9a:69:3a:e7:bb:b0:45:52:15:f9:df:3f:ba:94:
         d5:e7:d0:01:42:10:bc:00:e1:d8:79:2b:59:9a:51:d0:08:e9:
         ee:64:2f:8d:8e:67:64:df:f9:05:9b:d9:6f:e3:47:88:ea:7e:
         3c:63:ab:d2:e0:4a:e7:b8:d9:ee:5e:9c:70:2c:b8:08:9c:cb:
         3d:59:d4:b4:f0:7b:5e:fd:d0:8d:37:90:5f:5e:42:77:20:2b:
         32:a6:5a:51:3f:56:72:d5:ee:17:1c:3d:b8:27:57:90:22:37:
         7d:41:0e:5d:08:cb:1b:f7:a0:65:4d:77:4f:11:8d:13:03:ff:
         5b:7c:5e:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1oP+QjuDwEFnPI8f3k7X9yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNDA3MTQwMTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjViZTRjNzk3MTNiODk3ZjJkNzU0OTgwNGExYWQ3ODhiMjRlOTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4aaz4JW3qLruSPLfUf0xevJUoRv5
8FRA2m7fSyxL+cyIwyBph5rOzA3tZnrltCAs0GRozmU/pS+MWs3sfLMBMLFRZ6h7
uoRP615vGwKmHijTLfHPSjCofwaDMk5D7/XIpfRxr4ABK11FYsSMNBbojmraC58l
4ds8kPhF8AlmCHe4U25LF0Bx/hkITotjAtPX3aRKDlI/choD8YHDxQarI+LR4j+h
P+yFbUHu7nT/tuDIYBYsvIXC06K35rXlyZNgJQSb5YunCQaQV8bc4OXx1vdDCBV7
pYEe7NOlY+eFbfC6ttUcDBqZnPFWmUCgGbsnlB33iVZ2DuFxWeqH6UbQFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOtb5MeXE7iX8tdUmAShrXiLJOl2MB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvNjF2a3g1Y1R1SmZ5MTFTWUJLR3RlSXNrNlhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3qfDMA0G
CSqGSIb3DQEBCwUAA4IBAQA8MlhT5Z700yyhFtR13ZVGyhlqr+piUnd4Dq5lXZ1r
9kcijGz8cTIoiNF4OkGxFvICZeCzMtnsi8iz+nOOTlvRc5QHU1Kv80RVAdRzZwDV
VxX6cZtNES+BcAt86nAY0t/sEH/4unsThRdKevNFI749z70S8aZ3O++rBRWr1JkI
2zvCmmk657uwRVIV+d8/upTV59ABQhC8AOHYeStZmlHQCOnuZC+Njmdk3/kFm9lv
40eI6n48Y6vS4ErnuNnuXpxwLLgInMs9WdS08Hte/dCNN5BfXkJ3ICsyplpRP1Zy
1e4XHD24J1eQIjd9QQ5dCMsb96BlTXdPEY0TA/9bfF7u
-----END CERTIFICATE-----