Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/J84D708JiRdF1Cj0OhAXFyT-dDw.roa
File:                     J84D708JiRdF1Cj0OhAXFyT-dDw.roa (raw, json)
Hash identifier:          h5yfNRw8lKCbHsVms6lwRL8YMmiaidYr9RU7tr43vl0=
Subject key identifier:   27:CE:03:EF:4F:09:89:17:45:D4:28:F4:3A:10:17:17:24:FE:74:3C
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019E80681F68FBC1611AA778B6AEA61B5070
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/J84D708JiRdF1Cj0OhAXFyT-dDw.roa
Signing time:             Sun 31 May 2026 23:39:27 +0000
ROA not before:           Sun 31 May 2026 23:39:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197234
IP address blocks:        222.167.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:80:68:1f:68:fb:c1:61:1a:a7:78:b6:ae:a6:1b:50:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: May 31 23:39:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=27ce03ef4f09891745d428f43a10171724fe743c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7a:3f:73:67:1b:41:58:e5:32:47:5a:a2:62:
                    e5:42:ab:e0:c4:32:9c:da:49:9e:c1:6c:0a:9b:15:
                    50:63:df:4a:dc:ee:6b:ee:66:b7:93:31:a2:81:54:
                    ad:7b:85:10:ab:68:6b:e0:c5:45:86:59:45:b2:3f:
                    44:76:55:40:ca:5b:f3:4d:25:0c:a3:bb:1c:82:07:
                    8d:53:28:86:4b:63:2f:48:6a:64:ec:1c:fd:4f:cd:
                    54:f1:96:8c:e8:e1:97:88:d6:3b:4a:05:04:71:5a:
                    ee:24:d9:7c:c5:fc:b3:0f:ed:6a:5c:3f:ca:f0:65:
                    f2:07:1f:e6:d1:45:fe:58:12:8b:db:de:28:e8:bf:
                    43:45:eb:74:fa:3d:d1:00:47:2f:a2:ff:3f:f6:01:
                    84:3a:52:63:e4:2a:a5:0e:84:de:5b:df:ca:fd:ef:
                    c1:98:74:49:c6:52:e0:d3:fc:4c:02:ed:a1:a2:dd:
                    1c:f8:c2:dc:1f:b0:69:10:ab:90:64:81:f7:73:ed:
                    1c:2f:c7:80:b6:ff:01:90:f5:95:b7:c7:34:5c:a9:
                    37:e8:45:2b:ec:e7:07:39:a2:a5:1e:6d:fe:ab:d4:
                    a3:24:4f:b8:df:18:d4:84:e1:3b:b7:b1:d7:5e:a0:
                    f4:14:d2:61:3b:f2:3d:03:ed:e9:11:ed:5b:5e:bf:
                    c7:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:CE:03:EF:4F:09:89:17:45:D4:28:F4:3A:10:17:17:24:FE:74:3C
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/J84D708JiRdF1Cj0OhAXFyT-dDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:09:b8:61:11:92:86:6d:54:26:e8:8c:32:13:61:9a:98:70:
         2b:86:e0:db:4f:19:2b:ed:9c:23:d1:95:ff:3c:46:fe:b1:7c:
         24:0a:ca:44:ef:a3:9c:08:24:2c:fa:2b:a7:6a:36:1b:74:d3:
         8e:79:34:12:77:69:45:a8:a4:bb:97:d9:c7:1d:f9:03:52:65:
         3a:f4:c4:46:93:77:b3:c5:f1:c6:34:f8:4d:a5:71:7e:15:08:
         8c:8b:44:1c:ee:71:27:8d:98:80:d8:af:8b:be:38:f6:bd:09:
         5f:e1:7b:3b:49:78:4e:81:47:5a:f4:5b:46:a9:fc:aa:94:bc:
         b5:54:28:7f:ac:ac:a1:15:ab:eb:ef:8d:94:33:6d:ea:b4:49:
         39:61:82:7b:40:a4:9f:c8:91:f9:18:50:eb:79:b5:90:2f:28:
         cf:ac:ba:86:10:bc:88:6a:95:7b:ed:45:2e:ef:3c:f9:e1:fa:
         ac:c1:ec:5e:7a:36:ad:94:21:2f:77:cf:c6:0a:3e:39:f5:99:
         96:25:3f:bd:a7:e2:2d:b4:b3:77:82:cc:0a:ba:09:ca:93:b3:
         6a:e0:78:8e:ec:26:89:ac:78:22:ed:86:60:ca:2a:29:3e:c2:
         d9:99:f1:fd:8a:3d:6c:f1:6f:39:b3:da:db:ce:2f:a5:26:cd:
         6d:fc:a1:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6AaB9o+8FhGqd4tq6mG1BwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNTMxMjMzOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2NlMDNlZjRmMDk4OTE3NDVkNDI4ZjQzYTEwMTcxNzI0ZmU3NDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3o/c2cbQVjlMkdaomLlQqvgxDKc
2kmewWwKmxVQY99K3O5r7ma3kzGigVSte4UQq2hr4MVFhllFsj9EdlVAylvzTSUM
o7scggeNUyiGS2MvSGpk7Bz9T81U8ZaM6OGXiNY7SgUEcVruJNl8xfyzD+1qXD/K
8GXyBx/m0UX+WBKL294o6L9DRet0+j3RAEcvov8/9gGEOlJj5CqlDoTeW9/K/e/B
mHRJxlLg0/xMAu2hot0c+MLcH7BpEKuQZIH3c+0cL8eAtv8BkPWVt8c0XKk36EUr
7OcHOaKlHm3+q9SjJE+43xjUhOE7t7HXXqD0FNJhO/I9A+3pEe1bXr/HhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfOA+9PCYkXRdQo9DoQFxck/nQ8MB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvSjg0RDcwOEppUmRGMUNqME9oQVhGeVQtZER3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3qfEMA0G
CSqGSIb3DQEBCwUAA4IBAQCWCbhhEZKGbVQm6IwyE2GamHArhuDbTxkr7Zwj0ZX/
PEb+sXwkCspE76OcCCQs+iunajYbdNOOeTQSd2lFqKS7l9nHHfkDUmU69MRGk3ez
xfHGNPhNpXF+FQiMi0Qc7nEnjZiA2K+Lvjj2vQlf4Xs7SXhOgUda9FtGqfyqlLy1
VCh/rKyhFavr742UM23qtEk5YYJ7QKSfyJH5GFDrebWQLyjPrLqGELyIapV77UUu
7zz54fqswexeejatlCEvd8/GCj459ZmWJT+9p+IttLN3gswKugnKk7Nq4HiO7CaJ
rHgi7YZgyiopPsLZmfH9ij1s8W85s9rbzi+lJs1t/KGg
-----END CERTIFICATE-----