Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/Nd9KOFXDH4nonVF3CLoZj0Hyts8.roa
File:                     Nd9KOFXDH4nonVF3CLoZj0Hyts8.roa (raw, json)
Hash identifier:          cGMmKZgE701PzM2RG0kAHzIsPSvLqz8JKOXln6VOjQk=
Subject key identifier:   35:DF:4A:38:55:C3:1F:89:E8:9D:51:77:08:BA:19:8F:41:F2:B6:CF
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019E64D0F72CF1783FBCACEFE4348C87740E
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/Nd9KOFXDH4nonVF3CLoZj0Hyts8.roa
Signing time:             Tue 26 May 2026 15:04:36 +0000
ROA not before:           Tue 26 May 2026 15:04:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199915
IP address blocks:        116.204.164.0/24 maxlen: 24
                          222.167.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:64:d0:f7:2c:f1:78:3f:bc:ac:ef:e4:34:8c:87:74:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: May 26 15:04:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35df4a3855c31f89e89d517708ba198f41f2b6cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e3:51:29:10:e4:4a:98:f6:c4:54:2b:71:eb:
                    31:ae:50:49:65:90:da:0e:8b:22:47:c0:d0:a5:88:
                    d4:a4:1e:87:c4:15:0e:92:f5:e3:37:a8:77:a0:2e:
                    d3:2b:21:97:de:48:ad:6d:7e:97:b1:78:a5:6b:62:
                    78:36:27:db:b9:c8:66:13:4e:2b:0a:dc:c4:67:02:
                    ba:06:f6:d0:b1:af:0f:e1:21:a6:96:95:9f:0f:cb:
                    08:83:ff:e1:6e:ca:06:ee:84:61:a4:cc:cc:e3:21:
                    86:5a:c1:93:2b:63:13:f7:e9:1f:26:63:6c:fd:40:
                    d8:3a:1b:ea:25:9e:aa:98:af:38:ca:6a:80:75:04:
                    89:45:8f:ea:78:2d:d3:b7:4c:23:02:d0:62:e1:66:
                    9d:e5:46:a6:5f:f0:9c:0b:e2:05:ab:6f:2b:33:05:
                    3b:e9:0e:97:99:d3:4e:47:f7:0e:38:09:49:c3:86:
                    df:89:70:75:ca:ff:1d:14:bd:ee:72:08:00:87:10:
                    8d:a1:5e:ab:67:ad:db:89:97:39:5b:94:0e:03:5a:
                    05:75:d8:d5:41:56:9e:66:01:cf:62:2c:c3:da:54:
                    62:31:0e:2a:fb:0b:fa:20:1e:d8:43:ce:63:62:2a:
                    d5:8d:46:d1:66:09:67:8e:01:c0:d0:86:11:ff:ae:
                    6a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:DF:4A:38:55:C3:1F:89:E8:9D:51:77:08:BA:19:8F:41:F2:B6:CF
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/Nd9KOFXDH4nonVF3CLoZj0Hyts8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.204.164.0/24
                  222.167.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:8e:73:0f:f4:12:68:3c:7f:fe:94:19:78:1b:99:09:c8:11:
         c5:a5:71:41:ba:52:03:46:36:77:ff:f4:03:94:13:c0:49:b9:
         e4:c0:a4:86:2c:5a:58:03:d4:64:75:92:4e:76:ab:ad:de:bb:
         22:f9:74:d1:62:46:ca:f5:0e:8b:0b:f5:eb:9e:ea:8e:5e:59:
         08:49:58:bd:cd:ec:bc:ed:d7:f5:be:43:3f:f5:8e:f8:dc:c0:
         d0:2a:86:f5:72:ae:ec:b8:49:96:1c:28:a7:6c:98:58:a8:77:
         bc:bf:d9:d0:2b:8c:52:9a:0d:4b:0b:fe:90:17:72:33:db:0e:
         d3:2a:52:f9:2c:94:c0:e8:e9:23:18:74:51:29:f7:d3:38:a5:
         3f:a8:66:92:9d:30:47:3f:89:f2:f3:e4:91:39:3f:51:25:00:
         db:71:fa:37:e4:ad:f9:dd:42:43:47:c7:f9:d2:5b:2e:c8:32:
         fb:82:a7:1d:74:0a:21:29:bc:87:c6:e0:b9:e8:dc:0e:ba:1e:
         e0:9c:3c:b5:de:50:13:59:89:49:84:3a:0c:31:53:2b:68:2e:
         df:29:63:61:96:37:60:bf:eb:97:c4:7f:3d:b3:96:3b:fc:69:
         1d:62:de:5b:4d:f4:b2:40:27:55:a3:29:bd:26:5a:e5:5f:dc:
         70:17:ca:86
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5k0Pcs8Xg/vKzv5DSMh3QOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNTI2MTUwNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWRmNGEzODU1YzMxZjg5ZTg5ZDUxNzcwOGJhMTk4ZjQxZjJiNmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2eNRKRDkSpj2xFQrcesxrlBJZZDa
DosiR8DQpYjUpB6HxBUOkvXjN6h3oC7TKyGX3kitbX6XsXila2J4NifbuchmE04r
CtzEZwK6BvbQsa8P4SGmlpWfD8sIg//hbsoG7oRhpMzM4yGGWsGTK2MT9+kfJmNs
/UDYOhvqJZ6qmK84ymqAdQSJRY/qeC3Tt0wjAtBi4Wad5UamX/CcC+IFq28rMwU7
6Q6XmdNOR/cOOAlJw4bfiXB1yv8dFL3ucggAhxCNoV6rZ63biZc5W5QOA1oFddjV
QVaeZgHPYizD2lRiMQ4q+wv6IB7YQ85jYirVjUbRZglnjgHA0IYR/65qXQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDXfSjhVwx+J6J1Rdwi6GY9B8rbPMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvTmQ5S09GWERING5vblZGM0NMb1pqMEh5dHM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAdMykAwQA
3qfKMA0GCSqGSIb3DQEBCwUAA4IBAQCqjnMP9BJoPH/+lBl4G5kJyBHFpXFBulID
RjZ3//QDlBPASbnkwKSGLFpYA9RkdZJOdqut3rsi+XTRYkbK9Q6LC/XrnuqOXlkI
SVi9zey87df1vkM/9Y743MDQKob1cq7suEmWHCinbJhYqHe8v9nQK4xSmg1LC/6Q
F3Iz2w7TKlL5LJTA6OkjGHRRKffTOKU/qGaSnTBHP4ny8+SROT9RJQDbcfo35K35
3UJDR8f50lsuyDL7gqcddAohKbyHxuC56NwOuh7gnDy13lATWYlJhDoMMVMraC7f
KWNhljdgv+uXxH89s5Y7/GkdYt5bTfSyQCdVoym9JlrlX9xwF8qG
-----END CERTIFICATE-----