Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/cuZj8eYZctJvbxdMgAXJDVanMaQ.roa
File:                     cuZj8eYZctJvbxdMgAXJDVanMaQ.roa (raw, json)
Hash identifier:          RPSnYZMixt6Uuo3FTDTuvO1zf/RtU59/JgKhacEXRt4=
Subject key identifier:   72:E6:63:F1:E6:19:72:D2:6F:6F:17:4C:80:05:C9:0D:56:A7:31:A4
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019E80681EE05A8381302821A29D72415F3B
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/cuZj8eYZctJvbxdMgAXJDVanMaQ.roa
Signing time:             Sun 31 May 2026 23:39:27 +0000
ROA not before:           Sun 31 May 2026 23:39:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197223
IP address blocks:        222.167.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:80:68:1e:e0:5a:83:81:30:28:21:a2:9d:72:41:5f:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: May 31 23:39:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=72e663f1e61972d26f6f174c8005c90d56a731a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:84:3c:81:4e:2c:a1:53:e4:da:75:20:7b:cb:
                    7e:1d:e6:60:7d:9a:40:06:5e:72:01:8b:eb:56:d5:
                    34:aa:c8:b3:83:17:87:35:ce:33:f3:e5:f4:b6:0d:
                    c3:48:af:4b:36:85:4b:b3:ab:a7:06:04:00:d8:9c:
                    d1:1f:00:8f:6f:fa:c9:0f:d0:68:77:2f:c3:9c:d1:
                    04:b2:78:ee:31:ea:f6:90:a3:7d:06:6f:09:e3:4d:
                    93:0e:27:40:fa:72:84:0f:9e:70:38:61:09:9a:1d:
                    df:58:4d:e9:3d:83:5f:cf:a8:a1:15:cc:36:03:de:
                    e8:79:fd:80:30:be:78:7c:9c:10:9b:58:45:11:4e:
                    28:22:f3:fc:4a:f9:0b:8b:9f:e7:8c:82:1a:40:8a:
                    38:84:c2:dc:3e:d3:4a:d2:76:d1:b1:91:fe:7d:47:
                    f9:72:26:f9:fa:95:d5:87:df:5d:d6:f0:06:6f:ce:
                    3e:4c:0f:5c:09:97:73:20:0e:1e:1a:38:b8:1e:c7:
                    b1:b4:4a:5c:7c:46:e8:85:86:db:d7:06:0d:31:fe:
                    47:e0:63:1d:2d:bc:d9:40:32:67:b6:e9:42:e5:77:
                    5b:58:e2:76:71:81:08:ec:9a:71:d9:70:00:7d:0e:
                    51:54:bf:5b:d3:e2:1d:02:3a:12:98:2e:d2:78:2e:
                    fb:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:E6:63:F1:E6:19:72:D2:6F:6F:17:4C:80:05:C9:0D:56:A7:31:A4
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/cuZj8eYZctJvbxdMgAXJDVanMaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:c4:73:3a:ad:0f:ad:fa:7b:72:e1:77:09:b4:ef:1e:45:3d:
         ff:83:39:88:7d:f9:a8:97:0b:18:e5:ff:a4:28:40:39:94:62:
         ed:b1:ad:04:1d:17:57:08:a5:97:eb:c2:f9:29:56:03:d6:c5:
         ca:42:64:f8:e9:ce:fa:be:18:5d:ee:5f:3b:3d:0c:0b:9e:d8:
         bf:11:24:33:da:aa:15:30:fc:d7:b9:03:ca:ec:be:e6:cb:0b:
         01:a1:3b:0a:6e:13:01:76:04:d2:ee:e7:c7:be:e8:8d:26:6c:
         ef:bc:c2:f2:e0:8a:c5:60:57:8b:e5:c7:3a:f8:81:92:8e:64:
         5f:ba:c9:52:ab:d5:7a:ac:31:0e:4b:de:0d:e5:01:89:27:5f:
         5a:3d:17:37:f4:20:6f:f2:8b:e6:a9:8e:c5:42:3d:46:21:12:
         3d:a3:92:ee:2b:68:67:1d:24:47:70:16:2a:fe:bb:89:c1:05:
         e3:e9:85:2e:e5:43:24:05:e4:5c:91:52:13:b3:e4:7b:ba:fa:
         5d:0a:05:53:64:45:17:cc:f6:b4:d6:b2:3a:9c:a6:2f:00:a1:
         b5:63:2b:f3:89:6d:c2:38:75:a2:91:42:5c:3e:5f:e1:0c:56:
         a6:91:f5:77:f9:0f:65:7f:e9:26:89:5b:4d:66:1d:f1:f3:a1:
         19:47:bd:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6AaB7gWoOBMCghop1yQV87MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNTMxMjMzOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmU2NjNmMWU2MTk3MmQyNmY2ZjE3NGM4MDA1YzkwZDU2YTczMWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooQ8gU4soVPk2nUge8t+HeZgfZpA
Bl5yAYvrVtU0qsizgxeHNc4z8+X0tg3DSK9LNoVLs6unBgQA2JzRHwCPb/rJD9Bo
dy/DnNEEsnjuMer2kKN9Bm8J402TDidA+nKED55wOGEJmh3fWE3pPYNfz6ihFcw2
A97oef2AML54fJwQm1hFEU4oIvP8SvkLi5/njIIaQIo4hMLcPtNK0nbRsZH+fUf5
cib5+pXVh99d1vAGb84+TA9cCZdzIA4eGji4HsextEpcfEbohYbb1wYNMf5H4GMd
LbzZQDJntulC5XdbWOJ2cYEI7Jpx2XAAfQ5RVL9b0+IdAjoSmC7SeC77rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHLmY/HmGXLSb28XTIAFyQ1WpzGkMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvY3VaajhlWVpjdEp2YnhkTWdBWEpEVmFuTWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3qf9MA0G
CSqGSIb3DQEBCwUAA4IBAQArxHM6rQ+t+nty4XcJtO8eRT3/gzmIffmolwsY5f+k
KEA5lGLtsa0EHRdXCKWX68L5KVYD1sXKQmT46c76vhhd7l87PQwLnti/ESQz2qoV
MPzXuQPK7L7mywsBoTsKbhMBdgTS7ufHvuiNJmzvvMLy4IrFYFeL5cc6+IGSjmRf
uslSq9V6rDEOS94N5QGJJ19aPRc39CBv8ovmqY7FQj1GIRI9o5LuK2hnHSRHcBYq
/ruJwQXj6YUu5UMkBeRckVITs+R7uvpdCgVTZEUXzPa01rI6nKYvAKG1YyvziW3C
OHWikUJcPl/hDFamkfV3+Q9lf+kmiVtNZh3x86EZR701
-----END CERTIFICATE-----