Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/hrzUT60RppU12sijbO5nUnIsLDE.roa
File:                     hrzUT60RppU12sijbO5nUnIsLDE.roa (raw, json)
Hash identifier:          +JirVR+wIPZ5lVwuA3SZmdQkTSTYsXEklEIVJFUFJXU=
Subject key identifier:   86:BC:D4:4F:AD:11:A6:95:35:DA:C8:A3:6C:EE:67:52:72:2C:2C:31
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019C85BF848DDFE521F45DCF0AA458C74B2B
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/hrzUT60RppU12sijbO5nUnIsLDE.roa
Signing time:             Sun 22 Feb 2026 14:27:26 +0000
ROA not before:           Sun 22 Feb 2026 14:27:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210814
IP address blocks:        222.167.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 17:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:85:bf:84:8d:df:e5:21:f4:5d:cf:0a:a4:58:c7:4b:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Feb 22 14:27:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86bcd44fad11a69535dac8a36cee6752722c2c31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:85:f2:14:58:fd:25:f8:7b:d3:7b:ba:85:99:
                    c5:07:7b:6d:d7:56:f3:49:ac:2f:ec:79:67:2f:0e:
                    91:fc:3e:e7:46:78:7f:2b:20:37:d8:fd:ce:11:cc:
                    2b:68:9d:e1:a6:89:29:0c:82:d2:1f:73:28:46:27:
                    39:2e:d2:36:8a:a5:b6:38:a3:ed:49:fa:f0:94:42:
                    25:44:ff:91:9d:21:d2:0a:3b:c6:7b:82:38:4d:36:
                    fb:bb:7c:46:34:41:05:19:33:84:78:31:2d:88:c4:
                    bf:56:ae:a3:72:f0:c1:a8:31:d9:0d:e4:08:99:18:
                    56:8f:64:a6:4b:0c:f6:26:fe:6c:cb:d1:56:8a:8a:
                    08:03:08:62:e3:d7:d4:e9:8e:c1:0b:ba:51:7e:15:
                    9b:f9:4c:d9:98:c4:75:a3:41:4a:e5:0e:4a:39:7a:
                    9f:11:06:54:67:cd:cf:31:df:01:f7:6f:3a:46:c6:
                    3f:39:e3:84:d8:40:ab:38:49:c0:a0:76:cf:af:a2:
                    7e:00:77:df:de:5f:80:7c:a5:fd:d2:eb:f7:98:dd:
                    e0:29:11:fb:4a:50:17:88:fa:0a:d1:83:a2:4c:b6:
                    eb:05:4c:50:12:d5:d0:8d:20:ec:ed:74:f5:a8:d5:
                    d1:76:db:ea:89:7d:2c:09:45:8f:60:ed:b4:d0:d0:
                    cd:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:BC:D4:4F:AD:11:A6:95:35:DA:C8:A3:6C:EE:67:52:72:2C:2C:31
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/hrzUT60RppU12sijbO5nUnIsLDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:80:f3:bf:4e:0c:e1:1d:3c:ae:1a:f2:43:17:ae:3d:28:18:
         e1:a4:e7:9e:19:a0:a7:4e:1c:bb:28:56:a1:5a:f0:3c:1b:d2:
         00:b0:ad:89:43:35:68:b2:04:3b:b9:99:83:16:b1:43:f3:e4:
         6f:76:9e:bd:e1:8d:ff:d0:16:af:d0:21:0f:ea:eb:94:7d:f3:
         c3:87:42:f5:51:28:4a:ae:be:c0:00:41:53:8f:4c:08:86:0a:
         52:a8:33:30:e3:92:39:a1:8e:85:12:1b:02:22:e6:dd:e0:36:
         35:96:6d:c1:67:4b:63:46:98:ce:cb:a3:1f:3f:db:8b:59:53:
         7a:6a:84:04:ee:a0:fb:bc:e6:a5:4e:0b:c8:7e:4c:6a:de:99:
         52:f2:8e:e0:e3:03:bb:83:50:d1:b2:ba:18:9b:1f:8a:42:c4:
         ff:37:11:d9:a1:ba:e2:aa:c8:22:d5:38:08:c9:eb:e3:02:b6:
         77:0e:c6:92:6c:4f:c5:57:f1:3d:09:97:70:a4:a3:9e:ea:98:
         e8:81:cb:7b:09:65:11:c2:aa:c4:8f:47:c0:2e:80:3f:b8:1c:
         b1:d2:08:c5:03:c8:42:6f:ba:f8:8e:07:89:33:4f:95:38:76:
         12:88:67:b0:ed:09:9e:f9:b1:91:6a:59:d5:cd:fd:16:4a:28:
         39:94:7e:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyFv4SN3+Uh9F3PCqRYx0srMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMjIyMTQyNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmJjZDQ0ZmFkMTFhNjk1MzVkYWM4YTM2Y2VlNjc1MjcyMmMyYzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4XyFFj9Jfh703u6hZnFB3tt11bz
Sawv7HlnLw6R/D7nRnh/KyA32P3OEcwraJ3hpokpDILSH3MoRic5LtI2iqW2OKPt
SfrwlEIlRP+RnSHSCjvGe4I4TTb7u3xGNEEFGTOEeDEtiMS/Vq6jcvDBqDHZDeQI
mRhWj2SmSwz2Jv5sy9FWiooIAwhi49fU6Y7BC7pRfhWb+UzZmMR1o0FK5Q5KOXqf
EQZUZ83PMd8B9286RsY/OeOE2ECrOEnAoHbPr6J+AHff3l+AfKX90uv3mN3gKRH7
SlAXiPoK0YOiTLbrBUxQEtXQjSDs7XT1qNXRdtvqiX0sCUWPYO200NDNMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIa81E+tEaaVNdrIo2zuZ1JyLCwxMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvaHJ6VVQ2MFJwcFUxMnNpamJPNW5VbklzTERFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3qfeMA0G
CSqGSIb3DQEBCwUAA4IBAQCmgPO/TgzhHTyuGvJDF649KBjhpOeeGaCnThy7KFah
WvA8G9IAsK2JQzVosgQ7uZmDFrFD8+Rvdp694Y3/0Bav0CEP6uuUffPDh0L1UShK
rr7AAEFTj0wIhgpSqDMw45I5oY6FEhsCIubd4DY1lm3BZ0tjRpjOy6MfP9uLWVN6
aoQE7qD7vOalTgvIfkxq3plS8o7g4wO7g1DRsroYmx+KQsT/NxHZobriqsgi1TgI
yevjArZ3DsaSbE/FV/E9CZdwpKOe6pjogct7CWURwqrEj0fALoA/uByx0gjFA8hC
b7r4jgeJM0+VOHYSiGew7Qme+bGRalnVzf0WSig5lH5W
-----END CERTIFICATE-----