Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/iurf5I7OwjJvxaeg-v3lapvW0ng.roa
File:                     iurf5I7OwjJvxaeg-v3lapvW0ng.roa (raw, json)
Hash identifier:          nvYBXAiP6Ei+Kjhf/1Hl6QUpDaIRspIu82KYWDIJ5D0=
Subject key identifier:   8A:EA:DF:E4:8E:CE:C2:32:6F:C5:A7:A0:FA:FD:E5:6A:9B:D6:D2:78
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019D59102E634FB6BB4A3B0E3F93E2EF6A0F
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/iurf5I7OwjJvxaeg-v3lapvW0ng.roa
Signing time:             Sat 04 Apr 2026 15:15:25 +0000
ROA not before:           Sat 04 Apr 2026 15:15:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209829
IP address blocks:        222.167.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:59:10:2e:63:4f:b6:bb:4a:3b:0e:3f:93:e2:ef:6a:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Apr  4 15:15:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8aeadfe48ecec2326fc5a7a0fafde56a9bd6d278
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:79:95:7e:8d:9e:a6:6c:24:a7:00:06:ce:17:
                    43:3c:2d:6f:a1:46:52:83:90:e9:d7:dd:03:34:3a:
                    b5:ee:60:c0:14:26:8c:b3:7c:85:f6:5b:51:94:c7:
                    0d:e5:41:8c:fe:09:41:0d:20:56:fb:58:36:38:6c:
                    c8:15:67:08:1c:c7:dd:6e:cd:f7:84:94:37:c8:e9:
                    a3:3c:fa:94:9a:28:56:bd:27:7f:65:fe:d3:a9:56:
                    7c:f4:81:a6:da:7d:8f:14:dd:d3:03:aa:20:d0:07:
                    c9:7b:93:b9:4d:fc:69:4d:8e:91:ff:ea:2b:6a:4e:
                    31:cb:d3:e2:35:dd:c7:98:7d:e0:67:a9:a1:a6:50:
                    2b:13:d5:91:02:44:6d:d7:d0:e7:17:23:9e:88:a8:
                    2f:9c:1c:28:64:f3:aa:57:f7:af:13:ac:0d:a3:54:
                    80:74:c9:df:5d:3c:1f:1a:50:a2:00:1c:a0:ec:ff:
                    81:d9:ea:e8:88:1c:4e:7f:c6:6c:93:a1:35:7f:0e:
                    06:55:f0:62:36:04:9f:00:60:be:f4:2c:3f:df:af:
                    8e:f6:61:a7:90:70:7f:9d:1b:bf:34:65:23:e0:ee:
                    3d:f0:d8:1b:bf:c0:11:85:52:50:01:a2:59:8b:2b:
                    3c:ac:90:16:88:dd:32:7c:0c:a7:5f:9d:00:cb:74:
                    ed:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:EA:DF:E4:8E:CE:C2:32:6F:C5:A7:A0:FA:FD:E5:6A:9B:D6:D2:78
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/iurf5I7OwjJvxaeg-v3lapvW0ng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:ae:ce:4d:f9:21:82:9c:e5:19:82:61:a2:cb:b0:f6:56:eb:
         7c:ec:5f:9a:72:61:89:b6:bb:ab:b1:8a:65:91:2a:e1:3c:62:
         2d:3c:fb:9a:e7:db:9d:74:d9:e3:99:c6:74:40:dc:1b:45:c0:
         52:a5:d1:36:19:52:91:1f:01:73:56:eb:d2:0d:af:89:26:f8:
         2a:60:49:a7:b1:86:b1:db:db:f6:d1:3a:06:b8:16:c7:24:d2:
         1e:fd:4f:07:04:77:6a:5e:5b:28:3e:20:15:6a:23:33:c3:b9:
         67:f8:0a:ee:0e:46:77:8b:64:e4:c8:cc:ab:04:e4:e0:55:7b:
         3e:24:42:83:b1:03:6f:17:30:22:c2:81:2b:c5:d3:ce:c6:40:
         1c:7c:3f:05:2c:48:c2:e2:2f:ef:e1:6a:c9:56:12:c2:46:da:
         7c:ec:ee:39:d6:20:81:55:71:62:0d:48:94:1e:0c:fa:36:1a:
         03:bb:0a:c8:3b:8f:f5:43:43:76:1f:3c:a4:ac:f3:41:6e:25:
         4f:94:e9:81:83:3c:98:02:28:cf:18:5c:56:51:64:2f:05:dc:
         74:29:fd:d1:9e:07:1d:b8:3d:6c:5d:1c:86:4d:59:44:96:8c:
         26:e7:ed:58:a7:fc:a8:94:b6:59:b7:ca:af:6a:3e:da:8f:3d:
         c5:1e:c2:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1ZEC5jT7a7SjsOP5Pi72oPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNDA0MTUxNTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWVhZGZlNDhlY2VjMjMyNmZjNWE3YTBmYWZkZTU2YTliZDZkMjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnmVfo2epmwkpwAGzhdDPC1voUZS
g5Dp190DNDq17mDAFCaMs3yF9ltRlMcN5UGM/glBDSBW+1g2OGzIFWcIHMfdbs33
hJQ3yOmjPPqUmihWvSd/Zf7TqVZ89IGm2n2PFN3TA6og0AfJe5O5TfxpTY6R/+or
ak4xy9PiNd3HmH3gZ6mhplArE9WRAkRt19DnFyOeiKgvnBwoZPOqV/evE6wNo1SA
dMnfXTwfGlCiAByg7P+B2eroiBxOf8Zsk6E1fw4GVfBiNgSfAGC+9Cw/36+O9mGn
kHB/nRu/NGUj4O498Ngbv8ARhVJQAaJZiys8rJAWiN0yfAynX50Ay3TtdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIrq3+SOzsIyb8WnoPr95Wqb1tJ4MB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvaXVyZjVJN093akp2eGFlZy12M2xhcHZXMG5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3qfZMA0G
CSqGSIb3DQEBCwUAA4IBAQAMrs5N+SGCnOUZgmGiy7D2Vut87F+acmGJtrursYpl
kSrhPGItPPua59uddNnjmcZ0QNwbRcBSpdE2GVKRHwFzVuvSDa+JJvgqYEmnsYax
29v20ToGuBbHJNIe/U8HBHdqXlsoPiAVaiMzw7ln+AruDkZ3i2TkyMyrBOTgVXs+
JEKDsQNvFzAiwoErxdPOxkAcfD8FLEjC4i/v4WrJVhLCRtp87O451iCBVXFiDUiU
Hgz6NhoDuwrIO4/1Q0N2HzykrPNBbiVPlOmBgzyYAijPGFxWUWQvBdx0Kf3Rngcd
uD1sXRyGTVlElowm5+1Yp/yolLZZt8qvaj7ajz3FHsJy
-----END CERTIFICATE-----