Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kdFcmqLC4vZTSXT32gV8EUP-QNE.roa
File:                     kdFcmqLC4vZTSXT32gV8EUP-QNE.roa (raw, json)
Hash identifier:          yQWODWgTn25H8wdYnnKejMNbzxFwWRHY5/TfEd/0N+w=
Subject key identifier:   91:D1:5C:9A:A2:C2:E2:F6:53:49:74:F7:DA:05:7C:11:43:FE:40:D1
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019E60437F99B1507BFC0E9CBC56F079ED3D
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kdFcmqLC4vZTSXT32gV8EUP-QNE.roa
Signing time:             Mon 25 May 2026 17:51:36 +0000
ROA not before:           Mon 25 May 2026 17:51:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     398993
IP address blocks:        222.167.218.0/24 maxlen: 24
                          222.167.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:60:43:7f:99:b1:50:7b:fc:0e:9c:bc:56:f0:79:ed:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: May 25 17:51:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91d15c9aa2c2e2f6534974f7da057c1143fe40d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:79:7b:4c:0b:24:03:72:aa:e4:08:c0:89:2e:
                    b8:3c:bd:55:80:c4:e9:5b:e1:97:68:8a:3d:68:4d:
                    fe:80:a7:91:8a:05:94:63:f3:4b:98:3f:93:e8:e1:
                    9b:28:5d:5a:b8:1e:85:8f:6c:1c:cf:4c:11:ec:3d:
                    12:ac:93:3b:d1:de:aa:46:27:39:08:ae:c3:8a:f8:
                    da:56:68:0c:b7:c5:72:b6:a1:cd:95:68:ab:a1:f6:
                    9b:a0:96:15:d9:4a:7b:5d:81:8d:40:52:4f:4d:f2:
                    b9:f8:f2:bc:cf:ab:a5:62:2d:1b:e7:4e:5e:86:d1:
                    d2:b5:a3:8b:24:4a:29:48:f0:98:de:4b:4e:e0:86:
                    4a:63:6a:1c:7d:d1:88:52:d6:98:30:fe:89:c7:d2:
                    ff:f5:00:eb:0c:77:fa:e4:f1:77:0d:aa:5b:94:93:
                    64:6b:34:8e:16:0b:10:9b:84:5a:1e:cd:48:5c:da:
                    06:b3:4a:47:2b:04:4a:01:22:2f:3b:fc:6f:c8:1f:
                    1c:d5:8d:0a:cd:a1:7f:20:18:02:11:3e:9b:26:f8:
                    59:47:5e:3e:a2:4d:f8:74:74:39:cc:30:df:56:3e:
                    3f:14:69:d1:32:27:be:09:50:40:e1:2a:db:38:6a:
                    1d:dd:29:a5:8f:95:b2:7e:45:cd:45:c8:b9:9f:e7:
                    d1:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:D1:5C:9A:A2:C2:E2:F6:53:49:74:F7:DA:05:7C:11:43:FE:40:D1
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kdFcmqLC4vZTSXT32gV8EUP-QNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:3e:31:e7:80:58:2c:fc:2a:21:ba:10:d4:83:c7:cd:12:77:
         fc:d7:d8:8b:10:85:15:08:ba:96:e0:81:a1:03:44:bf:24:d5:
         e4:c8:fe:fc:c6:75:ab:d3:c2:29:7a:ca:3c:77:0b:30:bc:aa:
         32:59:49:b8:5f:3e:3a:72:63:7b:08:84:4c:30:4e:60:48:bd:
         d9:8d:85:ee:4e:96:04:50:c2:6a:f5:1f:0e:7d:70:63:9a:9f:
         6b:bb:3e:af:8e:a8:57:15:7a:3d:e8:d1:4a:d1:20:11:29:9a:
         cd:45:10:16:b8:f8:ac:46:96:fc:6b:d0:6f:cd:34:6b:43:15:
         e9:56:28:74:5e:32:d4:e9:39:82:04:b5:fd:be:de:37:a6:af:
         2f:f9:0a:9f:f8:85:3c:5c:f5:b3:12:5d:06:a7:ee:5a:ce:4c:
         d4:8e:03:1e:f1:7d:cd:b4:07:37:0b:e3:b8:8c:2a:41:8d:d2:
         ed:dc:2f:94:9c:75:f1:4b:48:51:7c:af:0e:8c:06:ed:3b:ed:
         2a:30:e8:d2:a4:93:10:bb:63:0f:fe:d6:5c:d9:0b:ad:83:4d:
         58:30:f2:f0:c5:f0:b0:3e:99:38:bd:b9:90:93:21:8c:b3:62:
         0e:00:0e:c1:12:9d:10:25:a9:3e:da:d8:29:15:cb:ae:14:68:
         13:00:5e:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5gQ3+ZsVB7/A6cvFbwee09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNTI1MTc1MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWQxNWM5YWEyYzJlMmY2NTM0OTc0ZjdkYTA1N2MxMTQzZmU0MGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8nl7TAskA3Kq5AjAiS64PL1VgMTp
W+GXaIo9aE3+gKeRigWUY/NLmD+T6OGbKF1auB6Fj2wcz0wR7D0SrJM70d6qRic5
CK7DivjaVmgMt8VytqHNlWirofaboJYV2Up7XYGNQFJPTfK5+PK8z6ulYi0b505e
htHStaOLJEopSPCY3ktO4IZKY2ocfdGIUtaYMP6Jx9L/9QDrDHf65PF3DapblJNk
azSOFgsQm4RaHs1IXNoGs0pHKwRKASIvO/xvyB8c1Y0KzaF/IBgCET6bJvhZR14+
ok34dHQ5zDDfVj4/FGnRMie+CVBA4SrbOGod3Smlj5WyfkXNRci5n+fRawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHRXJqiwuL2U0l099oFfBFD/kDRMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEva2RGY21xTEM0dlpUU1hUMzJnVjhFVVAtUU5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB3qfaMA0G
CSqGSIb3DQEBCwUAA4IBAQAGPjHngFgs/CohuhDUg8fNEnf819iLEIUVCLqW4IGh
A0S/JNXkyP78xnWr08Ipeso8dwswvKoyWUm4Xz46cmN7CIRMME5gSL3ZjYXuTpYE
UMJq9R8OfXBjmp9ruz6vjqhXFXo96NFK0SARKZrNRRAWuPisRpb8a9BvzTRrQxXp
Vih0XjLU6TmCBLX9vt43pq8v+Qqf+IU8XPWzEl0Gp+5azkzUjgMe8X3NtAc3C+O4
jCpBjdLt3C+UnHXxS0hRfK8OjAbtO+0qMOjSpJMQu2MP/tZc2Qutg01YMPLwxfCw
Ppk4vbmQkyGMs2IOAA7BEp0QJak+2tgpFcuuFGgTAF5h
-----END CERTIFICATE-----