Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/zdoGHslQfORCsHysfL1MQ89qhoc.roa
File:                     zdoGHslQfORCsHysfL1MQ89qhoc.roa (raw, json)
Hash identifier:          +ESbnqbtl8DXZybkOl6R7iRbJ8xjLZddtqGX/YhKd1Y=
Subject key identifier:   CD:DA:06:1E:C9:50:7C:E4:42:B0:7C:AC:7C:BD:4C:43:CF:6A:86:87
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019E793C7B14BE8573EA8D3488E153979DE9
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/zdoGHslQfORCsHysfL1MQ89qhoc.roa
Signing time:             Sat 30 May 2026 14:14:27 +0000
ROA not before:           Sat 30 May 2026 14:14:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154383
IP address blocks:        222.167.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:79:3c:7b:14:be:85:73:ea:8d:34:88:e1:53:97:9d:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: May 30 14:14:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cdda061ec9507ce442b07cac7cbd4c43cf6a8687
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:fc:09:8f:e6:d3:62:e6:ae:df:bf:46:3f:cd:
                    9f:30:47:0a:fd:1d:2a:d2:f0:04:b1:40:3d:cd:3d:
                    f5:71:b8:30:0a:bd:6f:ef:b2:ff:08:6b:a5:3d:c5:
                    80:fc:e0:4d:d8:9b:a4:9b:65:6e:0c:50:46:24:b6:
                    58:60:2e:5f:ab:d4:c3:12:24:08:49:5a:e7:18:7b:
                    95:c7:4d:91:36:40:1d:33:36:12:58:62:19:49:f8:
                    88:7f:ac:44:d8:bb:44:0e:f6:04:80:71:cf:e8:63:
                    f0:ea:5f:75:8b:04:37:7b:0e:79:72:09:fa:f2:aa:
                    34:7d:44:28:f9:b0:1a:81:78:d0:9f:2c:f8:a4:52:
                    b8:56:98:58:89:8f:dd:d3:eb:69:58:7d:00:23:a3:
                    16:58:29:00:c6:93:94:10:26:20:1c:cd:39:b2:66:
                    80:a7:23:cf:c1:1a:1e:cb:4d:2b:98:b8:ac:3f:a7:
                    8e:67:76:b0:17:5b:68:6a:b3:9a:b3:34:0c:12:f6:
                    c4:13:32:c1:3a:ac:c1:75:74:d5:b8:c8:db:21:71:
                    f2:5b:e5:fc:82:20:87:f7:c2:cf:c5:8b:de:ff:f8:
                    84:d4:f2:d1:0f:f0:cb:5b:a7:68:a8:b5:ed:8a:0d:
                    1d:37:bb:38:23:2a:d5:4e:f4:ed:f6:34:94:07:69:
                    da:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:DA:06:1E:C9:50:7C:E4:42:B0:7C:AC:7C:BD:4C:43:CF:6A:86:87
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/zdoGHslQfORCsHysfL1MQ89qhoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:0a:cb:4f:d0:d9:2d:e1:b9:09:a8:08:7c:9a:dd:b7:a7:72:
         07:01:38:b5:54:0e:ad:87:6c:92:ec:de:45:5e:51:fd:50:0d:
         c0:b5:dd:4e:43:c2:ad:2a:bf:96:75:97:fe:79:00:b0:e7:ad:
         38:80:48:b7:3e:5e:c9:f6:42:28:c6:fc:ba:87:85:3e:25:7d:
         19:ad:4c:3f:a6:18:5e:10:ef:d0:c6:db:c8:81:1f:20:bb:f7:
         75:f4:a6:9f:b7:0b:6a:50:82:0f:ad:b9:92:06:27:a9:e1:8a:
         ec:01:da:ae:d2:93:6c:af:cd:31:a7:3f:09:56:69:68:3a:62:
         49:d4:fb:99:2d:37:11:b6:92:39:f3:18:c6:49:95:c8:a2:d5:
         7f:d0:fd:55:a4:52:1c:3b:24:83:5a:36:c1:03:ca:7c:1e:01:
         ae:84:94:06:4b:91:ec:75:a7:78:47:16:69:5b:0a:95:4e:a5:
         62:2a:ef:3e:21:90:45:34:ff:a4:ce:15:e0:fa:83:b4:5b:ca:
         50:6b:d4:8c:37:bb:bd:32:82:3b:79:6e:5a:27:6e:c7:67:be:
         a0:89:f1:28:48:ed:20:d2:89:49:94:09:20:4f:3f:f8:40:cb:
         80:ad:54:19:b5:cc:e4:d0:0c:89:64:5d:68:a4:36:c9:bd:4b:
         36:08:c1:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ55PHsUvoVz6o00iOFTl53pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNTMwMTQxNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGRhMDYxZWM5NTA3Y2U0NDJiMDdjYWM3Y2JkNGM0M2NmNmE4Njg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vwJj+bTYuau379GP82fMEcK/R0q
0vAEsUA9zT31cbgwCr1v77L/CGulPcWA/OBN2Jukm2VuDFBGJLZYYC5fq9TDEiQI
SVrnGHuVx02RNkAdMzYSWGIZSfiIf6xE2LtEDvYEgHHP6GPw6l91iwQ3ew55cgn6
8qo0fUQo+bAagXjQnyz4pFK4VphYiY/d0+tpWH0AI6MWWCkAxpOUECYgHM05smaA
pyPPwRoey00rmLisP6eOZ3awF1toarOaszQMEvbEEzLBOqzBdXTVuMjbIXHyW+X8
giCH98LPxYve//iE1PLRD/DLW6doqLXtig0dN7s4IyrVTvTt9jSUB2naKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM3aBh7JUHzkQrB8rHy9TEPPaoaHMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvemRvR0hzbFFmT1JDc0h5c2ZMMU1RODlxaG9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3qfsMA0G
CSqGSIb3DQEBCwUAA4IBAQBdCstP0Nkt4bkJqAh8mt23p3IHATi1VA6th2yS7N5F
XlH9UA3Atd1OQ8KtKr+WdZf+eQCw5604gEi3Pl7J9kIoxvy6h4U+JX0ZrUw/phhe
EO/QxtvIgR8gu/d19KaftwtqUIIPrbmSBiep4YrsAdqu0pNsr80xpz8JVmloOmJJ
1PuZLTcRtpI58xjGSZXIotV/0P1VpFIcOySDWjbBA8p8HgGuhJQGS5Hsdad4RxZp
WwqVTqViKu8+IZBFNP+kzhXg+oO0W8pQa9SMN7u9MoI7eW5aJ27HZ76gifEoSO0g
0olJlAkgTz/4QMuArVQZtczk0AyJZF1opDbJvUs2CMFc
-----END CERTIFICATE-----