Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/0P0PccGabl2UROzHNpVL6McP5Qg.roa
File:                     0P0PccGabl2UROzHNpVL6McP5Qg.roa (raw, json)
Hash identifier:          76WpNJIBr+peyx+50gZb//AOQwGWCVC/EJXftO4PCi4=
Subject key identifier:   D0:FD:0F:71:C1:9A:6E:5D:94:44:EC:C7:36:95:4B:E8:C7:0F:E5:08
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019D200CC24070436980F7FAC8F557CCECA8
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/0P0PccGabl2UROzHNpVL6McP5Qg.roa
Signing time:             Tue 24 Mar 2026 13:33:20 +0000
ROA not before:           Tue 24 Mar 2026 13:33:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402186
IP address blocks:        222.167.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:20:0c:c2:40:70:43:69:80:f7:fa:c8:f5:57:cc:ec:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Mar 24 13:33:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d0fd0f71c19a6e5d9444ecc736954be8c70fe508
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:76:1e:14:30:b6:61:67:ac:74:f7:80:3a:5a:
                    67:80:34:69:4e:56:fc:d9:f0:b9:7e:12:81:6f:91:
                    c0:0c:d2:28:38:55:96:7d:68:a3:7d:4e:b6:ed:8f:
                    8b:2a:23:03:6a:7c:be:95:31:e2:cf:11:7b:6e:c3:
                    1a:eb:db:3c:08:58:94:ba:1b:58:91:34:6a:b9:02:
                    3e:11:8f:e9:6c:f0:2d:21:3b:a1:23:a0:7b:cf:63:
                    e1:40:32:41:47:cc:d9:87:85:e3:14:0c:fb:82:40:
                    25:c0:89:d7:a3:4d:91:c6:60:37:8b:f5:79:18:2d:
                    c4:64:77:16:94:b6:d0:57:1f:26:a5:27:bf:51:8b:
                    a2:bb:71:f6:ba:2c:80:29:e6:93:7a:0a:19:04:b2:
                    f5:df:07:c0:13:1d:8e:11:d5:20:d6:4a:f7:d5:c1:
                    c2:ba:8b:06:ec:68:a2:bd:ae:44:6b:45:90:e3:05:
                    12:28:c2:c9:9e:29:01:d5:2e:32:74:01:2e:43:2c:
                    94:b4:aa:4e:e4:05:80:54:61:d3:0b:f7:2e:f4:27:
                    b3:7e:b4:7d:c2:23:62:ac:ab:c9:79:88:0a:4e:26:
                    ba:55:bc:7d:75:48:37:6b:a4:6a:8d:c5:5d:59:26:
                    0b:71:ab:21:8a:3f:1f:5c:76:50:72:c2:2b:0c:5f:
                    c4:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:FD:0F:71:C1:9A:6E:5D:94:44:EC:C7:36:95:4B:E8:C7:0F:E5:08
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/0P0PccGabl2UROzHNpVL6McP5Qg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:e8:c4:29:17:de:3e:ee:26:cf:71:b5:bb:a8:d4:f2:76:90:
         4d:8d:9d:ff:48:a3:7e:e3:60:b5:dd:50:5f:e4:da:f8:c1:d6:
         7b:3c:87:59:18:99:0c:38:9b:7d:84:6d:63:4e:9f:b1:aa:c3:
         57:59:38:48:65:a8:9c:ee:b2:40:4f:4b:e2:97:0d:df:9c:2d:
         23:98:1d:3d:69:b6:93:d5:87:de:85:8b:7a:68:72:d0:a0:c2:
         d5:0a:c8:b4:a2:e6:30:d2:c6:6d:53:3d:dc:03:45:2f:d2:2f:
         54:a1:de:cc:77:da:7b:8e:0d:fb:71:15:c5:5e:60:a1:e9:fb:
         cc:1b:09:1f:e9:db:5d:7e:56:24:06:72:27:dc:8b:db:6d:c9:
         51:7d:5a:07:79:70:5e:8a:d0:6c:14:20:c0:92:c6:56:10:81:
         65:55:b7:55:a9:6e:95:70:77:40:23:ac:6a:10:38:57:80:de:
         12:44:cb:5e:be:84:c7:48:06:2d:b6:a5:53:d1:c1:df:27:26:
         2c:b9:10:16:f7:fb:7b:0a:23:fe:35:4c:3c:a8:fd:f5:2f:45:
         1b:53:00:b7:2c:21:67:4d:2a:88:bc:fe:9d:5a:1e:50:39:4b:
         a2:ff:a7:35:64:76:49:35:d6:00:ad:54:1f:6b:81:e5:8b:2d:
         a3:c9:74:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0gDMJAcENpgPf6yPVXzOyoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzI0MTMzMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGZkMGY3MWMxOWE2ZTVkOTQ0NGVjYzczNjk1NGJlOGM3MGZlNTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXYeFDC2YWesdPeAOlpngDRpTlb8
2fC5fhKBb5HADNIoOFWWfWijfU627Y+LKiMDany+lTHizxF7bsMa69s8CFiUuhtY
kTRquQI+EY/pbPAtITuhI6B7z2PhQDJBR8zZh4XjFAz7gkAlwInXo02RxmA3i/V5
GC3EZHcWlLbQVx8mpSe/UYuiu3H2uiyAKeaTegoZBLL13wfAEx2OEdUg1kr31cHC
uosG7Giiva5Ea0WQ4wUSKMLJnikB1S4ydAEuQyyUtKpO5AWAVGHTC/cu9CezfrR9
wiNirKvJeYgKTia6Vbx9dUg3a6RqjcVdWSYLcashij8fXHZQcsIrDF/EVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFND9D3HBmm5dlETsxzaVS+jHD+UIMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvMFAwUGNjR2FibDJVUk96SE5wVkw2TWNQNVFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3qfjMA0G
CSqGSIb3DQEBCwUAA4IBAQBO6MQpF94+7ibPcbW7qNTydpBNjZ3/SKN+42C13VBf
5Nr4wdZ7PIdZGJkMOJt9hG1jTp+xqsNXWThIZaic7rJAT0vilw3fnC0jmB09abaT
1YfehYt6aHLQoMLVCsi0ouYw0sZtUz3cA0Uv0i9Uod7Md9p7jg37cRXFXmCh6fvM
Gwkf6dtdflYkBnIn3IvbbclRfVoHeXBeitBsFCDAksZWEIFlVbdVqW6VcHdAI6xq
EDhXgN4SRMtevoTHSAYttqVT0cHfJyYsuRAW9/t7CiP+NUw8qP31L0UbUwC3LCFn
TSqIvP6dWh5QOUui/6c1ZHZJNdYArVQfa4Hliy2jyXTd
-----END CERTIFICATE-----