Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/7eqLRiWfPGlenRPj1fUNSUpuZWU.roa
File:                     7eqLRiWfPGlenRPj1fUNSUpuZWU.roa (raw, json)
Hash identifier:          YCIYPg2HGjBumG3GzhAcwf0Qzw+Fgne8VeQJigsaWvg=
Subject key identifier:   ED:EA:8B:46:25:9F:3C:69:5E:9D:13:E3:D5:F5:0D:49:4A:6E:65:65
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019E03F214805A68B70037F0C147EE30B172
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/7eqLRiWfPGlenRPj1fUNSUpuZWU.roa
Signing time:             Thu 07 May 2026 19:37:36 +0000
ROA not before:           Thu 07 May 2026 19:37:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402310
IP address blocks:        222.167.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:03:f2:14:80:5a:68:b7:00:37:f0:c1:47:ee:30:b1:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: May  7 19:37:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=edea8b46259f3c695e9d13e3d5f50d494a6e6565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5f:4f:5e:90:7a:4c:40:e2:a7:33:99:6b:8e:
                    23:66:c5:a4:5b:c7:0a:d7:6e:84:f1:b1:d8:f5:37:
                    71:e5:3c:4b:8f:09:ec:85:bf:3c:1d:78:40:c3:ef:
                    18:28:14:de:d2:1b:1f:7c:b6:14:75:5d:af:04:1f:
                    fb:25:cb:c5:4d:a8:de:c4:b5:bc:38:ff:36:03:f2:
                    a9:db:c9:81:38:d3:40:1f:90:78:ba:3c:5a:46:11:
                    88:4f:d5:15:f1:81:3b:a0:26:79:72:5f:36:8c:eb:
                    08:27:ce:28:94:c5:3f:af:f2:fd:56:31:3a:ec:98:
                    d6:82:a6:98:3e:66:13:c5:be:9f:84:cd:7f:51:92:
                    7f:99:3c:02:a1:d4:36:db:73:b3:c0:37:74:77:76:
                    41:9f:5c:e9:06:ab:75:5e:15:12:0d:89:04:ca:82:
                    4d:3f:27:5c:ed:81:fd:ef:cd:28:d2:3e:4a:5b:96:
                    aa:e5:3a:60:8a:fd:10:33:6c:c3:25:02:df:a0:73:
                    21:1b:06:b8:4e:9d:48:24:0c:16:04:a3:2e:a8:f7:
                    95:12:fa:d6:50:ea:35:d4:e2:3e:a7:71:8d:20:a1:
                    3c:58:bf:df:8d:26:f8:39:39:50:6f:8f:31:2f:77:
                    55:98:b7:59:5a:a3:da:59:20:de:52:4b:08:57:17:
                    49:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:EA:8B:46:25:9F:3C:69:5E:9D:13:E3:D5:F5:0D:49:4A:6E:65:65
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/7eqLRiWfPGlenRPj1fUNSUpuZWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:c2:ac:90:bd:a6:fe:9f:03:73:61:7a:28:28:91:11:82:c7:
         37:86:15:47:e0:f0:09:8b:a8:f2:94:0c:c1:f3:5d:bf:a5:2d:
         42:42:5f:14:13:9b:b4:4b:90:7d:40:dc:d3:1f:c4:f8:70:b3:
         38:33:da:5b:00:86:d5:8b:a8:22:ca:22:41:0e:35:19:df:41:
         5f:5b:df:5a:42:45:b3:59:5b:f1:f2:f0:03:ed:9a:6e:62:96:
         6f:71:c4:9f:81:08:83:2e:c2:67:fb:4a:1c:8d:4f:3b:6a:1b:
         b0:8e:a6:82:89:5c:e2:93:9e:78:87:07:bf:5c:2e:2c:c9:b7:
         3e:1e:24:38:6c:ab:df:5d:71:6d:dc:3b:3d:18:cd:91:c1:6c:
         bb:ed:70:8c:36:cf:13:f5:65:67:45:20:27:b3:e1:25:37:30:
         02:63:45:2b:f1:11:d8:83:e9:44:42:3e:52:c3:6d:fa:b3:f8:
         c1:9d:a5:d9:93:d5:7a:e7:31:6b:0e:2b:8f:99:50:fa:4e:ad:
         81:43:df:41:6f:68:fa:2b:e6:48:77:fc:8a:73:ba:72:5e:99:
         64:34:0c:91:f9:fd:86:3e:37:a5:ef:03:f0:7c:68:7b:13:03:
         fd:ff:e9:87:8f:65:8b:73:eb:e9:06:b7:00:fc:e1:0e:d9:fa:
         44:88:d9:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4D8hSAWmi3ADfwwUfuMLFyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNTA3MTkzNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGVhOGI0NjI1OWYzYzY5NWU5ZDEzZTNkNWY1MGQ0OTRhNmU2NTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoV9PXpB6TEDipzOZa44jZsWkW8cK
126E8bHY9Tdx5TxLjwnshb88HXhAw+8YKBTe0hsffLYUdV2vBB/7JcvFTajexLW8
OP82A/Kp28mBONNAH5B4ujxaRhGIT9UV8YE7oCZ5cl82jOsIJ84olMU/r/L9VjE6
7JjWgqaYPmYTxb6fhM1/UZJ/mTwCodQ223OzwDd0d3ZBn1zpBqt1XhUSDYkEyoJN
Pydc7YH9780o0j5KW5aq5Tpgiv0QM2zDJQLfoHMhGwa4Tp1IJAwWBKMuqPeVEvrW
UOo11OI+p3GNIKE8WL/fjSb4OTlQb48xL3dVmLdZWqPaWSDeUksIVxdJLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO3qi0YlnzxpXp0T49X1DUlKbmVlMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvN2VxTFJpV2ZQR2xlblJQajFmVU5TVXB1WldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3qfJMA0G
CSqGSIb3DQEBCwUAA4IBAQA+wqyQvab+nwNzYXooKJERgsc3hhVH4PAJi6jylAzB
812/pS1CQl8UE5u0S5B9QNzTH8T4cLM4M9pbAIbVi6giyiJBDjUZ30FfW99aQkWz
WVvx8vAD7ZpuYpZvccSfgQiDLsJn+0ocjU87ahuwjqaCiVzik554hwe/XC4sybc+
HiQ4bKvfXXFt3Ds9GM2RwWy77XCMNs8T9WVnRSAns+ElNzACY0Ur8RHYg+lEQj5S
w236s/jBnaXZk9V65zFrDiuPmVD6Tq2BQ99Bb2j6K+ZId/yKc7pyXplkNAyR+f2G
Pjel7wPwfGh7EwP9/+mHj2WLc+vpBrcA/OEO2fpEiNkr
-----END CERTIFICATE-----