Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/C4Up61Dgu__WghpkGF8FKpQY398.roa
File:                     C4Up61Dgu__WghpkGF8FKpQY398.roa (raw, json)
Hash identifier:          b8S8SJqeFu8XgJiMJ0Lra7MgR4ZTRQMgjWTkGpevN2k=
Subject key identifier:   0B:85:29:EB:50:E0:BB:FF:D6:82:1A:64:18:5F:05:2A:94:18:DF:DF
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       0196CFDC67EF575A548FF6E0A342EF251521
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/C4Up61Dgu__WghpkGF8FKpQY398.roa
Signing time:             Wed 14 May 2025 17:34:10 +0000
ROA not before:           Wed 14 May 2025 17:34:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398478
IP address blocks:        222.167.192.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 17:32:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cf:dc:67:ef:57:5a:54:8f:f6:e0:a3:42:ef:25:15:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: May 14 17:34:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b8529eb50e0bbffd6821a64185f052a9418dfdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1f:dd:71:64:0b:97:43:92:43:2d:e0:85:0b:
                    5f:85:f1:31:10:94:47:16:c0:62:d1:29:91:3f:47:
                    22:d6:12:8c:85:c3:53:1a:2d:23:a5:d3:d9:77:8e:
                    ef:9d:d3:c7:8f:c8:7b:67:f1:9e:2d:f1:68:a5:74:
                    18:f9:d5:50:a6:4e:73:6b:1c:8a:19:64:6e:27:9a:
                    65:12:28:89:40:a3:a0:68:76:f2:41:28:17:6f:a1:
                    f6:c7:e9:f7:3c:f3:63:c6:b0:3e:15:23:3e:8d:95:
                    66:6c:1d:00:15:2f:53:e5:ad:d6:99:25:c2:f1:28:
                    12:31:49:7b:e8:6f:21:fe:6e:f7:78:4a:69:e2:76:
                    49:6c:61:e1:4b:bd:a6:a2:ad:cf:f0:e7:6b:2b:23:
                    6c:b8:58:96:23:7b:48:21:60:67:ed:a5:57:47:11:
                    17:93:7f:1c:ee:0a:1d:e1:43:a8:a5:a8:18:72:b7:
                    c2:ee:19:e3:7f:f8:44:62:9d:ff:ba:24:1e:08:12:
                    83:e3:7b:a8:9d:cc:c1:80:5d:fe:a5:9a:57:b5:f3:
                    91:13:c0:d0:82:99:04:1b:09:4c:50:3d:b3:21:31:
                    4e:b8:df:cc:73:0c:29:04:dc:45:53:5d:3c:48:90:
                    ef:e8:9f:58:2f:08:03:a2:3e:71:57:a2:35:1a:36:
                    54:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:85:29:EB:50:E0:BB:FF:D6:82:1A:64:18:5F:05:2A:94:18:DF:DF
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/C4Up61Dgu__WghpkGF8FKpQY398.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.192.0/21

    Signature Algorithm: sha256WithRSAEncryption
         72:e7:b6:e5:ec:39:4d:74:4c:31:74:74:09:1d:51:06:53:0d:
         40:d0:05:5a:b9:cd:22:42:59:be:20:71:9b:95:65:c5:9c:48:
         5d:ba:31:f6:6f:ec:c6:6c:9d:7c:08:b0:2a:1e:40:5d:3c:49:
         d2:41:e6:0f:6d:fc:ec:18:e6:36:2d:ea:0d:4a:f1:87:18:09:
         45:61:38:c2:2c:c6:8d:e2:52:77:74:21:8e:54:f4:b9:bc:66:
         bf:c1:57:f1:f3:16:96:2b:0a:5a:f6:67:c1:0e:87:48:4c:61:
         af:6d:ce:a1:f7:f6:da:0b:09:c0:7e:5c:89:6b:ff:6a:3a:8d:
         75:d5:16:d1:bc:fc:db:a8:78:b5:d4:d6:53:a2:fa:7d:f8:2b:
         b5:e0:56:bd:5f:86:ad:91:19:e8:e3:a8:77:f7:ea:ab:4e:8d:
         3e:97:06:58:62:2d:8f:43:31:99:8f:69:61:80:48:06:91:de:
         8d:4d:cc:2e:5f:9f:90:ff:13:46:72:3b:21:63:9e:eb:a9:67:
         de:35:c2:82:56:e7:b0:85:57:ec:1e:5f:1f:bc:fa:47:e1:6d:
         6f:ff:97:b7:0f:61:37:49:54:79:54:d8:8a:9c:91:f0:fe:52:
         6c:b7:ec:62:a8:d4:69:73:34:40:08:98:d8:1b:cd:14:91:6c:
         3a:3a:2b:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbP3GfvV1pUj/bgo0LvJRUhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjUwNTE0MTczNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjg1MjllYjUwZTBiYmZmZDY4MjFhNjQxODVmMDUyYTk0MThkZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtR/dcWQLl0OSQy3ghQtfhfExEJRH
FsBi0SmRP0ci1hKMhcNTGi0jpdPZd47vndPHj8h7Z/GeLfFopXQY+dVQpk5zaxyK
GWRuJ5plEiiJQKOgaHbyQSgXb6H2x+n3PPNjxrA+FSM+jZVmbB0AFS9T5a3WmSXC
8SgSMUl76G8h/m73eEpp4nZJbGHhS72moq3P8OdrKyNsuFiWI3tIIWBn7aVXRxEX
k38c7god4UOopagYcrfC7hnjf/hEYp3/uiQeCBKD43uonczBgF3+pZpXtfORE8DQ
gpkEGwlMUD2zITFOuN/McwwpBNxFU108SJDv6J9YLwgDoj5xV6I1GjZUlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAuFKetQ4Lv/1oIaZBhfBSqUGN/fMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvQzRVcDYxRGd1X19XZ2hwa0dGOEZLcFFZMzk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD3qfAMA0G
CSqGSIb3DQEBCwUAA4IBAQBy57bl7DlNdEwxdHQJHVEGUw1A0AVauc0iQlm+IHGb
lWXFnEhdujH2b+zGbJ18CLAqHkBdPEnSQeYPbfzsGOY2LeoNSvGHGAlFYTjCLMaN
4lJ3dCGOVPS5vGa/wVfx8xaWKwpa9mfBDodITGGvbc6h9/baCwnAflyJa/9qOo11
1RbRvPzbqHi11NZTovp9+Cu14Fa9X4atkRno46h39+qrTo0+lwZYYi2PQzGZj2lh
gEgGkd6NTcwuX5+Q/xNGcjshY57rqWfeNcKCVuewhVfsHl8fvPpH4W1v/5e3D2E3
SVR5VNiKnJHw/lJst+xiqNRpczRACJjYG80UkWw6Oit8
-----END CERTIFICATE-----