Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/D8HzZ2Ely761i_PYPDmyPkYCZzw.roa
File:                     D8HzZ2Ely761i_PYPDmyPkYCZzw.roa (raw, json)
Hash identifier:          S1u6S3LK1aIAF78tib8847o7YNmmAbNYqh53Pm3qkro=
Subject key identifier:   0F:C1:F3:67:61:25:CB:BE:B5:8B:F3:D8:3C:39:B2:3E:46:02:67:3C
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019D254E62A0DB027EE5C95F0ED400E74C39
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/D8HzZ2Ely761i_PYPDmyPkYCZzw.roa
Signing time:             Wed 25 Mar 2026 14:03:07 +0000
ROA not before:           Wed 25 Mar 2026 14:03:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62240
IP address blocks:        222.167.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:25:4e:62:a0:db:02:7e:e5:c9:5f:0e:d4:00:e7:4c:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Mar 25 14:03:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0fc1f3676125cbbeb58bf3d83c39b23e4602673c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:21:1a:90:87:85:ba:b1:18:22:68:56:89:d0:
                    11:29:11:b0:e4:cf:cc:bb:50:10:43:51:f5:76:1c:
                    b4:3d:f5:00:18:93:4d:0c:c7:87:84:82:93:35:26:
                    a6:c1:07:00:b1:95:f3:00:0b:d7:7c:cd:7f:a5:7d:
                    82:90:75:45:4c:41:42:df:fb:cb:a9:4a:d9:ef:c9:
                    96:8c:11:34:9e:e2:bf:c1:28:39:a0:27:a9:8d:bf:
                    ac:4d:db:b4:f3:1a:75:a6:28:cf:04:f0:40:c4:ee:
                    87:42:2b:11:88:53:f9:22:66:9f:72:71:98:c1:ad:
                    d8:8f:2f:fe:92:4b:21:e2:88:af:36:bd:76:d5:b4:
                    90:8e:c6:9a:61:ff:4a:a4:f0:c1:2b:59:c6:97:ce:
                    9a:c8:fa:df:e7:21:7f:9e:c3:c2:80:d2:3b:9a:f2:
                    db:59:8e:77:09:4a:80:66:af:b4:b5:bd:da:df:3f:
                    ed:f8:08:13:69:fd:4a:5c:1c:5d:ca:7f:94:65:f3:
                    09:35:35:5d:41:e2:ad:b3:ed:7b:b4:47:66:8c:9d:
                    04:dd:34:dc:b3:c3:2d:1f:79:c1:43:22:e2:c5:fd:
                    77:73:92:22:54:f1:93:d8:f2:02:b5:e6:1e:28:04:
                    cf:80:8b:04:8f:15:63:54:f9:49:3e:d6:27:d2:99:
                    5b:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:C1:F3:67:61:25:CB:BE:B5:8B:F3:D8:3C:39:B2:3E:46:02:67:3C
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/D8HzZ2Ely761i_PYPDmyPkYCZzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:77:80:a6:5b:7d:03:13:30:3a:9a:8e:46:6a:98:bc:0a:4a:
         b0:bd:61:c4:81:e9:49:da:ac:bd:31:25:75:cb:36:f8:03:90:
         39:73:cb:3d:ca:da:8b:b9:68:e3:66:14:1b:98:03:65:a4:48:
         f4:61:1b:76:0e:55:34:23:0c:a7:b4:c9:fc:b0:ac:34:a9:d2:
         53:05:be:19:9b:c1:ad:f2:71:31:f2:0e:de:61:ca:e5:f1:19:
         3b:a6:05:52:24:bc:d5:57:2a:7e:17:74:4f:49:90:81:9e:05:
         6f:d8:c0:f7:13:b4:e9:ba:14:c5:5b:a8:7c:9b:04:3b:a9:3d:
         37:fa:b7:8d:df:79:de:f7:35:ec:f0:50:14:49:51:dc:6a:f8:
         dd:0b:67:c2:19:b7:16:51:6a:fd:bd:19:3a:9d:e6:f8:fe:c6:
         64:1d:42:a9:05:d1:5f:7b:0a:26:e7:ed:fc:ab:f8:95:c7:f9:
         e4:8d:cb:a4:b7:3f:f8:78:cf:c7:6f:d2:b8:12:69:13:5a:72:
         23:7a:22:22:88:d2:0d:0f:67:78:8a:6d:b8:bd:1e:7a:eb:b3:
         87:06:71:4d:12:8d:2f:af:bb:2c:f4:78:00:17:f9:81:20:8b:
         43:82:02:a8:80:0f:7d:7a:a0:ea:9b:70:2e:56:e9:a8:5d:6f:
         d0:fc:72:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0lTmKg2wJ+5clfDtQA50w5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzI1MTQwMzA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmMxZjM2NzYxMjVjYmJlYjU4YmYzZDgzYzM5YjIzZTQ2MDI2NzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6yEakIeFurEYImhWidARKRGw5M/M
u1AQQ1H1dhy0PfUAGJNNDMeHhIKTNSamwQcAsZXzAAvXfM1/pX2CkHVFTEFC3/vL
qUrZ78mWjBE0nuK/wSg5oCepjb+sTdu08xp1pijPBPBAxO6HQisRiFP5ImafcnGY
wa3Yjy/+kksh4oivNr121bSQjsaaYf9KpPDBK1nGl86ayPrf5yF/nsPCgNI7mvLb
WY53CUqAZq+0tb3a3z/t+AgTaf1KXBxdyn+UZfMJNTVdQeKts+17tEdmjJ0E3TTc
s8MtH3nBQyLixf13c5IiVPGT2PICteYeKATPgIsEjxVjVPlJPtYn0plbnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/B82dhJcu+tYvz2Dw5sj5GAmc8MB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvRDhIeloyRWx5NzYxaV9QWVBEbXlQa1lDWnp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3qfvMA0G
CSqGSIb3DQEBCwUAA4IBAQBcd4CmW30DEzA6mo5Gapi8CkqwvWHEgelJ2qy9MSV1
yzb4A5A5c8s9ytqLuWjjZhQbmANlpEj0YRt2DlU0IwyntMn8sKw0qdJTBb4Zm8Gt
8nEx8g7eYcrl8Rk7pgVSJLzVVyp+F3RPSZCBngVv2MD3E7TpuhTFW6h8mwQ7qT03
+reN33ne9zXs8FAUSVHcavjdC2fCGbcWUWr9vRk6neb4/sZkHUKpBdFfewom5+38
q/iVx/nkjcuktz/4eM/Hb9K4EmkTWnIjeiIiiNIND2d4im24vR5667OHBnFNEo0v
r7ss9HgAF/mBIItDggKogA99eqDqm3AuVumoXW/Q/HLW
-----END CERTIFICATE-----