Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/HzYpraeud05ZDmN-AJxVXrxGYOA.roa
File:                     HzYpraeud05ZDmN-AJxVXrxGYOA.roa (raw, json)
Hash identifier:          NEILJl6wdvSHKC8uD2ZKy9qsBLomlvGiuDL0VHjaUg4=
Subject key identifier:   1F:36:29:AD:A7:AE:77:4E:59:0E:63:7E:00:9C:55:5E:BC:46:60:E0
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019D10B0B6B6627620736C18738DF9303CA0
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/HzYpraeud05ZDmN-AJxVXrxGYOA.roa
Signing time:             Sat 21 Mar 2026 13:58:29 +0000
ROA not before:           Sat 21 Mar 2026 13:58:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200151
IP address blocks:        222.167.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:10:b0:b6:b6:62:76:20:73:6c:18:73:8d:f9:30:3c:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Mar 21 13:58:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f3629ada7ae774e590e637e009c555ebc4660e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:41:62:cb:da:f4:f3:dc:65:bf:32:6f:45:fc:
                    ee:c0:8f:2f:b6:e5:bc:b6:bd:6d:2f:1d:3f:da:33:
                    67:9e:1c:34:d5:43:a1:15:5a:76:91:b0:ea:5e:98:
                    50:9d:1f:b1:31:eb:67:d0:78:92:da:a5:8f:9f:83:
                    f4:0d:7a:c5:d1:05:fe:73:ec:3f:f2:99:da:03:89:
                    20:9f:c0:27:ec:16:22:c0:21:fe:18:0f:1e:41:fb:
                    c1:f8:1a:b6:bc:3b:cd:9a:2a:10:e0:37:a9:4b:ba:
                    42:0e:a9:34:75:97:a3:f7:15:5c:e9:4c:0b:ab:d9:
                    6c:27:45:22:4f:24:15:a0:b7:ef:2c:1e:a0:c7:17:
                    34:0d:08:83:8c:12:6b:41:8d:20:ba:d5:65:9c:e1:
                    7b:15:81:e3:44:d9:30:dd:89:19:b6:a4:a6:36:7c:
                    c4:f2:a9:06:3a:91:de:43:3f:dd:6f:93:f4:ea:f3:
                    1a:e0:73:4b:81:01:9e:46:94:c1:3b:1e:1f:18:5d:
                    fb:4e:f0:70:08:76:5f:20:a5:f8:7f:60:47:3b:63:
                    62:e9:b4:cd:84:78:3c:d9:69:e1:36:36:2f:a2:c1:
                    a9:3a:4e:49:b8:77:12:52:27:cd:a9:c0:44:21:b1:
                    a0:41:fe:a2:13:1f:f7:53:14:78:46:eb:73:0b:db:
                    38:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:36:29:AD:A7:AE:77:4E:59:0E:63:7E:00:9C:55:5E:BC:46:60:E0
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/HzYpraeud05ZDmN-AJxVXrxGYOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:8a:82:49:89:6f:07:bd:73:6c:a0:4e:17:9f:c6:50:a4:53:
         77:fc:44:5a:18:b7:7c:62:e6:2b:a6:60:0f:6a:8a:f9:dd:46:
         33:0a:1b:56:94:cf:ab:a9:30:3e:9e:33:99:b1:9d:e0:6a:54:
         4f:73:be:5a:d0:81:02:33:dc:b2:89:65:ed:d8:70:d4:9d:ba:
         8d:e4:93:73:18:12:27:0d:a0:0b:6b:f0:6b:1e:3a:e5:0a:94:
         85:3f:74:31:fe:e8:48:60:e6:52:61:34:13:ab:b9:76:d8:0b:
         6a:a6:50:1a:da:e7:97:58:fd:8e:a4:19:06:02:0c:7a:e6:46:
         d9:fa:5a:19:64:81:8c:c2:1a:3e:32:65:14:62:1f:06:89:a6:
         6f:52:bb:31:70:f6:b7:78:ef:cd:26:1c:12:6d:0d:47:a7:82:
         32:31:94:eb:ed:22:ba:4d:14:db:f8:35:30:c8:c2:e4:ab:84:
         6a:0f:53:2c:e3:27:a0:06:ca:55:fe:a3:f9:9f:53:83:e4:74:
         28:0f:13:ed:4b:4b:2d:42:bc:77:ee:24:17:3f:fe:6b:a1:ca:
         92:f1:14:b8:d4:0b:a5:1b:4f:33:19:0a:c4:05:a0:bd:db:cd:
         68:0b:7a:b1:6d:c0:ef:c4:20:6b:d1:6b:df:a5:11:e3:bd:1a:
         e3:de:82:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0QsLa2YnYgc2wYc435MDygMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzIxMTM1ODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjM2MjlhZGE3YWU3NzRlNTkwZTYzN2UwMDljNTU1ZWJjNDY2MGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9kFiy9r089xlvzJvRfzuwI8vtuW8
tr1tLx0/2jNnnhw01UOhFVp2kbDqXphQnR+xMetn0HiS2qWPn4P0DXrF0QX+c+w/
8pnaA4kgn8An7BYiwCH+GA8eQfvB+Bq2vDvNmioQ4DepS7pCDqk0dZej9xVc6UwL
q9lsJ0UiTyQVoLfvLB6gxxc0DQiDjBJrQY0gutVlnOF7FYHjRNkw3YkZtqSmNnzE
8qkGOpHeQz/db5P06vMa4HNLgQGeRpTBOx4fGF37TvBwCHZfIKX4f2BHO2Ni6bTN
hHg82WnhNjYvosGpOk5JuHcSUifNqcBEIbGgQf6iEx/3UxR4RutzC9s4KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB82Ka2nrndOWQ5jfgCcVV68RmDgMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvSHpZcHJhZXVkMDVaRG1OLUFKeFZYcnhHWU9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3qfXMA0G
CSqGSIb3DQEBCwUAA4IBAQBlioJJiW8HvXNsoE4Xn8ZQpFN3/ERaGLd8YuYrpmAP
aor53UYzChtWlM+rqTA+njOZsZ3galRPc75a0IECM9yyiWXt2HDUnbqN5JNzGBIn
DaALa/BrHjrlCpSFP3Qx/uhIYOZSYTQTq7l22AtqplAa2ueXWP2OpBkGAgx65kbZ
+loZZIGMwho+MmUUYh8GiaZvUrsxcPa3eO/NJhwSbQ1Hp4IyMZTr7SK6TRTb+DUw
yMLkq4RqD1Ms4yegBspV/qP5n1OD5HQoDxPtS0stQrx37iQXP/5rocqS8RS41Aul
G08zGQrEBaC9281oC3qxbcDvxCBr0WvfpRHjvRrj3oJT
-----END CERTIFICATE-----