Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/LoiMl_qS7iVKRyjZCH3SBcFCnS4.roa
File:                     LoiMl_qS7iVKRyjZCH3SBcFCnS4.roa (raw, json)
Hash identifier:          4JNcQbZgqgnkrPGczsyRmdqqsQQQWK3nkMf9ofiGiWc=
Subject key identifier:   2E:88:8C:97:FA:92:EE:25:4A:47:28:D9:08:7D:D2:05:C1:42:9D:2E
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019DC301C8402561EA1A6338083FFEF14032
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/LoiMl_qS7iVKRyjZCH3SBcFCnS4.roa
Signing time:             Sat 25 Apr 2026 04:59:27 +0000
ROA not before:           Sat 25 Apr 2026 04:59:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201136
IP address blocks:        222.167.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c3:01:c8:40:25:61:ea:1a:63:38:08:3f:fe:f1:40:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Apr 25 04:59:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2e888c97fa92ee254a4728d9087dd205c1429d2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:65:0b:17:8b:26:7a:cf:43:c4:c8:a5:70:5d:
                    6c:25:82:c4:cf:6b:03:e8:ea:43:5f:9e:bc:0c:6f:
                    3b:a4:af:f6:b3:c5:96:a7:5f:d4:5c:44:b7:29:4b:
                    82:8f:8d:1c:f0:3c:99:3e:45:13:26:e8:22:3e:f0:
                    63:9a:c5:61:61:25:89:16:7b:ac:be:2e:8e:f4:e5:
                    50:1b:99:3f:9a:23:95:5f:04:4d:c7:d9:c9:06:86:
                    28:a1:ed:4a:d7:85:c5:0d:c0:bd:92:93:2a:60:74:
                    58:fd:3c:3d:5b:c2:70:f4:27:a1:18:21:c2:8b:55:
                    98:74:80:5d:9a:43:42:df:50:73:25:b3:a6:05:8f:
                    00:b7:d1:6c:d2:01:17:54:ff:c1:0f:7f:4b:b2:05:
                    3f:18:51:26:d0:ae:6a:b1:a1:4a:52:53:4b:9f:bd:
                    ff:0e:dc:ef:e2:9f:61:57:a7:f6:67:3f:bf:66:18:
                    23:33:1f:d0:ae:da:81:de:64:29:38:96:80:b3:ac:
                    06:7a:7a:e6:20:92:17:8e:bf:58:83:ba:8f:b7:d6:
                    32:af:bd:ff:32:e2:88:df:e4:71:28:0d:bf:47:59:
                    32:7a:0b:88:8b:91:b0:f0:d9:3e:f5:67:e8:94:8d:
                    d6:6c:59:61:a8:15:70:d9:c8:49:28:9d:a6:d9:d0:
                    db:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:88:8C:97:FA:92:EE:25:4A:47:28:D9:08:7D:D2:05:C1:42:9D:2E
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/LoiMl_qS7iVKRyjZCH3SBcFCnS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:c9:73:d5:7f:e6:18:f7:af:bb:e2:cd:c2:05:66:33:95:5d:
         d3:83:03:78:38:d6:f5:f6:70:20:0b:f5:41:1e:ec:a5:90:da:
         32:de:3b:0c:de:1f:51:d1:b2:4e:3a:3c:ac:a2:2a:6c:2e:0b:
         b5:3e:d6:33:ff:1a:27:8e:f7:96:a2:6e:57:c4:7b:7f:0f:bd:
         3a:40:af:ce:7e:ae:11:a8:fb:e6:b0:22:6b:56:dc:c0:32:ba:
         0c:cb:99:93:3c:52:71:fa:43:28:fa:96:d1:03:e3:cc:15:d7:
         17:a9:0b:8d:c8:84:48:87:c0:4b:d3:7f:fd:f2:97:d2:41:9f:
         8d:80:8a:4b:d8:5c:48:b9:7b:18:dc:29:62:72:fc:d6:a2:c6:
         3d:85:73:82:39:7a:55:fd:6d:df:a1:64:22:ee:9b:d6:aa:ab:
         cc:69:05:70:f1:10:1e:61:84:8a:ff:34:f1:26:e9:4b:8e:b3:
         24:99:e6:41:f4:f5:04:1b:e0:68:57:c8:8f:7f:23:22:7e:12:
         14:61:33:c9:9b:0b:1a:6c:ef:9b:73:6d:5e:b0:51:e6:18:5a:
         e7:78:e4:ef:17:67:24:ae:1c:38:c3:94:9d:81:93:32:2b:b1:
         2a:08:c1:2c:32:4e:ff:6f:54:e8:4f:6f:15:cb:00:07:ce:cf:
         a7:23:a3:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3DAchAJWHqGmM4CD/+8UAyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNDI1MDQ1OTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTg4OGM5N2ZhOTJlZTI1NGE0NzI4ZDkwODdkZDIwNWMxNDI5ZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4GULF4smes9DxMilcF1sJYLEz2sD
6OpDX568DG87pK/2s8WWp1/UXES3KUuCj40c8DyZPkUTJugiPvBjmsVhYSWJFnus
vi6O9OVQG5k/miOVXwRNx9nJBoYooe1K14XFDcC9kpMqYHRY/Tw9W8Jw9CehGCHC
i1WYdIBdmkNC31BzJbOmBY8At9Fs0gEXVP/BD39LsgU/GFEm0K5qsaFKUlNLn73/
Dtzv4p9hV6f2Zz+/ZhgjMx/QrtqB3mQpOJaAs6wGenrmIJIXjr9Yg7qPt9Yyr73/
MuKI3+RxKA2/R1kyeguIi5Gw8Nk+9WfolI3WbFlhqBVw2chJKJ2m2dDbGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6IjJf6ku4lSkco2Qh90gXBQp0uMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvTG9pTWxfcVM3aVZLUnlqWkNIM1NCY0ZDblM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3qfRMA0G
CSqGSIb3DQEBCwUAA4IBAQBdyXPVf+YY96+74s3CBWYzlV3TgwN4ONb19nAgC/VB
HuylkNoy3jsM3h9R0bJOOjysoipsLgu1PtYz/xonjveWom5XxHt/D706QK/Ofq4R
qPvmsCJrVtzAMroMy5mTPFJx+kMo+pbRA+PMFdcXqQuNyIRIh8BL03/98pfSQZ+N
gIpL2FxIuXsY3ClicvzWosY9hXOCOXpV/W3foWQi7pvWqqvMaQVw8RAeYYSK/zTx
JulLjrMkmeZB9PUEG+BoV8iPfyMifhIUYTPJmwsabO+bc21esFHmGFrneOTvF2ck
rhw4w5SdgZMyK7EqCMEsMk7/b1ToT28VywAHzs+nI6Nx
-----END CERTIFICATE-----