Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/P2RoCuT_CKHsxkdgkwYZlRdgYRE.roa
File:                     P2RoCuT_CKHsxkdgkwYZlRdgYRE.roa (raw, json)
Hash identifier:          Zyo9+Oi+WWWLYdvSAeJASIYxwOZiSeJJKu/Q/v9i2Qg=
Subject key identifier:   3F:64:68:0A:E4:FF:08:A1:EC:C6:47:60:93:06:19:95:17:60:61:11
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019D15DD7C64DB5ED8DC6B4BB5F3C6FA00F0
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/P2RoCuT_CKHsxkdgkwYZlRdgYRE.roa
Signing time:             Sun 22 Mar 2026 14:05:29 +0000
ROA not before:           Sun 22 Mar 2026 14:05:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209876
IP address blocks:        150.107.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:15:dd:7c:64:db:5e:d8:dc:6b:4b:b5:f3:c6:fa:00:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Mar 22 14:05:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f64680ae4ff08a1ecc647609306199517606111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ee:ff:40:b4:81:6b:e6:a8:06:df:09:0f:5a:
                    fa:ec:62:06:68:d6:e6:db:ce:45:7c:94:5b:fa:5c:
                    48:b2:62:9b:d8:17:b3:f7:d6:da:2c:cb:f0:61:3b:
                    ca:28:aa:4f:27:2a:77:ff:86:ba:6f:ed:7d:f2:bf:
                    d3:a7:f7:50:cc:f3:12:f9:bb:7c:1e:e4:06:5d:a3:
                    c0:af:97:9f:05:1b:94:67:4d:e0:bc:3c:2a:9f:06:
                    47:07:bc:cf:36:0b:40:25:4c:d6:aa:de:1c:98:ca:
                    61:a4:fd:10:7d:34:84:70:79:15:75:72:16:78:97:
                    8c:bb:ef:fd:ed:b3:a9:9d:be:15:8c:06:3a:6c:35:
                    d0:26:95:61:d8:09:7d:25:ce:c3:89:c2:70:de:6f:
                    3e:0e:14:43:bf:63:1d:23:27:9e:f4:1c:67:9e:6f:
                    8c:d4:f9:c0:45:a5:37:26:47:02:ee:8b:c6:b9:8f:
                    0b:35:85:1d:43:94:0c:dd:7b:a7:80:79:ea:33:dc:
                    3a:02:23:71:a7:c7:ef:1b:f4:60:ff:f5:f9:45:eb:
                    99:a1:c8:7d:b8:47:81:45:c8:5f:05:ee:5b:d6:9f:
                    94:f8:86:a9:af:d6:9d:6c:74:ca:67:a8:22:65:d2:
                    b9:fe:ea:72:4d:84:d8:9c:7e:28:71:33:9d:83:ff:
                    f0:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:64:68:0A:E4:FF:08:A1:EC:C6:47:60:93:06:19:95:17:60:61:11
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/P2RoCuT_CKHsxkdgkwYZlRdgYRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.107.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:ca:75:39:02:b4:e0:87:29:80:55:9b:62:7a:e4:5a:05:d2:
         7b:37:bf:33:d1:83:d7:b9:58:d1:62:2b:87:ca:0d:48:45:6f:
         9d:66:40:57:44:1d:5f:84:34:44:3a:ba:13:30:41:d4:21:65:
         06:77:a4:2f:e9:ce:4b:0d:1e:d5:94:e4:c8:c5:77:67:95:0d:
         18:2c:b0:09:97:d2:78:96:dc:96:54:ca:e8:31:a6:6c:3f:3d:
         c0:5a:e1:5c:13:38:2d:9e:88:c7:9d:35:3a:38:ee:da:f3:31:
         e2:6d:46:b4:16:25:96:0d:7d:53:9f:25:e6:38:8b:db:a1:1d:
         62:35:cf:cd:e2:e1:93:ae:48:2e:75:b6:f6:49:be:6f:ba:f7:
         b1:24:1e:6e:89:16:a0:33:34:03:2d:22:8d:d3:e0:e0:28:97:
         6e:70:35:94:c5:04:b7:92:e9:30:6c:15:12:31:bf:47:4f:06:
         7c:6c:50:7c:20:c0:02:b6:e9:99:2a:f5:3e:16:0f:51:83:3f:
         26:1e:a9:f6:1c:c3:a9:4e:f6:fd:18:9c:4b:81:50:84:c5:24:
         1c:1b:4a:9d:ae:24:3f:49:0a:02:85:29:ed:b1:32:04:d5:b4:
         25:cc:bf:53:fd:5c:fe:e1:a3:be:1b:81:f6:d9:3f:dd:41:27:
         16:da:84:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0V3Xxk217Y3GtLtfPG+gDwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzIyMTQwNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjY0NjgwYWU0ZmYwOGExZWNjNjQ3NjA5MzA2MTk5NTE3NjA2MTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvu7/QLSBa+aoBt8JD1r67GIGaNbm
285FfJRb+lxIsmKb2Bez99baLMvwYTvKKKpPJyp3/4a6b+198r/Tp/dQzPMS+bt8
HuQGXaPAr5efBRuUZ03gvDwqnwZHB7zPNgtAJUzWqt4cmMphpP0QfTSEcHkVdXIW
eJeMu+/97bOpnb4VjAY6bDXQJpVh2Al9Jc7DicJw3m8+DhRDv2MdIyee9Bxnnm+M
1PnARaU3JkcC7ovGuY8LNYUdQ5QM3XungHnqM9w6AiNxp8fvG/Rg//X5ReuZoch9
uEeBRchfBe5b1p+U+Iapr9adbHTKZ6giZdK5/upyTYTYnH4ocTOdg//wDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9kaArk/wih7MZHYJMGGZUXYGERMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvUDJSb0N1VF9DS0hzeGtkZ2t3WVpsUmRnWVJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlmsxMA0G
CSqGSIb3DQEBCwUAA4IBAQAjynU5ArTghymAVZtieuRaBdJ7N78z0YPXuVjRYiuH
yg1IRW+dZkBXRB1fhDREOroTMEHUIWUGd6Qv6c5LDR7VlOTIxXdnlQ0YLLAJl9J4
ltyWVMroMaZsPz3AWuFcEzgtnojHnTU6OO7a8zHibUa0FiWWDX1TnyXmOIvboR1i
Nc/N4uGTrkgudbb2Sb5vuvexJB5uiRagMzQDLSKN0+DgKJducDWUxQS3kukwbBUS
Mb9HTwZ8bFB8IMACtumZKvU+Fg9Rgz8mHqn2HMOpTvb9GJxLgVCExSQcG0qdriQ/
SQoChSntsTIE1bQlzL9T/Vz+4aO+G4H22T/dQScW2oRP
-----END CERTIFICATE-----