Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/RRAGOwc9RWAoiLni-JofU0ScDBc.roa
File:                     RRAGOwc9RWAoiLni-JofU0ScDBc.roa (raw, json)
Hash identifier:          AK79EA+r10Rq36/I+iR7tOord6nVkhYzYzvSIDSMeR4=
Subject key identifier:   45:10:06:3B:07:3D:45:60:28:88:B9:E2:F8:9A:1F:53:44:9C:0C:17
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019D1AE1F9805B9B09B5380C4A32C52D4EC6
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/RRAGOwc9RWAoiLni-JofU0ScDBc.roa
Signing time:             Mon 23 Mar 2026 13:28:30 +0000
ROA not before:           Mon 23 Mar 2026 13:28:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150293
IP address blocks:        110.34.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1a:e1:f9:80:5b:9b:09:b5:38:0c:4a:32:c5:2d:4e:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Mar 23 13:28:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4510063b073d45602888b9e2f89a1f53449c0c17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ae:7c:ee:93:ad:c3:b2:eb:82:c0:7b:58:95:
                    82:a2:2d:a2:a4:d3:78:4a:cd:b1:ba:5f:ba:ff:bf:
                    99:49:dc:8b:b1:97:cc:99:d9:cb:c9:08:12:4b:e8:
                    75:27:8e:a9:3a:1e:a2:b9:33:83:77:ce:73:58:8b:
                    da:eb:ce:42:b5:55:5a:cc:7d:d3:0d:89:07:63:10:
                    c7:55:cc:c8:25:ea:e0:b2:fe:46:59:c6:89:1d:88:
                    01:87:14:83:a5:8c:d4:f0:c7:0c:5e:d5:20:be:da:
                    07:8a:09:ab:ff:61:74:3b:f1:fa:7a:90:67:e8:d0:
                    98:b2:3d:e0:16:7e:2a:ea:47:fb:b9:63:60:5c:1b:
                    3c:d0:85:f8:f5:b7:db:d3:64:ce:a6:ef:06:c4:2a:
                    28:19:6c:cd:c3:a4:ec:a3:4e:35:b4:ec:cd:1f:84:
                    d8:c9:04:05:50:44:28:e6:c5:9c:04:af:f4:44:e1:
                    9f:2f:fd:af:9f:1b:08:67:5f:32:3b:ef:1e:d8:ef:
                    0a:cc:f6:99:b0:5a:af:ad:99:87:1c:29:9c:47:82:
                    b5:dd:14:f0:42:54:bc:39:75:cf:0b:c4:12:b2:b1:
                    f7:2b:2e:23:4a:1b:61:b9:8a:b0:48:c4:f3:cc:3d:
                    e1:0f:fe:a3:f7:87:b6:98:aa:94:8e:9a:53:63:7e:
                    13:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:10:06:3B:07:3D:45:60:28:88:B9:E2:F8:9A:1F:53:44:9C:0C:17
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/RRAGOwc9RWAoiLni-JofU0ScDBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  110.34.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:21:c2:b5:72:c2:41:92:d6:79:43:56:64:bd:a7:eb:7d:93:
         a7:99:6f:46:74:84:61:33:72:57:ef:a4:4c:53:d6:0d:01:48:
         d9:e0:65:56:f2:a7:55:25:21:8a:70:12:30:8d:33:5b:75:a0:
         c6:35:b2:f9:5e:c1:ce:9c:dd:80:53:49:82:33:a2:86:f4:6a:
         c6:5c:1e:7e:8c:35:0d:64:83:7e:c1:b1:f9:2c:c0:2b:d3:85:
         92:49:a1:e5:c3:a0:68:05:e9:3d:0c:45:e4:54:2c:14:03:4b:
         cc:1e:a9:dc:23:20:ef:e7:1b:86:35:39:a7:79:74:32:8d:58:
         7e:28:3d:40:26:31:45:7b:54:00:a8:c6:43:2b:2b:77:76:6e:
         db:ab:46:3f:75:4d:d8:56:d7:e2:51:05:4b:fd:3a:23:05:39:
         69:12:20:da:0c:8f:c2:03:3a:59:c4:48:ba:68:38:a7:38:5b:
         1c:b7:e2:bc:6c:d5:ce:30:02:cf:6e:ce:9d:14:34:be:58:d9:
         03:a3:b5:62:53:8d:a3:f5:e4:bc:1b:31:5e:08:2a:9f:70:ea:
         01:11:27:5b:52:68:24:15:4c:9e:f4:e9:c4:e2:2a:9b:e4:22:
         35:e7:6c:87:19:f0:03:28:fb:fe:61:19:44:7a:5c:5a:8d:e1:
         fe:05:9a:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0a4fmAW5sJtTgMSjLFLU7GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzIzMTMyODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTEwMDYzYjA3M2Q0NTYwMjg4OGI5ZTJmODlhMWY1MzQ0OWMwYzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApq587pOtw7LrgsB7WJWCoi2ipNN4
Ss2xul+6/7+ZSdyLsZfMmdnLyQgSS+h1J46pOh6iuTODd85zWIva685CtVVazH3T
DYkHYxDHVczIJergsv5GWcaJHYgBhxSDpYzU8McMXtUgvtoHigmr/2F0O/H6epBn
6NCYsj3gFn4q6kf7uWNgXBs80IX49bfb02TOpu8GxCooGWzNw6Tso041tOzNH4TY
yQQFUEQo5sWcBK/0ROGfL/2vnxsIZ18yO+8e2O8KzPaZsFqvrZmHHCmcR4K13RTw
QlS8OXXPC8QSsrH3Ky4jShthuYqwSMTzzD3hD/6j94e2mKqUjppTY34TUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEUQBjsHPUVgKIi54viaH1NEnAwXMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvUlJBR093YzlSV0FvaUxuaS1Kb2ZVMFNjREJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbiImMA0G
CSqGSIb3DQEBCwUAA4IBAQCHIcK1csJBktZ5Q1ZkvafrfZOnmW9GdIRhM3JX76RM
U9YNAUjZ4GVW8qdVJSGKcBIwjTNbdaDGNbL5XsHOnN2AU0mCM6KG9GrGXB5+jDUN
ZIN+wbH5LMAr04WSSaHlw6BoBek9DEXkVCwUA0vMHqncIyDv5xuGNTmneXQyjVh+
KD1AJjFFe1QAqMZDKyt3dm7bq0Y/dU3YVtfiUQVL/TojBTlpEiDaDI/CAzpZxEi6
aDinOFsct+K8bNXOMALPbs6dFDS+WNkDo7ViU42j9eS8GzFeCCqfcOoBESdbUmgk
FUye9OnE4iqb5CI152yHGfADKPv+YRlEelxajeH+BZqB
-----END CERTIFICATE-----