Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/UFa1I_DpLPWBMoWazaZ7Aj-lYXQ.roa
File:                     UFa1I_DpLPWBMoWazaZ7Aj-lYXQ.roa (raw, json)
Hash identifier:          ULBGZeOcX0S1EMs6EyOzCOPNkJQzb1PyAovQmVzz8AY=
Subject key identifier:   50:56:B5:23:F0:E9:2C:F5:81:32:85:9A:CD:A6:7B:02:3F:A5:61:74
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019D254E61E71DFE4700E9728D04BEA04049
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/UFa1I_DpLPWBMoWazaZ7Aj-lYXQ.roa
Signing time:             Wed 25 Mar 2026 14:03:06 +0000
ROA not before:           Wed 25 Mar 2026 14:03:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     53755
IP address blocks:        222.167.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:25:4e:61:e7:1d:fe:47:00:e9:72:8d:04:be:a0:40:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Mar 25 14:03:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5056b523f0e92cf58132859acda67b023fa56174
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:99:ad:6e:f9:47:af:3c:97:d8:1c:24:97:33:
                    56:e0:8a:c5:05:11:5e:81:0a:20:bc:f8:c3:33:3d:
                    ab:3a:b2:3f:df:85:db:7a:7a:39:2e:cd:42:42:22:
                    50:84:2a:26:0b:9c:58:0d:b2:b8:6c:87:08:ae:0e:
                    26:ac:c5:b7:ad:8d:88:96:72:64:1b:2f:28:a5:08:
                    c6:d5:cd:95:c9:3f:c4:50:81:79:fa:22:12:b1:e4:
                    d9:50:b8:53:99:96:91:12:2d:2c:a6:29:b6:48:2d:
                    29:ce:6e:99:af:5c:16:f5:9b:94:3d:fb:83:4c:9f:
                    01:83:75:c0:fd:d6:ae:43:ac:ec:11:0e:f1:06:97:
                    dc:2b:44:b6:dc:0c:84:29:e9:4d:52:80:c5:72:48:
                    a5:10:d2:46:04:04:c4:15:f9:dd:a4:af:87:9c:13:
                    ca:96:70:b8:26:aa:50:76:81:a5:14:cc:ec:74:6a:
                    96:76:7c:31:ae:de:1b:51:76:eb:ca:04:67:ae:21:
                    81:1f:bb:a1:e7:79:84:ad:a8:e6:7a:b0:b1:af:68:
                    53:71:9a:d1:e2:59:3c:2a:0c:d9:f7:a2:8d:3d:31:
                    dc:81:76:71:ed:0b:a9:da:a0:49:46:a9:91:8a:ab:
                    bd:03:41:e1:05:f4:f2:d5:e6:02:b5:87:8a:29:fe:
                    28:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:56:B5:23:F0:E9:2C:F5:81:32:85:9A:CD:A6:7B:02:3F:A5:61:74
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/UFa1I_DpLPWBMoWazaZ7Aj-lYXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:cf:9b:ed:a1:0d:86:a6:19:1e:20:4c:1b:32:53:1b:28:a4:
         03:91:89:d1:79:96:92:5d:19:63:82:54:8a:7a:65:65:72:2b:
         ea:87:d1:68:3a:25:0d:ea:56:c0:14:a7:cf:a6:e1:97:94:b5:
         91:d9:e1:f7:08:e5:8f:d1:2e:37:76:12:20:30:50:e4:fb:05:
         01:22:d1:7b:16:dd:7d:3a:4f:40:f6:fa:6f:bf:a3:78:02:40:
         dc:dc:1c:23:5b:89:e3:ee:15:f3:a5:9b:15:0a:c2:77:3d:5e:
         be:6c:95:b1:88:ec:1d:9e:d4:59:b4:a2:60:ea:56:c0:2b:36:
         6e:9b:3d:0d:c6:29:c3:63:e6:e0:4d:51:ad:7d:0d:c0:43:45:
         1a:50:bb:ad:d6:a8:b1:e3:65:a0:db:3f:4f:77:91:8a:93:dc:
         35:7d:7e:76:56:4c:27:f4:af:50:c9:d1:00:f7:49:49:c2:fa:
         72:13:89:8f:b2:90:e6:26:b9:a4:0d:28:43:a9:b6:24:e1:40:
         3d:1e:53:c1:d2:a2:52:25:66:cb:7e:13:d8:35:49:df:00:81:
         c6:8d:c9:e8:0b:b2:c9:b2:a7:bc:d5:eb:1c:0e:81:2e:cc:a1:
         24:52:8e:df:42:9a:e8:98:6a:70:dd:ef:3f:e1:75:7b:2f:16:
         23:84:88:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0lTmHnHf5HAOlyjQS+oEBJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzI1MTQwMzA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDU2YjUyM2YwZTkyY2Y1ODEzMjg1OWFjZGE2N2IwMjNmYTU2MTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJmtbvlHrzyX2BwklzNW4IrFBRFe
gQogvPjDMz2rOrI/34Xbeno5Ls1CQiJQhComC5xYDbK4bIcIrg4mrMW3rY2IlnJk
Gy8opQjG1c2VyT/EUIF5+iISseTZULhTmZaREi0spim2SC0pzm6Zr1wW9ZuUPfuD
TJ8Bg3XA/dauQ6zsEQ7xBpfcK0S23AyEKelNUoDFckilENJGBATEFfndpK+HnBPK
lnC4JqpQdoGlFMzsdGqWdnwxrt4bUXbrygRnriGBH7uh53mErajmerCxr2hTcZrR
4lk8KgzZ96KNPTHcgXZx7Qup2qBJRqmRiqu9A0HhBfTy1eYCtYeKKf4oswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFBWtSPw6Sz1gTKFms2mewI/pWF0MB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvVUZhMUlfRHBMUFdCTW9XYXphWjdBai1sWVhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3qfDMA0G
CSqGSIb3DQEBCwUAA4IBAQAHz5vtoQ2GphkeIEwbMlMbKKQDkYnReZaSXRljglSK
emVlcivqh9FoOiUN6lbAFKfPpuGXlLWR2eH3COWP0S43dhIgMFDk+wUBItF7Ft19
Ok9A9vpvv6N4AkDc3BwjW4nj7hXzpZsVCsJ3PV6+bJWxiOwdntRZtKJg6lbAKzZu
mz0NxinDY+bgTVGtfQ3AQ0UaULut1qix42Wg2z9Pd5GKk9w1fX52Vkwn9K9QydEA
90lJwvpyE4mPspDmJrmkDShDqbYk4UA9HlPB0qJSJWbLfhPYNUnfAIHGjcnoC7LJ
sqe81escDoEuzKEkUo7fQpromGpw3e8/4XV7LxYjhIie
-----END CERTIFICATE-----