Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/ZWndahCkt7spmNjVxjAL4hVmKMU.roa
File:                     ZWndahCkt7spmNjVxjAL4hVmKMU.roa (raw, json)
Hash identifier:          sVYyhg6TFfnrAnLIMnM3NqDW8bMRgYoWQzrNJqbt5BE=
Subject key identifier:   65:69:DD:6A:10:A4:B7:BB:29:98:D8:D5:C6:30:0B:E2:15:66:28:C5
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019D200CC302550E5C6700B8A9252434E009
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/ZWndahCkt7spmNjVxjAL4hVmKMU.roa
Signing time:             Tue 24 Mar 2026 13:33:20 +0000
ROA not before:           Tue 24 Mar 2026 13:33:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402187
IP address blocks:        110.34.32.0/24 maxlen: 24
                          222.167.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:20:0c:c3:02:55:0e:5c:67:00:b8:a9:25:24:34:e0:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Mar 24 13:33:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6569dd6a10a4b7bb2998d8d5c6300be2156628c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ad:ea:2f:52:ce:78:e6:38:fc:bc:07:a6:00:
                    4d:de:57:2d:b1:fd:9b:43:24:5e:ba:36:52:55:63:
                    b0:c4:9b:ea:4c:73:71:6b:1b:14:a8:97:83:f7:98:
                    70:fb:6f:ff:e8:47:58:ff:71:0a:f3:73:b6:e6:98:
                    e1:12:96:ef:4c:15:17:d2:ff:2d:e2:5b:2b:2b:f5:
                    1d:e8:f2:2d:72:5b:b3:dd:9a:26:6e:50:ac:9d:04:
                    9e:17:61:e2:d1:65:d1:5b:56:63:fa:a3:20:f2:5b:
                    05:54:3f:42:a2:16:e3:eb:8d:f8:e0:5e:ef:9b:33:
                    b9:47:d9:f3:95:9e:a4:e1:a3:c1:c5:db:c6:7d:52:
                    9e:30:c0:f5:75:1a:ce:41:c8:69:ca:a8:13:72:76:
                    e1:89:e3:50:2e:dd:7d:4c:93:62:fa:da:68:66:a2:
                    cf:fa:81:fa:14:1b:3b:88:ee:4b:94:c7:00:fe:18:
                    ab:ae:76:a5:3a:fc:f3:f0:57:a7:24:e4:5a:49:f0:
                    eb:9f:f1:02:a9:d1:4b:a9:57:bc:ab:15:55:0d:68:
                    87:e6:a4:aa:76:09:57:d1:65:6e:97:48:b4:34:f3:
                    63:ed:bc:e8:a7:3f:79:d4:8c:c0:2a:ed:56:f5:92:
                    56:d3:78:a3:e3:6c:0e:c2:7d:18:e4:b8:00:00:ec:
                    0e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:69:DD:6A:10:A4:B7:BB:29:98:D8:D5:C6:30:0B:E2:15:66:28:C5
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/ZWndahCkt7spmNjVxjAL4hVmKMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  110.34.32.0/24
                  222.167.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:14:ca:18:94:6f:bd:ec:65:a8:61:90:1e:75:48:f1:fe:4f:
         74:fc:4b:c6:78:89:e2:08:ea:cc:be:87:08:c4:2f:7f:11:47:
         47:26:e2:56:ab:9b:c3:db:90:94:14:9c:7d:a6:4e:42:1c:b7:
         4c:c5:90:69:b8:5f:b2:de:39:d5:48:6d:83:98:5d:7e:d3:35:
         ce:d8:57:ef:83:80:bb:2d:b6:a2:73:1c:53:58:8e:d3:a2:c3:
         63:da:7c:50:d4:fe:64:3f:20:62:b1:2d:74:c0:42:3f:7e:9b:
         dc:76:c8:c5:e6:45:55:e3:0d:95:d7:fc:b0:62:a4:1a:72:6f:
         77:a9:5b:56:ac:e0:a3:36:0a:52:78:24:9f:88:1a:1d:ac:a9:
         74:72:63:d8:09:ee:88:04:db:fd:5c:3d:b3:7a:6e:cf:55:f4:
         36:13:d3:b0:be:32:40:97:ef:74:92:bf:c0:77:b5:ab:cb:61:
         46:c5:15:8b:a2:ba:0f:76:8a:a5:f3:81:47:fe:54:11:7d:cd:
         3b:b1:d0:88:89:f4:ab:01:6d:26:8d:5f:44:cc:73:da:cd:81:
         d6:6e:4b:87:4f:63:a5:f3:24:c3:2b:87:96:8c:a6:29:a0:ff:
         ec:f6:2e:fb:a3:64:8d:76:7d:8b:f9:e2:d5:41:c4:bc:a8:4d:
         1e:42:7d:83
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0gDMMCVQ5cZwC4qSUkNOAJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzI0MTMzMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTY5ZGQ2YTEwYTRiN2JiMjk5OGQ4ZDVjNjMwMGJlMjE1NjYyOGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxK3qL1LOeOY4/LwHpgBN3lctsf2b
QyReujZSVWOwxJvqTHNxaxsUqJeD95hw+2//6EdY/3EK83O25pjhEpbvTBUX0v8t
4lsrK/Ud6PItcluz3ZomblCsnQSeF2Hi0WXRW1Zj+qMg8lsFVD9Cohbj64344F7v
mzO5R9nzlZ6k4aPBxdvGfVKeMMD1dRrOQchpyqgTcnbhieNQLt19TJNi+tpoZqLP
+oH6FBs7iO5LlMcA/hirrnalOvzz8FenJORaSfDrn/ECqdFLqVe8qxVVDWiH5qSq
dglX0WVul0i0NPNj7bzopz951IzAKu1W9ZJW03ij42wOwn0Y5LgAAOwOAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGVp3WoQpLe7KZjY1cYwC+IVZijFMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvWlduZGFoQ2t0N3NwbU5qVnhqQUw0aFZtS01VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbiIgAwQA
3qfqMA0GCSqGSIb3DQEBCwUAA4IBAQBzFMoYlG+97GWoYZAedUjx/k90/EvGeIni
COrMvocIxC9/EUdHJuJWq5vD25CUFJx9pk5CHLdMxZBpuF+y3jnVSG2DmF1+0zXO
2Ffvg4C7LbaicxxTWI7TosNj2nxQ1P5kPyBisS10wEI/fpvcdsjF5kVV4w2V1/yw
YqQacm93qVtWrOCjNgpSeCSfiBodrKl0cmPYCe6IBNv9XD2zem7PVfQ2E9OwvjJA
l+90kr/Ad7Wry2FGxRWLoroPdoql84FH/lQRfc07sdCIifSrAW0mjV9EzHPazYHW
bkuHT2Ol8yTDK4eWjKYpoP/s9i77o2SNdn2L+eLVQcS8qE0eQn2D
-----END CERTIFICATE-----