Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/_xNSARvUCywbU3bILGuS8xNlaRw.roa
File:                     _xNSARvUCywbU3bILGuS8xNlaRw.roa (raw, json)
Hash identifier:          FTa5QK/bwivrBjmw9Z2kUXL8Dfh3X1WGJq+weX8BtEk=
Subject key identifier:   FF:13:52:01:1B:D4:0B:2C:1B:53:76:C8:2C:6B:92:F3:13:65:69:1C
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019D097759059CC5B7C7AE44F4C9643E19F6
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/_xNSARvUCywbU3bILGuS8xNlaRw.roa
Signing time:             Fri 20 Mar 2026 04:18:29 +0000
ROA not before:           Fri 20 Mar 2026 04:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        222.167.226.0/24 maxlen: 24
                          222.167.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 03:44:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:09:77:59:05:9c:c5:b7:c7:ae:44:f4:c9:64:3e:19:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Mar 20 04:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ff1352011bd40b2c1b5376c82c6b92f31365691c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:11:ea:66:ab:a8:a3:fa:c7:6d:36:1e:b1:78:
                    9a:80:c2:52:44:28:93:86:10:b5:db:13:dd:bd:e3:
                    c0:66:e3:e8:d0:3e:22:40:eb:38:cd:52:a7:c4:27:
                    2b:5a:c3:14:40:29:ba:01:25:47:d0:12:20:8f:4e:
                    2a:56:ca:4e:9d:2a:3e:83:3e:bc:94:8a:5e:78:0a:
                    45:23:54:e8:54:f8:26:51:79:43:89:5d:ab:ae:77:
                    6d:1d:5f:73:1e:9e:2c:44:04:a9:4d:1c:36:76:a4:
                    e3:55:eb:7e:35:ab:0f:5e:b0:a5:9c:a6:6f:b8:1b:
                    80:21:65:e7:67:90:37:2c:fb:73:fa:56:50:a5:0a:
                    dd:5f:78:ab:21:9c:4a:70:f8:f9:e2:9e:19:4f:e4:
                    f2:ab:fa:12:51:86:28:71:8d:a7:01:de:c9:4c:b3:
                    2e:09:5b:8e:52:a8:7d:0c:aa:59:50:e5:77:7a:46:
                    c7:fa:8f:02:65:df:c7:7f:fe:9c:58:6b:e1:01:40:
                    62:cb:2f:6e:e1:9a:b9:78:4c:dc:4e:d3:a1:2e:59:
                    f0:a4:0c:e6:f9:e8:6f:d7:22:59:2b:f1:f6:c3:d5:
                    aa:93:9c:00:3e:12:d4:20:50:43:9a:10:c2:b6:e0:
                    f8:2a:3c:48:63:88:17:d2:eb:5b:6a:05:fb:8d:bf:
                    c2:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:13:52:01:1B:D4:0B:2C:1B:53:76:C8:2C:6B:92:F3:13:65:69:1C
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/_xNSARvUCywbU3bILGuS8xNlaRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.226.0/24
                  222.167.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:f5:80:ce:3b:66:9a:1e:0b:8b:9e:e3:bd:91:36:37:8e:44:
         43:af:83:87:b0:8b:19:37:21:9e:7b:27:78:5a:b4:93:3a:5a:
         05:8e:97:46:ab:28:75:f1:cc:7f:e3:b1:64:ec:98:97:bc:ed:
         cd:ee:65:5c:8b:75:f5:dd:20:be:39:45:9f:11:1f:e4:df:54:
         4f:ad:b8:c3:c5:a9:d1:56:0a:ab:1b:25:6c:6e:c7:33:a5:57:
         33:b3:2d:56:84:de:7d:78:52:15:2e:62:94:53:c0:28:95:f0:
         3d:b9:f7:06:40:39:09:4d:96:7e:f5:df:f1:f3:6c:99:2d:88:
         ca:43:fd:f4:df:04:8e:cd:53:44:4a:33:9e:45:49:88:2b:85:
         56:e8:c1:c3:f1:52:b7:69:44:73:89:1b:cc:e0:10:29:81:62:
         97:d3:e5:d4:02:4f:b6:08:1a:5a:b5:b6:2f:69:5e:03:6c:16:
         8c:0a:53:c0:ea:30:5a:b8:b6:5a:14:22:d8:7a:d2:6b:08:5f:
         5d:31:35:1f:5c:92:e4:72:07:50:67:c9:76:db:2d:c6:c4:d2:
         48:95:00:fd:ed:39:cf:73:c1:9d:de:59:4f:a1:fa:eb:50:0b:
         bd:8f:6e:61:c9:ba:89:15:a1:16:54:55:8d:69:5e:bb:4d:32:
         eb:65:fa:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0Jd1kFnMW3x65E9MlkPhn2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzIwMDQxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjEzNTIwMTFiZDQwYjJjMWI1Mzc2YzgyYzZiOTJmMzEzNjU2OTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhHqZquoo/rHbTYesXiagMJSRCiT
hhC12xPdvePAZuPo0D4iQOs4zVKnxCcrWsMUQCm6ASVH0BIgj04qVspOnSo+gz68
lIpeeApFI1ToVPgmUXlDiV2rrndtHV9zHp4sRASpTRw2dqTjVet+NasPXrClnKZv
uBuAIWXnZ5A3LPtz+lZQpQrdX3irIZxKcPj54p4ZT+Tyq/oSUYYocY2nAd7JTLMu
CVuOUqh9DKpZUOV3ekbH+o8CZd/Hf/6cWGvhAUBiyy9u4Zq5eEzcTtOhLlnwpAzm
+ehv1yJZK/H2w9Wqk5wAPhLUIFBDmhDCtuD4KjxIY4gX0utbagX7jb/CjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP8TUgEb1AssG1N2yCxrkvMTZWkcMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvX3hOU0FSdlVDeXdiVTNiSUxHdVM4eE5sYVJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA3qfiAwQA
3qfoMA0GCSqGSIb3DQEBCwUAA4IBAQB/9YDOO2aaHguLnuO9kTY3jkRDr4OHsIsZ
NyGeeyd4WrSTOloFjpdGqyh18cx/47Fk7JiXvO3N7mVci3X13SC+OUWfER/k31RP
rbjDxanRVgqrGyVsbsczpVczsy1WhN59eFIVLmKUU8AolfA9ufcGQDkJTZZ+9d/x
82yZLYjKQ/303wSOzVNESjOeRUmIK4VW6MHD8VK3aURziRvM4BApgWKX0+XUAk+2
CBpatbYvaV4DbBaMClPA6jBauLZaFCLYetJrCF9dMTUfXJLkcgdQZ8l22y3GxNJI
lQD97TnPc8Gd3llPofrrUAu9j25hybqJFaEWVFWNaV67TTLrZfqM
-----END CERTIFICATE-----