Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/jP1mAp4ivRGdpfjPi5MQ81juzEk.roa
File:                     jP1mAp4ivRGdpfjPi5MQ81juzEk.roa (raw, json)
Hash identifier:          VShq/3g83Myfw9J0UvpZlr1QsWeOGAnKszts0QlXCUI=
Subject key identifier:   8C:FD:66:02:9E:22:BD:11:9D:A5:F8:CF:8B:93:10:F3:58:EE:CC:49
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019D1332805049285FACF80C0FB64AB4F4D0
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/jP1mAp4ivRGdpfjPi5MQ81juzEk.roa
Signing time:             Sun 22 Mar 2026 01:39:29 +0000
ROA not before:           Sun 22 Mar 2026 01:39:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205502
IP address blocks:        222.167.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:02:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:13:32:80:50:49:28:5f:ac:f8:0c:0f:b6:4a:b4:f4:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Mar 22 01:39:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8cfd66029e22bd119da5f8cf8b9310f358eecc49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:36:38:d8:30:22:70:ed:13:ba:1f:55:46:ee:
                    0a:59:3f:fa:8d:b2:32:25:35:aa:68:4b:a3:68:56:
                    93:55:e8:c1:52:9d:52:48:ca:f6:bb:25:4f:20:01:
                    f6:f8:02:2d:dd:ed:b3:0f:20:2d:6d:80:d3:3c:68:
                    0c:a5:08:21:f1:0c:0e:53:11:25:23:4b:cc:11:62:
                    42:5d:4e:1e:e6:18:58:cf:79:a7:39:86:cd:8d:e8:
                    8b:37:64:3a:5b:51:c6:d0:b6:42:48:66:32:7d:78:
                    89:fb:c5:fe:55:4f:33:f9:41:c5:1a:53:c3:6e:e4:
                    ef:1d:ed:e3:9e:be:9d:a9:6e:e2:17:5b:3c:9e:8b:
                    70:fc:46:71:e4:fc:88:b2:9a:68:60:c5:7c:b1:a7:
                    26:32:c2:84:dd:30:29:53:9f:06:32:d8:2f:a6:2a:
                    ce:38:18:52:50:e4:fb:83:0c:6b:c0:63:64:e6:3b:
                    a1:58:c5:69:1d:9f:20:d6:b1:14:13:e6:ba:28:db:
                    31:18:bf:e6:d7:a7:db:f4:4a:9e:2c:3d:44:60:f1:
                    fa:be:f3:67:9f:08:0d:4b:cd:d3:25:d3:18:55:ef:
                    9d:71:e7:25:e1:30:83:48:10:a2:ce:f2:65:77:8c:
                    2a:bc:8b:f3:13:30:ea:fc:a6:c0:95:b7:24:a9:c7:
                    26:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:FD:66:02:9E:22:BD:11:9D:A5:F8:CF:8B:93:10:F3:58:EE:CC:49
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/jP1mAp4ivRGdpfjPi5MQ81juzEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:b0:41:25:88:ab:e6:44:19:f9:00:1b:5c:a1:2b:5a:e8:78:
         72:90:26:3a:d5:ee:95:fd:80:74:1c:58:71:83:83:1e:ba:3b:
         ac:c8:5c:f0:4b:3c:b7:d7:5e:20:43:c8:ea:c3:6a:fb:e2:ad:
         72:f5:73:ef:23:da:0e:eb:7f:e2:96:bb:db:c0:fb:bf:d3:af:
         81:4a:e4:2e:e1:60:3e:b7:76:c0:73:87:81:16:d3:40:25:79:
         cb:be:57:6a:58:1f:54:2e:fd:92:67:f7:8a:3c:7f:ce:ee:2c:
         30:f9:c0:79:b9:f4:14:49:fd:57:a2:0a:fc:6c:94:bb:3c:94:
         00:74:6b:7c:71:12:7b:07:f5:ce:62:56:bd:b8:bc:e5:af:c2:
         67:14:5f:57:cb:29:6b:5c:ce:f6:be:58:43:c5:f7:e4:f6:ad:
         d9:bc:30:43:71:32:71:22:9e:b9:6a:99:d4:4f:2c:fd:cf:36:
         43:aa:9c:11:ee:84:8d:e3:1a:53:12:dc:27:16:c6:07:d3:b4:
         03:0f:47:99:e2:23:a3:cf:00:eb:8e:58:54:86:47:d5:94:5f:
         84:66:1e:0d:1d:d0:cd:f3:39:cc:d7:49:54:70:de:61:01:26:
         61:f2:95:07:ca:82:e9:e2:64:bb:87:49:60:c7:e2:8b:de:ba:
         9d:3d:ea:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0TMoBQSShfrPgMD7ZKtPTQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzIyMDEzOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2ZkNjYwMjllMjJiZDExOWRhNWY4Y2Y4YjkzMTBmMzU4ZWVjYzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojY42DAicO0Tuh9VRu4KWT/6jbIy
JTWqaEujaFaTVejBUp1SSMr2uyVPIAH2+AIt3e2zDyAtbYDTPGgMpQgh8QwOUxEl
I0vMEWJCXU4e5hhYz3mnOYbNjeiLN2Q6W1HG0LZCSGYyfXiJ+8X+VU8z+UHFGlPD
buTvHe3jnr6dqW7iF1s8notw/EZx5PyIsppoYMV8sacmMsKE3TApU58GMtgvpirO
OBhSUOT7gwxrwGNk5juhWMVpHZ8g1rEUE+a6KNsxGL/m16fb9EqeLD1EYPH6vvNn
nwgNS83TJdMYVe+dcecl4TCDSBCizvJld4wqvIvzEzDq/KbAlbckqccmnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIz9ZgKeIr0RnaX4z4uTEPNY7sxJMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvalAxbUFwNGl2UkdkcGZqUGk1TVE4MWp1ekVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3qffMA0G
CSqGSIb3DQEBCwUAA4IBAQACsEEliKvmRBn5ABtcoSta6HhykCY61e6V/YB0HFhx
g4MeujusyFzwSzy3114gQ8jqw2r74q1y9XPvI9oO63/ilrvbwPu/06+BSuQu4WA+
t3bAc4eBFtNAJXnLvldqWB9ULv2SZ/eKPH/O7iww+cB5ufQUSf1Xogr8bJS7PJQA
dGt8cRJ7B/XOYla9uLzlr8JnFF9XyylrXM72vlhDxffk9q3ZvDBDcTJxIp65apnU
Tyz9zzZDqpwR7oSN4xpTEtwnFsYH07QDD0eZ4iOjzwDrjlhUhkfVlF+EZh4NHdDN
8znM10lUcN5hASZh8pUHyoLp4mS7h0lgx+KL3rqdPera
-----END CERTIFICATE-----