Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/855_2ojItiDRnJEKBPlcTBO7jqo.roa
File:                     855_2ojItiDRnJEKBPlcTBO7jqo.roa (raw, json)
Hash identifier:          9qOeDOXXwGLeKVXygLzXAk6AvidLtw1p5TUNllv/gXk=
Subject key identifier:   F3:9E:7F:DA:88:C8:B6:20:D1:9C:91:0A:04:F9:5C:4C:13:BB:8E:AA
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019D0B972E28863CE5387988388EA299D7B5
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/855_2ojItiDRnJEKBPlcTBO7jqo.roa
Signing time:             Fri 20 Mar 2026 14:12:30 +0000
ROA not before:           Fri 20 Mar 2026 14:12:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43647
IP address blocks:        157.22.128.0/20 maxlen: 20
                          157.22.144.0/21 maxlen: 21
                          157.22.208.0/22 maxlen: 22
                          157.22.212.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Mar 2026 03:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0b:97:2e:28:86:3c:e5:38:79:88:38:8e:a2:99:d7:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Mar 20 14:12:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f39e7fda88c8b620d19c910a04f95c4c13bb8eaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:13:a3:e1:57:cb:e3:7e:01:35:22:e7:3c:d1:
                    1f:0b:88:39:b0:58:50:57:b5:4a:e9:77:65:03:22:
                    74:c4:c1:61:d1:d8:9b:ec:e9:2a:af:39:1a:0e:33:
                    d1:e7:cc:00:75:7b:a6:7d:a7:85:78:a3:c2:5f:ed:
                    57:4d:e0:48:06:78:6a:73:f0:53:39:1f:89:7f:ee:
                    69:dc:ae:d6:6f:dc:df:01:fe:90:23:b0:4d:4f:f3:
                    35:bd:4a:76:bb:4b:dc:07:bf:86:57:95:08:5e:45:
                    0a:fd:92:41:ad:97:e9:4c:76:5c:d0:31:94:b4:f2:
                    2b:04:b0:2b:4e:8c:b1:b3:77:27:c3:59:fe:6c:98:
                    fa:22:df:3c:00:90:3b:d4:ec:f1:d1:94:9a:61:35:
                    7a:d9:1b:44:24:3b:84:cc:b7:14:ae:00:7e:c3:a4:
                    c0:81:45:8b:9b:27:d2:10:bf:44:c2:f1:d2:50:b9:
                    06:7f:e4:c7:62:ce:93:5a:7d:ba:01:5b:c9:a2:a4:
                    8b:b4:8e:fe:10:92:2e:47:c3:ed:8a:20:91:10:91:
                    0d:38:76:60:c4:af:fa:3b:ed:72:04:7e:cd:1d:a6:
                    34:e0:91:96:b0:18:b4:0e:56:cb:1f:c3:72:cf:4e:
                    2e:d7:f1:ff:35:2e:a1:51:6c:fc:4f:76:41:ed:50:
                    1d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:9E:7F:DA:88:C8:B6:20:D1:9C:91:0A:04:F9:5C:4C:13:BB:8E:AA
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/855_2ojItiDRnJEKBPlcTBO7jqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.22.128.0-157.22.151.255
                  157.22.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9a:5e:bf:51:d8:6b:e8:23:e8:13:5b:58:cf:f9:c4:4e:da:0f:
         c8:c6:f6:00:a9:27:a3:ce:8c:3b:6f:2b:9f:5a:5b:42:e9:ba:
         45:1a:43:55:dc:f9:b3:90:d4:31:e3:c3:f9:74:36:17:df:91:
         71:7b:da:0d:7d:6e:04:cf:86:f7:fd:e8:f1:23:05:4e:c5:8e:
         46:f8:ee:93:ec:08:11:8f:02:97:9d:b7:ae:e8:5e:cb:67:82:
         b0:59:15:fc:45:24:b7:78:9e:4e:b1:78:f5:7c:19:9b:03:33:
         36:7e:55:f4:4c:83:fa:72:42:f1:e6:48:f5:d0:aa:05:03:fe:
         c4:a7:27:0d:d0:21:6f:01:a7:a5:95:61:ad:0f:7e:ae:3d:2f:
         69:64:51:88:f3:0d:20:d1:14:98:73:fd:94:4e:0e:52:b6:51:
         34:4d:26:a9:5d:a2:98:93:b6:92:eb:04:fe:b6:13:3b:fa:9c:
         b2:fb:97:02:d3:18:7c:45:9f:38:b2:14:52:5a:dc:2c:0b:9a:
         54:2b:6c:57:1b:a8:12:82:75:fb:2e:c9:df:11:b8:45:47:05:
         a6:a5:11:2c:46:ef:ba:9c:81:23:f1:f3:c9:71:e5:d2:ef:06:
         c2:af:9d:cb:ea:45:aa:94:ef:0c:61:2f:39:1e:a4:84:8b:6d:
         42:d0:82:fe
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ0Lly4ohjzlOHmIOI6imde1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMzIwMTQxMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzllN2ZkYTg4YzhiNjIwZDE5YzkxMGEwNGY5NWM0YzEzYmI4ZWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqROj4VfL434BNSLnPNEfC4g5sFhQ
V7VK6XdlAyJ0xMFh0dib7OkqrzkaDjPR58wAdXumfaeFeKPCX+1XTeBIBnhqc/BT
OR+Jf+5p3K7Wb9zfAf6QI7BNT/M1vUp2u0vcB7+GV5UIXkUK/ZJBrZfpTHZc0DGU
tPIrBLArToyxs3cnw1n+bJj6It88AJA71Ozx0ZSaYTV62RtEJDuEzLcUrgB+w6TA
gUWLmyfSEL9EwvHSULkGf+THYs6TWn26AVvJoqSLtI7+EJIuR8PtiiCREJENOHZg
xK/6O+1yBH7NHaY04JGWsBi0DlbLH8Nyz04u1/H/NS6hUWz8T3ZB7VAdBwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFPOef9qIyLYg0ZyRCgT5XEwTu46qMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvODU1XzJvakl0aURSbkpFS0JQbGNUQk83anFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAedFoAD
BAOdFpADBAOdFtAwDQYJKoZIhvcNAQELBQADggEBAJpev1HYa+gj6BNbWM/5xE7a
D8jG9gCpJ6POjDtvK59aW0LpukUaQ1Xc+bOQ1DHjw/l0NhffkXF72g19bgTPhvf9
6PEjBU7Fjkb47pPsCBGPApedt67oXstngrBZFfxFJLd4nk6xePV8GZsDMzZ+VfRM
g/pyQvHmSPXQqgUD/sSnJw3QIW8Bp6WVYa0Pfq49L2lkUYjzDSDRFJhz/ZRODlK2
UTRNJqldopiTtpLrBP62Ezv6nLL7lwLTGHxFnziyFFJa3CwLmlQrbFcbqBKCdfsu
yd8RuEVHBaalESxG77qcgSPx88lx5dLvBsKvncvqRaqU7wxhLzkepISLbULQgv4=
-----END CERTIFICATE-----