Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d70f78-082e-4ec2-8100-7cdcb50ed0e4/1/n-XtjIoUw7WLI1bK7hN10AAmms8.roa
File:                     n-XtjIoUw7WLI1bK7hN10AAmms8.roa (raw, json)
Hash identifier:          F4z08WGa9P7GE9/YhdJ4zMRMQN8PmIYLdikLkbYH10A=
Subject key identifier:   9F:E5:ED:8C:8A:14:C3:B5:8B:23:56:CA:EE:13:75:D0:00:26:9A:CF
Certificate issuer:       /CN=21b9f2a826acf767a50e59b29ec1ff092cfd3c1c
Certificate serial:       019A58DE5725E51E791F3CFA533704A62F53
Authority key identifier: 21:B9:F2:A8:26:AC:F7:67:A5:0E:59:B2:9E:C1:FF:09:2C:FD:3C:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbnyqCas92elDlmynsH_CSz9PBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/d70f78-082e-4ec2-8100-7cdcb50ed0e4/1/n-XtjIoUw7WLI1bK7hN10AAmms8.roa
Signing time:             Thu 06 Nov 2025 11:12:37 +0000
ROA not before:           Thu 06 Nov 2025 11:12:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206215
IP address blocks:        167.150.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/d70f78-082e-4ec2-8100-7cdcb50ed0e4/1/IbnyqCas92elDlmynsH_CSz9PBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/d70f78-082e-4ec2-8100-7cdcb50ed0e4/1/IbnyqCas92elDlmynsH_CSz9PBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbnyqCas92elDlmynsH_CSz9PBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:58:de:57:25:e5:1e:79:1f:3c:fa:53:37:04:a6:2f:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21b9f2a826acf767a50e59b29ec1ff092cfd3c1c
        Validity
            Not Before: Nov  6 11:12:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9fe5ed8c8a14c3b58b2356caee1375d000269acf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:7f:9f:c6:65:e2:f6:11:29:35:98:b8:ce:cc:
                    c3:6b:55:d0:68:08:e9:2c:2c:75:a6:a3:2f:10:3b:
                    5d:df:a0:62:00:9f:3f:ea:7f:45:17:11:d1:a9:03:
                    bd:96:42:fc:b5:e0:fd:04:42:e3:00:a6:c5:c9:5c:
                    0c:4b:5b:12:a0:47:bf:49:d2:e6:5e:e5:ed:84:66:
                    fa:c5:63:f6:10:ee:90:b1:bd:a3:49:64:bf:1f:e9:
                    a1:73:78:de:3e:62:ba:d7:48:64:29:3e:0e:3f:65:
                    9f:28:92:8d:2e:2d:ad:84:11:80:27:b7:e7:15:c6:
                    3f:a9:2a:ad:e4:59:37:fc:d3:a8:bc:fa:2a:58:e5:
                    95:fb:67:c5:b2:d3:4f:62:ae:ca:45:e3:bb:4a:3c:
                    d0:82:db:f9:66:e3:5f:3b:dd:da:73:d9:35:b1:29:
                    eb:94:70:01:d0:73:21:c8:aa:0a:2c:c8:7c:d2:2c:
                    4f:b5:7d:e3:7f:ec:b3:c5:59:60:c5:b3:52:6d:30:
                    65:b4:04:f0:3b:4e:2b:a9:f2:e4:bc:3d:db:cc:4e:
                    c9:dc:0b:20:8d:45:7e:dc:46:10:bf:66:f9:96:de:
                    94:2e:6c:21:ef:b5:0d:1e:7c:40:0e:6c:f2:56:27:
                    d1:9d:a6:27:25:c2:3f:3e:52:14:69:47:54:93:4b:
                    1e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:E5:ED:8C:8A:14:C3:B5:8B:23:56:CA:EE:13:75:D0:00:26:9A:CF
            X509v3 Authority Key Identifier:
                keyid:21:B9:F2:A8:26:AC:F7:67:A5:0E:59:B2:9E:C1:FF:09:2C:FD:3C:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbnyqCas92elDlmynsH_CSz9PBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d70f78-082e-4ec2-8100-7cdcb50ed0e4/1/n-XtjIoUw7WLI1bK7hN10AAmms8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d70f78-082e-4ec2-8100-7cdcb50ed0e4/1/IbnyqCas92elDlmynsH_CSz9PBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.150.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:65:dd:48:c0:8f:cc:01:2d:b7:ad:7b:91:9e:e2:05:be:25:
         d9:6a:29:a9:5d:2b:d5:65:27:8b:ac:5a:99:46:75:84:a2:9c:
         d4:63:95:73:fa:e1:61:9b:ca:7b:2e:1d:d4:bd:57:f7:6c:bf:
         9d:12:0e:a9:cd:39:82:b8:a3:cf:71:e5:a9:21:b0:00:f3:bf:
         3e:fc:a7:31:82:c3:ad:94:05:66:77:27:41:05:ba:bd:7a:44:
         fe:d6:dd:36:22:6f:27:de:aa:73:3b:3b:dc:72:3a:32:2b:ed:
         ad:96:df:d4:7a:3f:0a:35:cf:df:54:eb:7d:45:ee:47:d9:fb:
         3a:15:15:f7:7d:fe:cf:96:62:9f:82:83:c3:9b:28:21:ff:89:
         c2:e6:68:71:ef:dc:71:b0:17:7d:57:be:89:1a:c9:dc:cd:58:
         06:b1:29:75:6a:8a:c8:b2:a2:63:d5:55:0e:87:fe:2c:7d:d7:
         82:44:6f:36:93:bb:c3:50:b7:f7:6d:7c:51:b4:31:df:5f:33:
         19:1c:e0:27:97:4c:ae:b8:b3:93:35:2f:89:e7:72:f3:67:5b:
         0b:01:1d:03:1b:9e:75:5c:29:e6:a9:a9:94:84:f3:96:e2:3e:
         e6:14:b2:b0:d6:34:d9:37:07:73:17:8c:74:1b:5d:f9:12:52:
         c1:d7:be:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpY3lcl5R55Hzz6UzcEpi9TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYjlmMmE4MjZhY2Y3NjdhNTBlNTliMjllYzFmZjA5MmNm
ZDNjMWMwHhcNMjUxMTA2MTExMjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmU1ZWQ4YzhhMTRjM2I1OGIyMzU2Y2FlZTEzNzVkMDAwMjY5YWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2n+fxmXi9hEpNZi4zszDa1XQaAjp
LCx1pqMvEDtd36BiAJ8/6n9FFxHRqQO9lkL8teD9BELjAKbFyVwMS1sSoEe/SdLm
XuXthGb6xWP2EO6Qsb2jSWS/H+mhc3jePmK610hkKT4OP2WfKJKNLi2thBGAJ7fn
FcY/qSqt5Fk3/NOovPoqWOWV+2fFstNPYq7KReO7SjzQgtv5ZuNfO93ac9k1sSnr
lHAB0HMhyKoKLMh80ixPtX3jf+yzxVlgxbNSbTBltATwO04rqfLkvD3bzE7J3Asg
jUV+3EYQv2b5lt6ULmwh77UNHnxADmzyVifRnaYnJcI/PlIUaUdUk0se+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ/l7YyKFMO1iyNWyu4TddAAJprPMB8GA1UdIwQY
MBaAFCG58qgmrPdnpQ5Zsp7B/wks/TwcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJueXFDYXM5MmVsRGxteW5zSF9DU3o5UEJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kNzBmNzgtMDgyZS00ZWMyLTgxMDAt
N2NkY2I1MGVkMGU0LzEvbi1YdGpJb1V3N1dMSTFiSzdoTjEwQUFtbXM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9kNzBmNzgtMDgyZS00ZWMyLTgxMDAtN2NkY2I1MGVkMGU0
LzEvSWJueXFDYXM5MmVsRGxteW5zSF9DU3o5UEJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp5YWMA0G
CSqGSIb3DQEBCwUAA4IBAQAdZd1IwI/MAS23rXuRnuIFviXZaimpXSvVZSeLrFqZ
RnWEopzUY5Vz+uFhm8p7Lh3UvVf3bL+dEg6pzTmCuKPPceWpIbAA878+/KcxgsOt
lAVmdydBBbq9ekT+1t02Im8n3qpzOzvccjoyK+2tlt/Uej8KNc/fVOt9Re5H2fs6
FRX3ff7PlmKfgoPDmygh/4nC5mhx79xxsBd9V76JGsnczVgGsSl1aorIsqJj1VUO
h/4sfdeCRG82k7vDULf3bXxRtDHfXzMZHOAnl0yuuLOTNS+J53LzZ1sLAR0DG551
XCnmqamUhPOW4j7mFLKw1jTZNwdzF4x0G135ElLB174n
-----END CERTIFICATE-----