Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/2JApo5p90Arsl26Gr5UvJQxa6Xc.roa
File:                     2JApo5p90Arsl26Gr5UvJQxa6Xc.roa (raw, json)
Hash identifier:          c4Re3HvVRik6tpHEscFpP+AIIFwDcZYtSk363VU1mH0=
Subject key identifier:   D8:90:29:A3:9A:7D:D0:0A:EC:97:6E:86:AF:95:2F:25:0C:5A:E9:77
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019E8E1300050C87C91949400DE4AF0B303F
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/2JApo5p90Arsl26Gr5UvJQxa6Xc.roa
Signing time:             Wed 03 Jun 2026 15:21:10 +0000
ROA not before:           Wed 03 Jun 2026 15:21:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35179
IP address blocks:        110.34.38.0/24 maxlen: 24
                          222.167.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8e:13:00:05:0c:87:c9:19:49:40:0d:e4:af:0b:30:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Jun  3 15:21:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d89029a39a7dd00aec976e86af952f250c5ae977
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:1e:23:04:4b:6a:73:ad:ff:91:61:24:91:04:
                    e9:bc:03:bc:1d:d1:c5:6e:98:ef:3b:b9:19:53:53:
                    31:1f:65:e7:99:ea:1d:70:f6:1f:17:c0:ed:5c:a9:
                    b7:c8:34:01:5a:11:8a:79:b3:fe:2a:eb:43:74:e3:
                    b7:ff:46:4d:15:f7:a0:80:e0:b2:00:5b:85:f9:3c:
                    1c:6a:82:e9:65:e1:5a:7f:13:05:3f:2a:9b:92:a7:
                    3a:0d:cc:f0:46:c8:c8:70:97:16:2b:ab:08:bc:74:
                    b1:84:18:55:4e:e4:49:52:97:a8:4e:cf:e1:11:73:
                    50:5a:e9:45:61:ca:dc:28:88:5d:93:52:c4:b3:88:
                    51:26:30:91:01:3b:1a:da:cd:95:57:1e:c7:79:9c:
                    ee:76:b7:0f:0a:57:50:c3:fb:42:78:2a:46:90:35:
                    bf:a9:06:4e:dd:02:3b:16:4e:6c:05:ca:ae:fe:cc:
                    e7:a9:ee:07:18:4a:70:25:16:e1:07:20:4a:9d:23:
                    99:de:a3:09:6f:0d:3f:51:1f:f5:00:b4:b8:38:3d:
                    3f:97:a2:71:8c:04:6a:2d:31:59:74:65:5e:18:b2:
                    64:6b:a4:10:93:de:cd:df:23:48:7e:e6:38:67:c7:
                    f7:c8:0a:52:07:45:32:3d:bb:5d:33:97:89:7c:11:
                    9d:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:90:29:A3:9A:7D:D0:0A:EC:97:6E:86:AF:95:2F:25:0C:5A:E9:77
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/2JApo5p90Arsl26Gr5UvJQxa6Xc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  110.34.38.0/24
                  222.167.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:6c:41:f7:12:6b:c6:ac:6d:60:11:28:ab:34:cb:eb:e2:00:
         6c:2d:9f:73:40:53:73:de:89:fd:b2:cf:fd:57:74:34:c0:f6:
         f3:4c:2d:7b:fb:74:b4:d9:01:6b:e9:07:e4:65:ee:a2:f2:e0:
         38:c2:58:45:f1:8c:e0:5b:cf:a4:1b:56:76:fb:a2:a8:e7:fe:
         08:2a:a8:6c:59:b5:8e:2c:47:68:f4:99:62:5c:66:50:62:e0:
         42:55:88:a9:30:90:4a:70:b8:18:15:be:8f:a3:ea:8e:10:aa:
         35:b9:8b:19:2e:7b:49:86:d6:66:77:1e:4a:fb:39:0b:a5:18:
         39:e5:8c:e6:0d:16:47:c5:7e:09:5f:49:e8:45:0e:6f:87:bd:
         e2:f2:e7:a0:ef:ff:dd:e0:b8:50:9a:bc:06:13:c2:e3:6a:76:
         d0:48:c9:fe:82:91:c8:c3:0e:37:a7:ae:ef:93:1a:5e:48:5f:
         4a:10:ca:5e:0b:df:6d:31:3e:df:5c:59:33:8f:c3:2e:ae:cd:
         c0:ff:c2:1c:3e:52:c4:03:8a:af:86:97:bb:08:8e:07:ad:13:
         76:76:77:07:55:71:65:ee:ad:ae:88:d2:7f:42:8d:c9:dd:9c:
         e5:96:cf:46:4e:6c:fc:06:71:09:54:29:f3:9c:e6:02:a0:c0:
         35:a8:45:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6OEwAFDIfJGUlADeSvCzA/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNjAzMTUyMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODkwMjlhMzlhN2RkMDBhZWM5NzZlODZhZjk1MmYyNTBjNWFlOTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0h4jBEtqc63/kWEkkQTpvAO8HdHF
bpjvO7kZU1MxH2XnmeodcPYfF8DtXKm3yDQBWhGKebP+KutDdOO3/0ZNFfeggOCy
AFuF+TwcaoLpZeFafxMFPyqbkqc6DczwRsjIcJcWK6sIvHSxhBhVTuRJUpeoTs/h
EXNQWulFYcrcKIhdk1LEs4hRJjCRATsa2s2VVx7HeZzudrcPCldQw/tCeCpGkDW/
qQZO3QI7Fk5sBcqu/sznqe4HGEpwJRbhByBKnSOZ3qMJbw0/UR/1ALS4OD0/l6Jx
jARqLTFZdGVeGLJka6QQk97N3yNIfuY4Z8f3yApSB0UyPbtdM5eJfBGdKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNiQKaOafdAK7Jduhq+VLyUMWul3MB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvMkpBcG81cDkwQXJzbDI2R3I1VXZKUXhhNlhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbiImAwQA
3qf+MA0GCSqGSIb3DQEBCwUAA4IBAQCbbEH3EmvGrG1gESirNMvr4gBsLZ9zQFNz
3on9ss/9V3Q0wPbzTC17+3S02QFr6QfkZe6i8uA4wlhF8YzgW8+kG1Z2+6Ko5/4I
KqhsWbWOLEdo9JliXGZQYuBCVYipMJBKcLgYFb6Po+qOEKo1uYsZLntJhtZmdx5K
+zkLpRg55YzmDRZHxX4JX0noRQ5vh73i8ueg7//d4LhQmrwGE8LjanbQSMn+gpHI
ww43p67vkxpeSF9KEMpeC99tMT7fXFkzj8Murs3A/8IcPlLEA4qvhpe7CI4HrRN2
dncHVXFl7q2uiNJ/Qo3J3Zzlls9GTmz8BnEJVCnznOYCoMA1qEVo
-----END CERTIFICATE-----