Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/K-r7GaYHoNSknoKeYog4yg5pxIk.roa
File:                     K-r7GaYHoNSknoKeYog4yg5pxIk.roa (raw, json)
Hash identifier:          ZDYkonKEgXNEKLBVz0ycD0bMNaqjGAEeXYFYp8yC6mw=
Subject key identifier:   2B:EA:FB:19:A6:07:A0:D4:A4:9E:82:9E:62:88:38:CA:0E:69:C4:89
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019E1C72B63B16DD35D3AEF42C165F640087
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/K-r7GaYHoNSknoKeYog4yg5pxIk.roa
Signing time:             Tue 12 May 2026 13:49:00 +0000
ROA not before:           Tue 12 May 2026 13:49:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214962
IP address blocks:        222.167.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1c:72:b6:3b:16:dd:35:d3:ae:f4:2c:16:5f:64:00:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: May 12 13:49:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2beafb19a607a0d4a49e829e628838ca0e69c489
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:cf:f3:1f:c7:92:e6:f2:c3:e6:7d:dc:8d:bf:
                    28:71:1f:ea:e4:9c:71:6a:35:75:8a:fd:00:ce:6f:
                    0f:49:e0:27:68:a8:6f:97:52:08:c9:2b:84:dc:a1:
                    e7:9d:52:01:c8:f1:af:59:1b:4f:dd:4b:f9:19:6e:
                    9c:ec:36:57:b4:42:d3:80:45:18:09:db:24:7d:b2:
                    df:2b:ed:ad:ad:ed:f9:39:86:19:35:5e:8b:cc:4a:
                    1d:16:6c:4b:5c:9b:bd:ec:a6:f4:1c:c4:4c:f1:c8:
                    79:89:51:87:95:c9:6a:80:ac:3c:a2:48:e9:35:68:
                    40:a3:6c:45:16:b3:d1:8a:e2:d4:0a:c7:4f:da:61:
                    86:99:2f:39:b2:54:cf:84:e2:55:c3:ff:84:a4:04:
                    6b:9d:c7:56:c2:58:d6:ce:f3:b1:01:60:a0:df:cd:
                    64:43:02:b2:c3:32:7f:58:6d:7b:dc:14:d9:e5:2b:
                    75:2b:d9:30:29:f3:c2:c6:19:2e:36:e2:23:fd:1c:
                    be:3d:60:ec:62:08:11:48:8d:85:1e:85:5a:e6:ca:
                    40:18:1f:66:42:9c:71:05:37:c4:78:f9:77:30:2c:
                    ee:47:b5:17:47:3f:1f:d8:bb:5b:89:1e:b4:ab:58:
                    0a:fa:87:25:59:93:8f:bb:fd:84:7c:9a:d7:89:53:
                    aa:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:EA:FB:19:A6:07:A0:D4:A4:9E:82:9E:62:88:38:CA:0E:69:C4:89
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/K-r7GaYHoNSknoKeYog4yg5pxIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:8e:e4:2e:7a:9a:ad:cf:a8:5b:95:f8:31:e8:52:df:cf:de:
         f5:62:d5:97:08:4d:18:24:02:ec:45:ea:4f:85:a2:24:3e:6c:
         5b:dc:4b:e8:70:7f:2b:ec:b4:9f:fd:78:35:06:c8:87:32:ad:
         5e:60:84:78:bd:c9:82:2e:07:85:f7:ad:02:a7:2c:66:70:1d:
         e2:ba:91:0d:c9:cf:53:7c:a1:9c:15:3e:b9:0c:29:62:56:ff:
         60:49:21:7e:49:86:fe:6c:ba:da:68:95:01:3c:af:bf:2e:6e:
         10:bc:78:c7:ee:c6:54:a4:d8:b9:75:5e:13:e9:b3:33:ff:6b:
         c6:61:31:a7:63:24:7b:48:3a:08:e1:1f:7c:8b:c6:0c:aa:9e:
         70:75:c8:ff:55:7a:1f:9d:c8:e1:73:83:55:d3:c1:e0:d9:89:
         e1:9f:a2:63:3d:c6:07:ba:99:5c:42:7a:04:b6:d7:6d:5c:76:
         9e:f6:21:3c:1f:31:f8:76:22:4c:ec:82:75:02:2f:c1:51:21:
         f6:09:a4:45:ef:52:da:aa:f5:9c:3d:68:83:80:16:22:c7:25:
         2e:70:23:d0:2d:35:7a:f5:6b:77:f4:63:af:8c:29:4b:8b:09:
         d5:c1:34:4b:72:17:c9:2c:31:2d:08:1e:95:80:38:c7:8d:9a:
         c6:32:38:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4ccrY7Ft010670LBZfZACHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNTEyMTM0OTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmVhZmIxOWE2MDdhMGQ0YTQ5ZTgyOWU2Mjg4MzhjYTBlNjljNDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAss/zH8eS5vLD5n3cjb8ocR/q5Jxx
ajV1iv0Azm8PSeAnaKhvl1IIySuE3KHnnVIByPGvWRtP3Uv5GW6c7DZXtELTgEUY
CdskfbLfK+2tre35OYYZNV6LzEodFmxLXJu97Kb0HMRM8ch5iVGHlclqgKw8okjp
NWhAo2xFFrPRiuLUCsdP2mGGmS85slTPhOJVw/+EpARrncdWwljWzvOxAWCg381k
QwKywzJ/WG173BTZ5St1K9kwKfPCxhkuNuIj/Ry+PWDsYggRSI2FHoVa5spAGB9m
QpxxBTfEePl3MCzuR7UXRz8f2LtbiR60q1gK+oclWZOPu/2EfJrXiVOqfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCvq+xmmB6DUpJ6CnmKIOMoOacSJMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvSy1yN0dhWUhvTlNrbm9LZVlvZzR5ZzVweElrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3qfEMA0G
CSqGSIb3DQEBCwUAA4IBAQBqjuQuepqtz6hblfgx6FLfz971YtWXCE0YJALsRepP
haIkPmxb3EvocH8r7LSf/Xg1BsiHMq1eYIR4vcmCLgeF960CpyxmcB3iupENyc9T
fKGcFT65DCliVv9gSSF+SYb+bLraaJUBPK+/Lm4QvHjH7sZUpNi5dV4T6bMz/2vG
YTGnYyR7SDoI4R98i8YMqp5wdcj/VXofncjhc4NV08Hg2Ynhn6JjPcYHuplcQnoE
ttdtXHae9iE8HzH4diJM7IJ1Ai/BUSH2CaRF71LaqvWcPWiDgBYixyUucCPQLTV6
9Wt39GOvjClLiwnVwTRLchfJLDEtCB6VgDjHjZrGMjjb
-----END CERTIFICATE-----