Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/algNXeBnWxlc8W_yfgEXDKVh734.roa
File:                     algNXeBnWxlc8W_yfgEXDKVh734.roa (raw, json)
Hash identifier:          +8v/ZEG/pBK5GYXIEpGkYZzjhYA72COaS0gR5SOoPO0=
Subject key identifier:   6A:58:0D:5D:E0:67:5B:19:5C:F1:6F:F2:7E:01:17:0C:A5:61:EF:7E
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019CFC29DDF260FCFE258A4808FD80D6B4EB
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/algNXeBnWxlc8W_yfgEXDKVh734.roa
Signing time:             Tue 17 Mar 2026 14:18:48 +0000
ROA not before:           Tue 17 Mar 2026 14:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202662
IP address blocks:        222.167.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Mar 2026 18:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fc:29:dd:f2:60:fc:fe:25:8a:48:08:fd:80:d6:b4:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Mar 17 14:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a580d5de0675b195cf16ff27e01170ca561ef7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:01:c2:5c:6f:58:08:38:b7:07:54:a5:53:bc:
                    a2:33:08:4f:97:70:6a:8c:42:8d:fe:94:87:4e:55:
                    7e:fd:6d:c3:1a:4e:ef:8c:4a:e1:24:9a:20:64:9d:
                    44:bb:80:c4:62:c5:3c:58:b8:01:ea:60:85:80:2c:
                    8c:97:ae:e9:47:2d:73:83:f4:45:20:9e:7d:3e:6b:
                    2f:56:5c:c7:07:60:78:2f:94:52:0f:0d:ee:cf:a2:
                    48:d1:b1:ad:5e:b0:e5:a5:1e:15:b6:a0:89:e5:5e:
                    2a:01:3e:53:e8:27:81:c1:bf:5d:15:67:a3:df:4d:
                    5e:da:c2:c0:43:b2:d2:5f:29:00:42:ba:1f:44:cc:
                    af:0a:02:68:9a:5f:10:f5:bc:be:d8:24:65:81:e8:
                    eb:5f:33:85:c3:3a:05:81:a5:04:ce:f4:83:8d:74:
                    f1:92:1b:00:24:1d:06:51:ef:3f:29:3c:dc:7c:1c:
                    f0:5b:ea:bf:f5:da:09:b0:c8:11:23:30:fa:6c:aa:
                    ba:4a:54:4f:7a:b7:8e:46:bd:b1:56:c2:cb:6b:0b:
                    71:91:68:65:ba:f9:df:de:0f:c0:79:e3:b6:73:86:
                    8d:44:f6:a7:e2:30:98:b6:5a:d2:6c:91:c0:ce:26:
                    86:02:10:04:b2:00:2a:fc:11:e3:eb:a6:da:32:bc:
                    f7:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:58:0D:5D:E0:67:5B:19:5C:F1:6F:F2:7E:01:17:0C:A5:61:EF:7E
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/algNXeBnWxlc8W_yfgEXDKVh734.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:23:a9:d3:c0:00:5b:1a:33:a6:35:29:ee:54:cf:3d:59:29:
         f9:ff:a1:82:c0:54:16:32:0f:b0:cf:3a:c0:0a:80:e5:5b:6f:
         59:88:ee:9c:5b:5d:3f:eb:f6:f8:28:76:22:fc:b6:73:b6:2b:
         04:63:4d:e2:77:2a:e9:7a:56:cd:ad:31:dc:d4:76:c5:75:81:
         50:56:72:42:a3:a6:38:25:c0:8f:4b:80:a0:3f:30:25:7e:69:
         90:7d:3b:53:55:cf:b9:d4:90:ea:bc:8b:cb:35:f5:45:fe:a1:
         75:8b:20:11:20:f4:a8:1f:4c:57:4d:ed:29:47:1c:33:78:c9:
         d6:0f:d6:08:ca:ed:e1:a7:9f:d0:ba:b7:5a:3b:1a:c1:ad:40:
         4a:77:22:70:e7:35:04:67:57:61:68:bc:d1:87:50:69:52:49:
         54:76:fe:22:2e:ac:ec:e4:8b:f9:1c:1d:20:8a:e3:aa:52:71:
         a9:ae:5c:9e:58:6c:87:3f:3a:d7:e1:b1:f1:5e:7b:43:d1:c0:
         ee:16:c8:ea:36:89:d4:0a:c6:d7:75:46:c1:ec:09:69:dc:b7:
         3b:15:ea:c7:64:70:41:b4:7f:0a:6a:e9:a5:f2:34:06:ee:aa:
         7e:b5:fc:a3:1a:76:56:1c:ed:27:07:84:1b:4d:7d:6d:96:7e:
         06:5c:d9:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz8Kd3yYPz+JYpICP2A1rTrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzE3MTQxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTU4MGQ1ZGUwNjc1YjE5NWNmMTZmZjI3ZTAxMTcwY2E1NjFlZjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQHCXG9YCDi3B1SlU7yiMwhPl3Bq
jEKN/pSHTlV+/W3DGk7vjErhJJogZJ1Eu4DEYsU8WLgB6mCFgCyMl67pRy1zg/RF
IJ59PmsvVlzHB2B4L5RSDw3uz6JI0bGtXrDlpR4VtqCJ5V4qAT5T6CeBwb9dFWej
301e2sLAQ7LSXykAQrofRMyvCgJoml8Q9by+2CRlgejrXzOFwzoFgaUEzvSDjXTx
khsAJB0GUe8/KTzcfBzwW+q/9doJsMgRIzD6bKq6SlRPereORr2xVsLLawtxkWhl
uvnf3g/AeeO2c4aNRPan4jCYtlrSbJHAziaGAhAEsgAq/BHj66baMrz3JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGpYDV3gZ1sZXPFv8n4BFwylYe9+MB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvYWxnTlhlQm5XeGxjOFdfeWZnRVhES1ZoNzM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3qfGMA0G
CSqGSIb3DQEBCwUAA4IBAQByI6nTwABbGjOmNSnuVM89WSn5/6GCwFQWMg+wzzrA
CoDlW29ZiO6cW10/6/b4KHYi/LZztisEY03idyrpelbNrTHc1HbFdYFQVnJCo6Y4
JcCPS4CgPzAlfmmQfTtTVc+51JDqvIvLNfVF/qF1iyARIPSoH0xXTe0pRxwzeMnW
D9YIyu3hp5/QurdaOxrBrUBKdyJw5zUEZ1dhaLzRh1BpUklUdv4iLqzs5Iv5HB0g
iuOqUnGprlyeWGyHPzrX4bHxXntD0cDuFsjqNonUCsbXdUbB7Alp3Lc7FerHZHBB
tH8Kauml8jQG7qp+tfyjGnZWHO0nB4QbTX1tln4GXNnk
-----END CERTIFICATE-----