Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/x-4cU282yjxWlayFMXLEcn362Ck.roa
File:                     x-4cU282yjxWlayFMXLEcn362Ck.roa (raw, json)
Hash identifier:          vTVv9q8cxbIj3S7ibhQ/5KV97pcO0DPQCaN6+zpW+48=
Subject key identifier:   C7:EE:1C:53:6F:36:CA:3C:56:95:AC:85:31:72:C4:72:7D:FA:D8:29
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019CF756A5C7E68137DD83572259F0A64515
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/x-4cU282yjxWlayFMXLEcn362Ck.roa
Signing time:             Mon 16 Mar 2026 15:49:36 +0000
ROA not before:           Mon 16 Mar 2026 15:49:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        110.34.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 13:58:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f7:56:a5:c7:e6:81:37:dd:83:57:22:59:f0:a6:45:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Mar 16 15:49:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c7ee1c536f36ca3c5695ac853172c4727dfad829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:48:af:90:2e:e9:ab:63:93:bd:b9:48:11:8c:
                    36:8d:c8:c8:6d:1f:97:ac:7d:a1:3f:5b:a6:ae:6f:
                    a0:cd:57:66:eb:6c:7e:a9:4e:65:78:84:77:34:cf:
                    13:c2:a1:4c:1b:a9:96:02:6c:5f:27:be:7c:e7:e4:
                    d9:f0:d8:f2:cf:6a:75:e1:6c:9a:fe:b3:c1:4b:1c:
                    45:5e:13:bb:e4:b3:22:6f:b8:ef:fc:93:b8:61:e6:
                    d2:68:f3:94:21:24:b4:0e:2a:45:3a:bf:b5:60:cb:
                    32:0f:ee:e5:20:d6:5e:a6:cd:81:e7:85:49:ae:1d:
                    16:4e:97:d7:1d:4b:e1:1b:86:a2:b6:de:e5:40:a9:
                    6d:1f:a2:48:a4:e5:28:48:47:78:29:ed:eb:97:5a:
                    72:ca:0c:22:ad:99:b8:75:d9:e4:f5:63:0f:52:a9:
                    9d:c0:75:e9:c1:1e:78:d8:67:45:f1:a3:c9:08:e6:
                    ff:c4:c6:2f:51:2f:5c:68:3a:c7:c5:5f:8c:c9:99:
                    a5:e5:d0:fb:56:46:2b:5a:12:e1:f2:eb:e5:f3:07:
                    b4:29:14:f0:24:dc:30:f8:4c:9e:2d:1d:de:7e:ea:
                    ec:e7:97:86:10:ba:3b:45:94:d5:47:13:c9:a7:7d:
                    46:1b:4a:84:7f:d6:ea:9c:12:e8:07:d9:fb:fc:28:
                    26:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:EE:1C:53:6F:36:CA:3C:56:95:AC:85:31:72:C4:72:7D:FA:D8:29
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/x-4cU282yjxWlayFMXLEcn362Ck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  110.34.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:dc:2c:6a:33:b3:b1:85:da:1b:2b:c0:b2:89:34:4d:d1:db:
         c0:1d:20:e8:dd:75:cd:63:73:9b:0a:44:6b:43:55:18:d7:0d:
         d3:5f:2a:3f:58:fe:b5:a5:9a:1c:47:23:73:bd:12:4a:70:81:
         06:06:69:0d:b6:b8:84:f9:e9:5f:c8:55:1d:e4:6b:ff:ff:10:
         34:51:ff:37:be:51:39:2f:3d:df:0e:b6:95:73:6e:f7:c1:0a:
         32:12:72:15:0b:57:48:64:02:f7:a3:ef:cc:93:c8:c3:da:41:
         c7:fa:9f:91:2e:95:0f:35:24:e1:86:16:b9:03:6a:58:5e:03:
         02:eb:2e:47:81:14:8f:5e:e7:42:3d:d6:9d:6c:30:db:90:ee:
         e7:62:53:0c:20:af:be:e4:bb:fe:e4:d4:1c:9c:44:83:f9:ec:
         a0:1b:b4:da:3a:32:99:62:6b:7e:57:89:e0:71:8a:fb:d8:59:
         c5:19:80:58:8a:b1:77:3b:ba:78:21:c2:7e:55:4d:59:58:6a:
         e3:8a:3d:da:34:b5:67:6e:68:5d:51:79:fe:2a:0d:69:bb:da:
         b4:4b:97:ca:6a:db:64:f9:a3:f1:a0:0e:32:dd:c8:6f:49:00:
         7e:16:a6:10:2b:f9:6e:82:4e:44:e3:6f:89:a8:58:5b:2e:6f:
         73:e2:a0:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz3VqXH5oE33YNXIlnwpkUVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzE2MTU0OTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2VlMWM1MzZmMzZjYTNjNTY5NWFjODUzMTcyYzQ3MjdkZmFkODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUivkC7pq2OTvblIEYw2jcjIbR+X
rH2hP1umrm+gzVdm62x+qU5leIR3NM8TwqFMG6mWAmxfJ7585+TZ8Njyz2p14Wya
/rPBSxxFXhO75LMib7jv/JO4YebSaPOUISS0DipFOr+1YMsyD+7lINZeps2B54VJ
rh0WTpfXHUvhG4aitt7lQKltH6JIpOUoSEd4Ke3rl1pyygwirZm4ddnk9WMPUqmd
wHXpwR542GdF8aPJCOb/xMYvUS9caDrHxV+MyZml5dD7VkYrWhLh8uvl8we0KRTw
JNww+EyeLR3efurs55eGELo7RZTVRxPJp31GG0qEf9bqnBLoB9n7/CgmIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMfuHFNvNso8VpWshTFyxHJ9+tgpMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEveC00Y1UyODJ5anhXbGF5Rk1YTEVjbjM2MkNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbiIlMA0G
CSqGSIb3DQEBCwUAA4IBAQAL3CxqM7OxhdobK8CyiTRN0dvAHSDo3XXNY3ObCkRr
Q1UY1w3TXyo/WP61pZocRyNzvRJKcIEGBmkNtriE+elfyFUd5Gv//xA0Uf83vlE5
Lz3fDraVc273wQoyEnIVC1dIZAL3o+/Mk8jD2kHH+p+RLpUPNSThhha5A2pYXgMC
6y5HgRSPXudCPdadbDDbkO7nYlMMIK++5Lv+5NQcnESD+eygG7TaOjKZYmt+V4ng
cYr72FnFGYBYirF3O7p4IcJ+VU1ZWGrjij3aNLVnbmhdUXn+Kg1pu9q0S5fKattk
+aPxoA4y3chvSQB+FqYQK/lugk5E42+JqFhbLm9z4qD9
-----END CERTIFICATE-----