Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/85ff0a-22ab-4190-9b73-259be9fbc1f1/1/H49G2vY2n7CqDt3v_PdU70zy7RA.roa
File:                     H49G2vY2n7CqDt3v_PdU70zy7RA.roa (raw, json)
Hash identifier:          3w0udG08DzlOoXAgNwrIJkLMkSJOE7Sqq/f8cYs/Xbk=
Subject key identifier:   1F:8F:46:DA:F6:36:9F:B0:AA:0E:DD:EF:FC:F7:54:EF:4C:F2:ED:10
Certificate issuer:       /CN=02c94804cfcc7ef258d46fc324c1676447603ef6
Certificate serial:       019DA9CEE1CCCC5C515E2C6908C097CC0F00
Authority key identifier: 02:C9:48:04:CF:CC:7E:F2:58:D4:6F:C3:24:C1:67:64:47:60:3E:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AslIBM_MfvJY1G_DJMFnZEdgPvY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/85ff0a-22ab-4190-9b73-259be9fbc1f1/1/H49G2vY2n7CqDt3v_PdU70zy7RA.roa
Signing time:             Mon 20 Apr 2026 07:33:20 +0000
ROA not before:           Mon 20 Apr 2026 07:33:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8896
IP address blocks:        89.254.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/85ff0a-22ab-4190-9b73-259be9fbc1f1/1/AslIBM_MfvJY1G_DJMFnZEdgPvY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/85ff0a-22ab-4190-9b73-259be9fbc1f1/1/AslIBM_MfvJY1G_DJMFnZEdgPvY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AslIBM_MfvJY1G_DJMFnZEdgPvY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a9:ce:e1:cc:cc:5c:51:5e:2c:69:08:c0:97:cc:0f:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02c94804cfcc7ef258d46fc324c1676447603ef6
        Validity
            Not Before: Apr 20 07:33:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f8f46daf6369fb0aa0eddeffcf754ef4cf2ed10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:93:72:fa:48:c4:8d:dc:31:a5:d5:30:c4:e2:
                    67:fe:66:fa:53:ba:9e:68:de:02:df:77:d4:2c:2b:
                    df:3c:30:72:fc:80:b3:bf:c3:9b:3f:5f:b9:70:8a:
                    ac:89:03:ea:1d:19:a9:78:65:e3:a2:61:ac:32:5b:
                    c4:b5:16:d3:56:cb:8d:82:d9:0c:49:4d:85:fa:b9:
                    85:df:54:48:3f:c6:a1:6f:9a:c8:96:7d:20:10:08:
                    8f:fd:47:24:ce:4c:9d:26:72:44:3c:1c:b8:d2:c1:
                    e2:d1:eb:2c:78:c3:85:25:23:9e:93:49:90:19:7b:
                    43:ab:ea:09:f6:45:67:0e:16:99:56:12:ba:16:53:
                    5c:02:0a:7a:bc:54:de:d6:0d:b3:6f:c0:33:82:59:
                    92:5f:7b:82:06:20:fb:4b:8f:70:b9:9d:ed:01:62:
                    c2:38:5e:01:03:3f:49:08:1e:4b:5c:7c:9c:31:65:
                    f0:17:68:5d:15:68:dd:c4:37:85:9b:ca:09:b9:7c:
                    39:1e:b9:06:89:8f:cb:be:fe:14:bc:70:b6:34:bc:
                    3c:b7:33:24:e2:04:4a:d1:cc:08:2c:b2:46:90:3a:
                    e3:b3:d5:10:1a:4c:b4:fd:64:22:d2:ee:94:34:eb:
                    9f:96:52:0e:3d:5c:28:be:dc:50:d7:9f:6c:25:20:
                    55:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:8F:46:DA:F6:36:9F:B0:AA:0E:DD:EF:FC:F7:54:EF:4C:F2:ED:10
            X509v3 Authority Key Identifier:
                keyid:02:C9:48:04:CF:CC:7E:F2:58:D4:6F:C3:24:C1:67:64:47:60:3E:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AslIBM_MfvJY1G_DJMFnZEdgPvY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/85ff0a-22ab-4190-9b73-259be9fbc1f1/1/H49G2vY2n7CqDt3v_PdU70zy7RA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/85ff0a-22ab-4190-9b73-259be9fbc1f1/1/AslIBM_MfvJY1G_DJMFnZEdgPvY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.254.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:d7:63:eb:92:ee:83:59:db:2f:58:60:6f:b7:94:8d:d3:9f:
         52:f4:ec:34:8e:5b:ef:d9:c3:c9:fa:5f:27:05:ad:06:34:f3:
         d0:db:82:c6:41:70:e8:38:f4:ce:f4:c0:27:f2:46:25:0a:d5:
         64:b4:6b:9a:42:c6:e4:4f:a3:39:79:6f:a5:bc:5c:81:61:c9:
         4f:5b:20:be:04:bc:03:f7:7d:41:ca:ee:fe:53:28:df:cb:4f:
         d6:25:29:0c:11:75:d1:8a:07:81:d6:65:55:41:5a:64:4b:30:
         a7:e1:2c:c7:25:e6:07:60:d0:3b:1d:10:6f:36:91:f9:72:df:
         c0:40:b3:84:cd:6c:36:c0:85:26:a5:68:f1:9d:6b:38:b6:c9:
         1b:2e:14:ca:38:38:99:76:af:2f:4c:f1:2f:42:3f:9b:5c:04:
         cf:04:c2:a6:c6:3d:f2:ad:2d:60:32:b9:27:5b:cd:eb:32:51:
         00:56:16:a9:91:a2:81:ca:d0:50:ad:34:9d:f5:5e:9b:3f:e7:
         77:da:e1:57:66:32:c1:d4:f9:b4:66:82:69:d0:db:7e:9e:b0:
         c8:7e:e4:4b:9d:8d:fc:e4:d4:ab:ec:3b:bd:13:dd:79:76:a2:
         9a:69:83:d7:42:07:c0:d7:39:9e:9d:e5:a7:b8:48:a7:a7:40:
         8e:70:53:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2pzuHMzFxRXixpCMCXzA8AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYzk0ODA0Y2ZjYzdlZjI1OGQ0NmZjMzI0YzE2NzY0NDc2
MDNlZjYwHhcNMjYwNDIwMDczMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjhmNDZkYWY2MzY5ZmIwYWEwZWRkZWZmY2Y3NTRlZjRjZjJlZDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJNy+kjEjdwxpdUwxOJn/mb6U7qe
aN4C33fULCvfPDBy/ICzv8ObP1+5cIqsiQPqHRmpeGXjomGsMlvEtRbTVsuNgtkM
SU2F+rmF31RIP8ahb5rIln0gEAiP/UckzkydJnJEPBy40sHi0esseMOFJSOek0mQ
GXtDq+oJ9kVnDhaZVhK6FlNcAgp6vFTe1g2zb8AzglmSX3uCBiD7S49wuZ3tAWLC
OF4BAz9JCB5LXHycMWXwF2hdFWjdxDeFm8oJuXw5HrkGiY/Lvv4UvHC2NLw8tzMk
4gRK0cwILLJGkDrjs9UQGky0/WQi0u6UNOufllIOPVwovtxQ159sJSBVhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+PRtr2Np+wqg7d7/z3VO9M8u0QMB8GA1UdIwQY
MBaAFALJSATPzH7yWNRvwyTBZ2RHYD72MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXNsSUJNX01mdkpZMUdfREpNRm5aRWRnUHZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84NWZmMGEtMjJhYi00MTkwLTliNzMt
MjU5YmU5ZmJjMWYxLzEvSDQ5RzJ2WTJuN0NxRHQzdl9QZFU3MHp5N1JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84NWZmMGEtMjJhYi00MTkwLTliNzMtMjU5YmU5ZmJjMWYx
LzEvQXNsSUJNX01mdkpZMUdfREpNRm5aRWRnUHZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWf4UMA0G
CSqGSIb3DQEBCwUAA4IBAQAK12Prku6DWdsvWGBvt5SN059S9Ow0jlvv2cPJ+l8n
Ba0GNPPQ24LGQXDoOPTO9MAn8kYlCtVktGuaQsbkT6M5eW+lvFyBYclPWyC+BLwD
931Byu7+Uyjfy0/WJSkMEXXRigeB1mVVQVpkSzCn4SzHJeYHYNA7HRBvNpH5ct/A
QLOEzWw2wIUmpWjxnWs4tskbLhTKODiZdq8vTPEvQj+bXATPBMKmxj3yrS1gMrkn
W83rMlEAVhapkaKBytBQrTSd9V6bP+d32uFXZjLB1Pm0ZoJp0Nt+nrDIfuRLnY38
5NSr7Du9E915dqKaaYPXQgfA1zmeneWnuEinp0COcFM9
-----END CERTIFICATE-----