Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/p3ug5g_xr36I9KNV_9pjhyaQAkk.roa
File:                     p3ug5g_xr36I9KNV_9pjhyaQAkk.roa (raw, json)
Hash identifier:          uuYYXBFXf6iSKm9ZmcznX50GVca7EYuHsb41XmXtuCU=
Subject key identifier:   A7:7B:A0:E6:0F:F1:AF:7E:88:F4:A3:55:FF:DA:63:87:26:90:02:49
Certificate issuer:       /CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
Certificate serial:       019D225B5C66601359CF8A60C20943AB35C3
Authority key identifier: B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/p3ug5g_xr36I9KNV_9pjhyaQAkk.roa
Signing time:             Wed 25 Mar 2026 00:18:25 +0000
ROA not before:           Wed 25 Mar 2026 00:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207977
IP address blocks:        74.122.26.0/23 maxlen: 24
                          104.167.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:22:5b:5c:66:60:13:59:cf:8a:60:c2:09:43:ab:35:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
        Validity
            Not Before: Mar 25 00:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a77ba0e60ff1af7e88f4a355ffda638726900249
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f5:3b:6f:36:de:9a:a7:bd:46:bc:78:2b:0b:
                    00:b7:42:0a:30:76:21:0d:2c:a3:26:98:cd:74:aa:
                    47:fb:ec:96:bf:bf:db:e9:f2:46:fc:be:42:ef:d8:
                    f2:e2:f5:87:db:d7:02:fc:fe:4d:95:d6:71:5e:4c:
                    45:41:fc:41:00:f2:97:db:27:f1:4b:19:00:60:84:
                    37:6a:01:e3:08:ca:85:4d:7b:49:25:a2:a3:0c:0e:
                    b4:fe:3c:fa:f4:16:10:30:2d:fa:cd:d1:3d:e5:87:
                    a0:fb:79:6d:cb:f7:0d:d6:80:b6:df:b3:f9:8b:e8:
                    ab:94:9c:6e:47:5a:5b:3e:da:39:72:4f:28:90:19:
                    83:cf:a5:61:aa:62:86:07:d1:08:d2:f6:ea:74:39:
                    16:19:b6:2b:89:d7:c5:60:55:71:32:ac:49:7c:e3:
                    35:0d:b2:ca:f2:fb:73:a1:25:9e:59:56:5a:26:c7:
                    b5:34:1f:2e:29:b4:f9:98:b5:eb:8f:6b:d4:26:56:
                    1e:0f:db:f0:34:7c:4e:31:03:2e:ec:07:9c:31:59:
                    8d:55:d3:18:8b:de:fd:2f:2c:c2:fa:e0:ab:39:a0:
                    1c:06:2f:4e:f4:62:a4:99:9b:28:14:11:a6:60:28:
                    47:b0:ff:d0:41:17:c1:73:6a:5d:fe:f8:3a:11:74:
                    9a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:7B:A0:E6:0F:F1:AF:7E:88:F4:A3:55:FF:DA:63:87:26:90:02:49
            X509v3 Authority Key Identifier:
                keyid:B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/p3ug5g_xr36I9KNV_9pjhyaQAkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  74.122.26.0/23
                  104.167.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:4a:95:d9:14:f2:fe:ba:84:62:02:3d:69:bf:9d:85:ae:ef:
         77:c6:ee:db:0e:29:8d:cc:64:a1:1a:a5:aa:fe:cb:e5:a9:3e:
         1e:0a:6d:f7:7f:58:a1:bc:0e:c1:00:e4:fb:a5:32:a8:da:34:
         8f:ff:e2:75:ef:2b:a9:27:a5:a9:95:bc:7a:f8:be:2b:75:3a:
         73:9f:50:e3:0f:4e:60:69:66:00:8d:23:e5:32:ce:64:ef:1a:
         6f:eb:d7:d9:e7:72:03:a5:73:6a:26:4e:e2:fd:8f:92:ac:ec:
         f9:7c:d3:d1:be:42:41:37:6d:ba:61:ec:ec:df:78:38:45:5d:
         44:7b:27:08:99:1b:a2:d4:21:53:a2:4f:a1:1f:2e:00:11:b6:
         28:6b:b3:62:c0:88:28:51:86:c3:52:32:8c:a9:86:9a:bc:2a:
         e8:47:a3:b6:03:02:ba:16:32:4e:5c:25:f3:fe:ca:1e:97:e7:
         fc:ba:ea:5f:ae:64:50:30:e2:5c:0a:19:db:7c:08:4f:5b:01:
         f3:67:27:46:19:99:20:27:71:08:a6:30:be:a8:fc:ff:30:ee:
         d2:bf:01:e5:c0:99:4e:68:51:76:97:f6:55:90:64:e2:9a:34:
         fe:47:b1:0c:4f:06:88:51:d5:5b:3f:43:70:4b:43:7f:8e:8c:
         57:1a:7f:b1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0iW1xmYBNZz4pgwglDqzXDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MDRjYzBlMDM4ZWIwZTY5N2VjNmU3YWU0OWQwMjg2MTQ2
ZTBjMWEwHhcNMjYwMzI1MDAxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzdiYTBlNjBmZjFhZjdlODhmNGEzNTVmZmRhNjM4NzI2OTAwMjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPU7bzbemqe9Rrx4KwsAt0IKMHYh
DSyjJpjNdKpH++yWv7/b6fJG/L5C79jy4vWH29cC/P5NldZxXkxFQfxBAPKX2yfx
SxkAYIQ3agHjCMqFTXtJJaKjDA60/jz69BYQMC36zdE95Yeg+3lty/cN1oC237P5
i+irlJxuR1pbPto5ck8okBmDz6VhqmKGB9EI0vbqdDkWGbYridfFYFVxMqxJfOM1
DbLK8vtzoSWeWVZaJse1NB8uKbT5mLXrj2vUJlYeD9vwNHxOMQMu7AecMVmNVdMY
i979LyzC+uCrOaAcBi9O9GKkmZsoFBGmYChHsP/QQRfBc2pd/vg6EXSa4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKd7oOYP8a9+iPSjVf/aY4cmkAJJMB8GA1UdIwQY
MBaAFLQEzA4DjrDml+xueuSdAoYUbgwaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1Yjkt
ODZhMmYwNjdiNGU4LzEvcDN1ZzVnX3hyMzZJOUtOVl85cGpoeWFRQWtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1YjktODZhMmYwNjdiNGU4
LzEvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBSnoaAwQA
aKcRMA0GCSqGSIb3DQEBCwUAA4IBAQALSpXZFPL+uoRiAj1pv52Fru93xu7bDimN
zGShGqWq/svlqT4eCm33f1ihvA7BAOT7pTKo2jSP/+J17yupJ6Wplbx6+L4rdTpz
n1DjD05gaWYAjSPlMs5k7xpv69fZ53IDpXNqJk7i/Y+SrOz5fNPRvkJBN226Yezs
33g4RV1EeycImRui1CFTok+hHy4AEbYoa7NiwIgoUYbDUjKMqYaavCroR6O2AwK6
FjJOXCXz/soel+f8uupfrmRQMOJcChnbfAhPWwHzZydGGZkgJ3EIpjC+qPz/MO7S
vwHlwJlOaFF2l/ZVkGTimjT+R7EMTwaIUdVbP0NwS0N/joxXGn+x
-----END CERTIFICATE-----