Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/uT8E57kRkXsj4VBnnzXclhZkT2Y.roa
File:                     uT8E57kRkXsj4VBnnzXclhZkT2Y.roa (raw, json)
Hash identifier:          EAtpxOZ43Ampbd8IW6f2aDxy5kdJ1fsUpkLOu8NRJ7Y=
Subject key identifier:   B9:3F:04:E7:B9:11:91:7B:23:E1:50:67:9F:35:DC:96:16:64:4F:66
Certificate issuer:       /CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
Certificate serial:       019B7DC9C8F91E717E839CDA2EA81E46821B
Authority key identifier: B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/uT8E57kRkXsj4VBnnzXclhZkT2Y.roa
Signing time:             Fri 02 Jan 2026 08:18:54 +0000
ROA not before:           Fri 02 Jan 2026 08:18:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205027
IP address blocks:        74.122.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:c8:f9:1e:71:7e:83:9c:da:2e:a8:1e:46:82:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
        Validity
            Not Before: Jan  2 08:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b93f04e7b911917b23e150679f35dc9616644f66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:3f:39:3e:15:5e:c3:42:58:1e:18:0a:e9:3d:
                    4d:d3:39:75:74:e4:a2:a6:99:9b:dd:9e:df:f3:06:
                    e4:16:8d:7d:21:d9:33:94:40:85:01:4e:76:82:5b:
                    52:cb:08:e0:37:1e:72:f8:68:10:36:4d:20:89:9c:
                    d7:8b:96:88:88:6c:7f:f2:53:02:af:af:85:7e:75:
                    41:5f:3c:34:38:f6:92:25:17:30:c9:71:d2:72:b3:
                    83:9a:ec:d5:ea:63:20:76:28:49:cf:93:c4:f1:a7:
                    12:04:08:c4:ec:2b:e6:5f:e7:bc:d4:5e:f2:5d:5c:
                    c1:40:86:8b:a7:90:e6:ba:d6:f3:fd:7f:da:f9:a9:
                    c7:63:1f:bb:41:12:87:73:ba:dc:6d:cf:0b:97:85:
                    db:44:8f:12:57:ed:97:c9:ee:c2:bb:64:5b:4b:62:
                    59:a4:c5:6f:51:11:cd:1e:6d:f7:b5:c3:b0:79:ff:
                    13:e1:2c:79:67:d0:b6:d4:0c:f4:c4:50:ec:8f:c7:
                    60:bf:d1:05:aa:9b:ec:a3:ce:16:46:95:29:2a:a8:
                    16:1d:61:ef:54:08:ca:1a:8c:d5:0b:e2:be:7e:cd:
                    f4:20:93:7e:ee:85:b0:b9:02:08:f2:fc:8f:12:fd:
                    cc:f3:9d:50:a1:8d:59:ab:6d:1d:88:bf:37:2e:5e:
                    3a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:3F:04:E7:B9:11:91:7B:23:E1:50:67:9F:35:DC:96:16:64:4F:66
            X509v3 Authority Key Identifier:
                keyid:B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/uT8E57kRkXsj4VBnnzXclhZkT2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  74.122.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:64:aa:e4:20:60:cf:27:57:07:df:d5:42:55:67:3a:55:26:
         a8:8f:bd:f7:88:db:01:5c:3b:b4:d6:5c:10:06:c6:7b:26:bd:
         66:33:90:c8:c9:47:46:c8:22:a8:2b:17:62:87:e3:2d:3e:d6:
         a6:9d:b6:04:eb:ce:46:80:a7:80:68:13:7b:ae:9a:f0:7d:02:
         ee:b8:9d:65:50:20:3d:a1:90:1b:55:2d:10:ca:5a:64:6a:bb:
         ee:31:a8:63:09:aa:01:f2:83:71:35:a6:7c:e3:32:b2:d1:a6:
         62:51:8d:13:23:7b:23:ce:ae:a2:20:50:6f:ab:88:d4:33:29:
         3c:53:75:03:7d:f4:64:b6:c2:65:90:ab:a0:da:bf:a0:f5:25:
         b1:7e:8b:b3:d3:92:fd:69:3c:9a:c7:fe:d6:fe:0b:62:37:f5:
         1d:ae:17:28:e4:5f:c0:e1:93:19:3c:21:93:84:e9:48:f9:24:
         c5:69:29:26:15:b9:53:ee:f8:c8:8a:07:bf:f0:75:2e:b2:61:
         e8:07:2b:a1:54:82:bd:55:3c:a1:5d:0b:f3:16:31:60:cc:31:
         7e:f3:9e:55:2c:92:5a:9f:ae:2e:dd:82:ef:de:e6:c6:66:15:
         05:42:98:a1:f7:81:4b:c2:66:ed:3a:28:2c:8e:a8:56:f8:64:
         c0:f8:7c:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ycj5HnF+g5zaLqgeRoIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MDRjYzBlMDM4ZWIwZTY5N2VjNmU3YWU0OWQwMjg2MTQ2
ZTBjMWEwHhcNMjYwMTAyMDgxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTNmMDRlN2I5MTE5MTdiMjNlMTUwNjc5ZjM1ZGM5NjE2NjQ0ZjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT85PhVew0JYHhgK6T1N0zl1dOSi
ppmb3Z7f8wbkFo19IdkzlECFAU52gltSywjgNx5y+GgQNk0giZzXi5aIiGx/8lMC
r6+FfnVBXzw0OPaSJRcwyXHScrODmuzV6mMgdihJz5PE8acSBAjE7CvmX+e81F7y
XVzBQIaLp5Dmutbz/X/a+anHYx+7QRKHc7rcbc8Ll4XbRI8SV+2Xye7Cu2RbS2JZ
pMVvURHNHm33tcOwef8T4Sx5Z9C21Az0xFDsj8dgv9EFqpvso84WRpUpKqgWHWHv
VAjKGozVC+K+fs30IJN+7oWwuQII8vyPEv3M851QoY1Zq20diL83Ll46eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLk/BOe5EZF7I+FQZ5813JYWZE9mMB8GA1UdIwQY
MBaAFLQEzA4DjrDml+xueuSdAoYUbgwaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1Yjkt
ODZhMmYwNjdiNGU4LzEvdVQ4RTU3a1JrWHNqNFZCbm56WGNsaFprVDJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1YjktODZhMmYwNjdiNGU4
LzEvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQASnoYMA0G
CSqGSIb3DQEBCwUAA4IBAQBFZKrkIGDPJ1cH39VCVWc6VSaoj733iNsBXDu01lwQ
BsZ7Jr1mM5DIyUdGyCKoKxdih+MtPtamnbYE685GgKeAaBN7rprwfQLuuJ1lUCA9
oZAbVS0QylpkarvuMahjCaoB8oNxNaZ84zKy0aZiUY0TI3sjzq6iIFBvq4jUMyk8
U3UDffRktsJlkKug2r+g9SWxfouz05L9aTyax/7W/gtiN/Udrhco5F/A4ZMZPCGT
hOlI+STFaSkmFblT7vjIige/8HUusmHoByuhVIK9VTyhXQvzFjFgzDF+855VLJJa
n64u3YLv3ubGZhUFQpih94FLwmbtOigsjqhW+GTA+HzR
-----END CERTIFICATE-----