Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/l88JdS50yrjIVRSUUl2jPPeRe3s.roa
File:                     l88JdS50yrjIVRSUUl2jPPeRe3s.roa (raw, json)
Hash identifier:          J/dIP7XXrBRnfVF0N2xfiiwXJ85Wr09ILZyu6yjNfs0=
Subject key identifier:   97:CF:09:75:2E:74:CA:B8:C8:55:14:94:52:5D:A3:3C:F7:91:7B:7B
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019DCDECE282E780B7051324C2C8932F8415
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/l88JdS50yrjIVRSUUl2jPPeRe3s.roa
Signing time:             Mon 27 Apr 2026 07:52:26 +0000
ROA not before:           Mon 27 Apr 2026 07:52:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57013
IP address blocks:        185.113.250.0/24 maxlen: 24
                          185.210.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cd:ec:e2:82:e7:80:b7:05:13:24:c2:c8:93:2f:84:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Apr 27 07:52:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=97cf09752e74cab8c8551494525da33cf7917b7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:19:fe:b0:47:55:fa:40:19:44:55:05:c2:dd:
                    67:bc:c7:34:93:6a:73:eb:1a:74:b5:f5:fc:b8:00:
                    4f:b0:2a:67:1b:05:7e:36:79:91:c2:a4:76:fc:64:
                    bb:70:65:80:9a:0e:1a:3c:12:b4:06:b4:95:89:2b:
                    1b:c2:db:cb:d6:e0:d6:fb:ac:6c:db:d4:40:a1:6c:
                    47:0e:e3:b1:d3:97:76:53:19:f1:8f:4a:b6:d8:31:
                    10:84:bf:85:f5:82:19:38:8e:25:38:26:10:ce:73:
                    89:51:74:8c:a1:5a:1e:ef:8c:e7:27:54:64:ff:0a:
                    ff:af:1f:d9:b0:b3:26:4f:e6:e9:02:90:aa:b6:61:
                    9d:f1:91:13:56:33:10:6b:95:55:ff:db:76:ce:67:
                    4b:e9:02:fd:af:7c:dc:a1:d8:ae:c6:f5:23:ca:49:
                    64:68:11:7c:a9:86:d0:42:e7:ad:3f:e9:d1:ad:24:
                    2c:6e:f4:fc:5e:55:49:9c:94:3f:ea:d2:a8:12:65:
                    b7:c3:a0:4d:22:40:56:17:ac:d5:e6:de:34:a6:ca:
                    6a:0d:de:16:4c:b2:3e:12:fa:bf:ad:c5:9b:c6:65:
                    75:7b:32:b4:c6:7b:da:24:60:af:d3:eb:e8:9e:bc:
                    69:12:8e:1f:ef:b0:7f:0b:45:d4:b2:71:f8:6f:6c:
                    68:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:CF:09:75:2E:74:CA:B8:C8:55:14:94:52:5D:A3:3C:F7:91:7B:7B
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/l88JdS50yrjIVRSUUl2jPPeRe3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.250.0/24
                  185.210.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:2b:e3:ef:53:af:93:ad:a8:69:51:95:99:c4:5a:25:40:e5:
         fd:ea:78:cf:c1:fd:47:d7:c3:37:82:39:43:47:01:8f:a1:e5:
         5d:73:5c:81:19:f7:87:42:7f:3b:d8:95:8a:36:34:73:9b:51:
         4b:99:41:44:d6:2e:40:52:69:c4:70:69:3f:68:66:9d:e2:90:
         6c:74:19:8b:30:fa:c2:10:77:3c:d3:62:d4:f1:88:31:af:52:
         83:8a:b5:99:e3:69:c8:3c:2a:bc:3b:bc:e9:d9:d3:3c:64:57:
         b0:34:6c:d8:92:34:3b:15:ba:e9:1e:6e:ce:13:cc:05:30:d8:
         2a:5a:2e:2f:c9:05:57:08:37:66:9a:b1:06:87:25:19:5c:c7:
         96:fa:2d:0d:e3:8a:8e:e2:a6:d0:5d:d2:b4:34:aa:23:b4:d1:
         f0:7b:59:e6:4e:17:b0:ef:34:cd:ec:00:c1:56:e5:c3:41:bc:
         6c:17:24:91:11:bc:a1:aa:18:d4:43:53:62:db:4b:15:66:1d:
         24:e4:72:13:13:6e:57:11:43:87:8e:b7:7d:34:73:e0:df:fb:
         77:2d:00:20:13:ec:35:1a:72:5a:c3:84:c4:22:a8:a3:45:57:
         96:d2:54:72:b8:43:cd:1a:04:d5:5f:1e:e3:df:d6:56:bb:02:
         9e:2d:98:95
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3N7OKC54C3BRMkwsiTL4QVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjYwNDI3MDc1MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2NmMDk3NTJlNzRjYWI4Yzg1NTE0OTQ1MjVkYTMzY2Y3OTE3YjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshn+sEdV+kAZRFUFwt1nvMc0k2pz
6xp0tfX8uABPsCpnGwV+NnmRwqR2/GS7cGWAmg4aPBK0BrSViSsbwtvL1uDW+6xs
29RAoWxHDuOx05d2Uxnxj0q22DEQhL+F9YIZOI4lOCYQznOJUXSMoVoe74znJ1Rk
/wr/rx/ZsLMmT+bpApCqtmGd8ZETVjMQa5VV/9t2zmdL6QL9r3zcodiuxvUjyklk
aBF8qYbQQuetP+nRrSQsbvT8XlVJnJQ/6tKoEmW3w6BNIkBWF6zV5t40pspqDd4W
TLI+Evq/rcWbxmV1ezK0xnvaJGCv0+vonrxpEo4f77B/C0XUsnH4b2xojwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJfPCXUudMq4yFUUlFJdozz3kXt7MB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvbDg4SmRTNTB5cmpJVlJTVVVsMmpQUGVSZTNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuXH6AwQA
udKKMA0GCSqGSIb3DQEBCwUAA4IBAQAdK+PvU6+TrahpUZWZxFolQOX96njPwf1H
18M3gjlDRwGPoeVdc1yBGfeHQn872JWKNjRzm1FLmUFE1i5AUmnEcGk/aGad4pBs
dBmLMPrCEHc802LU8Ygxr1KDirWZ42nIPCq8O7zp2dM8ZFewNGzYkjQ7FbrpHm7O
E8wFMNgqWi4vyQVXCDdmmrEGhyUZXMeW+i0N44qO4qbQXdK0NKojtNHwe1nmThew
7zTN7ADBVuXDQbxsFySREbyhqhjUQ1Ni20sVZh0k5HITE25XEUOHjrd9NHPg3/t3
LQAgE+w1GnJaw4TEIqijRVeW0lRyuEPNGgTVXx7j39ZWuwKeLZiV
-----END CERTIFICATE-----