Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/mG70oaiQLw1CChve0widRVbMPck.roa
File:                     mG70oaiQLw1CChve0widRVbMPck.roa (raw, json)
Hash identifier:          YUzhMfkYxAz3L8ebkuYt8br4uvQAozQEY+LaakqqCkA=
Subject key identifier:   98:6E:F4:A1:A8:90:2F:0D:42:0A:1B:DE:D3:08:9D:45:56:CC:3D:C9
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       019D056AF9410998D71740D9B6F6F80D141F
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/mG70oaiQLw1CChve0widRVbMPck.roa
Signing time:             Thu 19 Mar 2026 09:26:29 +0000
ROA not before:           Thu 19 Mar 2026 09:26:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150293
IP address blocks:        88.223.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 21:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:05:6a:f9:41:09:98:d7:17:40:d9:b6:f6:f8:0d:14:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Mar 19 09:26:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=986ef4a1a8902f0d420a1bded3089d4556cc3dc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:68:84:6d:2a:72:a5:98:e6:6d:c6:09:1a:69:
                    35:d0:fc:29:82:4a:ab:df:27:fe:6f:a6:63:3d:24:
                    c3:b5:b7:4d:87:de:a6:28:4d:43:da:54:13:70:65:
                    02:01:12:da:e3:01:83:cf:0a:7d:55:36:5a:f5:92:
                    db:99:ce:ee:b8:15:7e:fb:09:ed:57:aa:ed:66:23:
                    eb:28:38:1e:5a:09:e1:84:e1:cd:95:24:3b:e9:65:
                    73:91:ee:94:c7:42:e3:f9:09:ff:6a:d4:ee:2a:5b:
                    c9:75:77:47:9e:0b:aa:0d:10:02:7b:f6:5e:79:fb:
                    d0:88:e3:7f:d8:7a:5e:fe:0e:22:62:17:4a:c1:8d:
                    f9:dc:19:d7:c3:b3:51:94:a3:52:e5:ac:d4:1c:4f:
                    e2:ff:fd:de:73:8d:08:d1:ca:7b:a9:c2:29:62:a5:
                    cd:d7:1b:48:df:9d:f8:6c:c4:eb:9d:c0:91:34:be:
                    dc:da:e2:61:01:eb:50:65:70:dc:a1:a1:c7:0d:69:
                    5d:ca:2d:a0:49:e6:fe:53:e6:bf:82:2d:de:c6:18:
                    b9:24:ab:4f:6d:d2:5a:a2:d8:d3:9c:db:89:d6:31:
                    17:04:8b:3e:20:48:16:fe:df:30:30:92:6f:67:99:
                    54:eb:a0:b9:fc:c9:30:df:63:f4:e6:af:be:bb:4f:
                    ab:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:6E:F4:A1:A8:90:2F:0D:42:0A:1B:DE:D3:08:9D:45:56:CC:3D:C9
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/mG70oaiQLw1CChve0widRVbMPck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.223.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:93:57:dd:f2:a3:f0:62:4f:7f:0e:2b:6d:15:1f:03:d0:76:
         02:fc:71:df:56:0f:28:0b:e8:b4:25:0e:10:45:de:a6:ca:87:
         d2:cb:08:0d:e2:7f:66:d6:51:23:31:6f:65:b6:59:c5:3c:34:
         1a:c9:34:14:70:fc:ec:36:0b:2e:cb:5d:e8:05:70:a5:b7:e8:
         45:e1:c0:7c:ca:d4:f2:83:b8:b0:bb:ae:91:e2:0d:10:6d:a2:
         73:22:da:62:20:7e:cd:08:ee:86:d3:44:6b:9f:bf:36:28:85:
         75:70:a3:69:f0:1a:89:c1:ef:5e:2f:ce:55:f4:c3:fb:a5:14:
         9e:3f:e7:79:c3:e6:e9:b0:1b:eb:39:6e:6c:cd:8d:d1:5d:4d:
         e0:8b:8f:4f:27:96:e0:b7:59:9a:43:19:78:9e:13:82:4c:8f:
         3a:ff:f2:4b:56:c8:ba:52:08:b4:dc:dd:dc:6f:88:a7:b0:95:
         60:ad:93:d5:9e:11:f4:be:2b:80:d1:79:82:e3:01:bf:bc:57:
         b6:fc:1b:40:69:79:58:de:58:1b:27:64:55:f4:e1:a7:23:53:
         e7:fb:93:fd:9d:3b:78:89:80:33:96:c8:94:ec:0a:98:e9:63:
         2b:de:39:44:73:37:50:f4:27:e6:f0:f6:82:de:ea:84:6a:5c:
         75:50:a9:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0FavlBCZjXF0DZtvb4DRQfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjYwMzE5MDkyNjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODZlZjRhMWE4OTAyZjBkNDIwYTFiZGVkMzA4OWQ0NTU2Y2MzZGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWiEbSpypZjmbcYJGmk10Pwpgkqr
3yf+b6ZjPSTDtbdNh96mKE1D2lQTcGUCARLa4wGDzwp9VTZa9ZLbmc7uuBV++wnt
V6rtZiPrKDgeWgnhhOHNlSQ76WVzke6Ux0Lj+Qn/atTuKlvJdXdHnguqDRACe/Ze
efvQiON/2Hpe/g4iYhdKwY353BnXw7NRlKNS5azUHE/i//3ec40I0cp7qcIpYqXN
1xtI3534bMTrncCRNL7c2uJhAetQZXDcoaHHDWldyi2gSeb+U+a/gi3exhi5JKtP
bdJaotjTnNuJ1jEXBIs+IEgW/t8wMJJvZ5lU66C5/Mkw32P05q++u0+ruwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhu9KGokC8NQgob3tMInUVWzD3JMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvbUc3MG9haVFMdzFDQ2h2ZTB3aWRSVmJNUGNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWN+oMA0G
CSqGSIb3DQEBCwUAA4IBAQCVk1fd8qPwYk9/DittFR8D0HYC/HHfVg8oC+i0JQ4Q
Rd6myofSywgN4n9m1lEjMW9ltlnFPDQayTQUcPzsNgsuy13oBXClt+hF4cB8ytTy
g7iwu66R4g0QbaJzItpiIH7NCO6G00Rrn782KIV1cKNp8BqJwe9eL85V9MP7pRSe
P+d5w+bpsBvrOW5szY3RXU3gi49PJ5bgt1maQxl4nhOCTI86//JLVsi6Ugi03N3c
b4insJVgrZPVnhH0viuA0XmC4wG/vFe2/BtAaXlY3lgbJ2RV9OGnI1Pn+5P9nTt4
iYAzlsiU7AqY6WMr3jlEczdQ9Cfm8PaC3uqEalx1UKld
-----END CERTIFICATE-----