Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/sFDlAae_e4rCy18vO5StHwY2vB8.roa
File:                     sFDlAae_e4rCy18vO5StHwY2vB8.roa (raw, json)
Hash identifier:          GEN4RnQNUr/MDnoaeQ1hlzfxdQjw3Q/9DMfhbR8wnfM=
Subject key identifier:   B0:50:E5:01:A7:BF:7B:8A:C2:CB:5F:2F:3B:94:AD:1F:06:36:BC:1F
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       019D061AC160DA984E32832B34C0992E50BA
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/sFDlAae_e4rCy18vO5StHwY2vB8.roa
Signing time:             Thu 19 Mar 2026 12:38:29 +0000
ROA not before:           Thu 19 Mar 2026 12:38:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207223
IP address blocks:        88.223.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:1a:c1:60:da:98:4e:32:83:2b:34:c0:99:2e:50:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Mar 19 12:38:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b050e501a7bf7b8ac2cb5f2f3b94ad1f0636bc1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ab:61:a9:6d:2a:66:d7:67:a8:62:33:b6:a6:
                    51:fa:f6:c0:8c:c8:df:7c:f3:f7:19:f2:ba:91:f6:
                    d8:cf:42:c0:b8:82:5f:09:10:5c:81:55:0a:e7:d3:
                    40:d6:c3:d4:a2:0e:67:a8:5e:a0:db:54:ca:b3:22:
                    93:da:c8:4e:57:c1:e2:ee:fd:47:12:c6:ae:0f:68:
                    92:25:93:b6:79:76:56:e0:72:89:43:73:95:54:3c:
                    51:63:f3:bc:ec:7c:f8:42:85:2b:28:60:77:9f:f4:
                    57:9b:31:e5:82:cd:f9:82:dd:11:ce:c9:25:5c:ab:
                    7d:02:0b:86:84:77:ba:58:58:b5:b9:2d:1b:64:69:
                    a2:42:8f:77:b7:a1:6e:f2:89:db:5a:fd:ea:5d:56:
                    8a:13:11:b5:b0:8a:50:7d:90:4c:1f:82:16:4a:4c:
                    11:d2:f9:ff:5d:48:50:e5:8e:6f:05:81:ce:11:a1:
                    97:da:1f:a9:1d:ef:71:5d:c1:69:03:16:a9:07:41:
                    a4:be:78:25:27:8a:0f:fd:99:95:c1:1c:89:2a:86:
                    e5:52:21:01:3d:70:d8:b5:be:28:45:19:ee:9f:34:
                    c7:ed:9c:7d:3e:4e:25:8b:60:41:55:d4:6b:80:b7:
                    7b:9b:cb:2e:f8:65:fd:bd:ad:9d:a0:03:66:39:5d:
                    e6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:50:E5:01:A7:BF:7B:8A:C2:CB:5F:2F:3B:94:AD:1F:06:36:BC:1F
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/sFDlAae_e4rCy18vO5StHwY2vB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.223.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:50:2c:95:de:eb:c6:9a:aa:7f:0e:b0:25:f3:dd:74:36:aa:
         08:1e:bc:50:ef:39:e8:d6:6a:ff:ce:58:0e:b4:18:78:de:2c:
         b3:ee:08:70:3a:58:a7:16:b1:14:1e:bd:42:61:96:fa:41:a6:
         a3:52:8e:92:aa:4d:fb:7c:ee:73:b2:71:19:ae:d5:c1:fd:33:
         98:14:78:b2:23:14:1d:4a:58:a0:22:58:7e:16:8b:6d:6a:b4:
         7d:4a:60:99:f9:3d:67:45:28:85:80:be:29:f2:71:e5:63:36:
         4f:ec:c2:03:23:94:93:7b:8f:e2:ab:d6:15:7b:b2:9b:ba:41:
         9a:22:24:59:05:c1:f1:f9:a4:3a:8a:2a:2f:20:2b:61:40:a9:
         b4:b5:46:ef:da:ab:10:d4:5f:f7:63:3d:3c:a3:bd:61:7d:d9:
         94:7e:9f:2f:43:cb:ae:1b:ad:8f:e5:58:54:05:e4:85:80:82:
         e3:2f:7a:c0:d7:cd:c2:ce:f7:95:c4:7a:f0:e7:5d:ab:b9:49:
         ce:62:27:0a:7c:d8:af:83:71:1a:ba:42:ca:f5:97:a2:55:35:
         24:15:4e:08:92:f5:6f:d3:c7:f2:56:50:71:1f:51:14:8a:d8:
         ff:9d:dc:e7:33:b5:92:4b:e9:43:b5:14:ce:96:28:1c:9d:18:
         7f:df:b8:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0GGsFg2phOMoMrNMCZLlC6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjYwMzE5MTIzODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDUwZTUwMWE3YmY3YjhhYzJjYjVmMmYzYjk0YWQxZjA2MzZiYzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6thqW0qZtdnqGIztqZR+vbAjMjf
fPP3GfK6kfbYz0LAuIJfCRBcgVUK59NA1sPUog5nqF6g21TKsyKT2shOV8Hi7v1H
EsauD2iSJZO2eXZW4HKJQ3OVVDxRY/O87Hz4QoUrKGB3n/RXmzHlgs35gt0Rzskl
XKt9AguGhHe6WFi1uS0bZGmiQo93t6Fu8onbWv3qXVaKExG1sIpQfZBMH4IWSkwR
0vn/XUhQ5Y5vBYHOEaGX2h+pHe9xXcFpAxapB0GkvnglJ4oP/ZmVwRyJKoblUiEB
PXDYtb4oRRnunzTH7Zx9Pk4li2BBVdRrgLd7m8su+GX9va2doANmOV3mBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBQ5QGnv3uKwstfLzuUrR8GNrwfMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvc0ZEbEFhZV9lNHJDeTE4dk81U3RId1kydkI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWN/RMA0G
CSqGSIb3DQEBCwUAA4IBAQA+UCyV3uvGmqp/DrAl8910NqoIHrxQ7zno1mr/zlgO
tBh43iyz7ghwOlinFrEUHr1CYZb6QaajUo6Sqk37fO5zsnEZrtXB/TOYFHiyIxQd
SligIlh+FottarR9SmCZ+T1nRSiFgL4p8nHlYzZP7MIDI5STe4/iq9YVe7KbukGa
IiRZBcHx+aQ6iiovICthQKm0tUbv2qsQ1F/3Yz08o71hfdmUfp8vQ8uuG62P5VhU
BeSFgILjL3rA183CzveVxHrw512ruUnOYicKfNivg3EaukLK9ZeiVTUkFU4IkvVv
08fyVlBxH1EUitj/ndznM7WSS+lDtRTOligcnRh/37id
-----END CERTIFICATE-----