Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7JNNc_AQHcCs0WHYqH2N8OHHJuM.roa
File:                     7JNNc_AQHcCs0WHYqH2N8OHHJuM.roa (raw, json)
Hash identifier:          k+WXrgX/QCXgbBZM0bJzZCyIaxFttN5YFSkhyJn7Nqc=
Subject key identifier:   EC:93:4D:73:F0:10:1D:C0:AC:D1:61:D8:A8:7D:8D:F0:E1:C7:26:E3
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019E06E1D59F4FFE67304198BF298193419D
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7JNNc_AQHcCs0WHYqH2N8OHHJuM.roa
Signing time:             Fri 08 May 2026 09:18:44 +0000
ROA not before:           Fri 08 May 2026 09:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204535
IP address blocks:        88.209.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:06:e1:d5:9f:4f:fe:67:30:41:98:bf:29:81:93:41:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: May  8 09:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ec934d73f0101dc0acd161d8a87d8df0e1c726e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:60:b2:12:ef:ba:8e:62:9e:98:ec:88:ef:18:
                    e0:ac:56:ca:ca:49:1c:e5:28:dd:42:34:99:55:98:
                    08:bd:d8:10:0a:3b:83:9c:ed:03:6b:bc:ab:bd:ad:
                    d0:6b:db:f6:25:67:11:54:33:bd:f4:c0:37:e0:e1:
                    28:be:f4:fd:d1:da:f8:ba:36:0e:2d:c7:cd:f0:d5:
                    0e:7e:3c:74:d4:02:77:87:ba:e7:bc:84:fd:28:4c:
                    6e:76:db:0f:79:29:e7:75:9c:24:0c:9c:d4:a4:fd:
                    e8:67:b2:56:75:96:f2:3d:2f:10:ec:11:cd:d2:28:
                    f9:b6:89:da:df:b5:90:0e:61:3e:41:64:aa:11:03:
                    06:65:3b:d4:95:df:2e:82:7f:63:19:53:0c:72:87:
                    5e:8e:85:5a:a4:56:c2:65:bf:53:a4:5a:00:e2:91:
                    f2:0d:f3:72:8d:35:14:45:82:40:12:c0:b3:a5:7a:
                    4c:03:71:ee:14:0c:b1:42:8f:48:87:89:70:bc:f2:
                    7a:1b:d0:9b:08:12:14:45:a7:3d:85:dc:1d:b9:59:
                    c9:2a:67:49:f5:06:c3:12:b9:ee:b0:ef:3f:c4:c9:
                    10:f0:19:91:d7:53:0d:5e:35:a5:c2:d2:0d:1d:be:
                    fe:75:b7:98:3d:9f:10:12:71:82:5e:a5:cd:6e:a7:
                    be:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:93:4D:73:F0:10:1D:C0:AC:D1:61:D8:A8:7D:8D:F0:E1:C7:26:E3
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7JNNc_AQHcCs0WHYqH2N8OHHJuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:63:79:d9:00:70:64:7e:8c:8d:6e:5a:f9:59:72:a0:08:bb:
         cb:f0:df:14:05:aa:c7:d9:2c:60:3e:f7:8c:06:b3:74:b7:b6:
         0b:e5:aa:03:99:6c:ca:b5:99:eb:58:cb:67:09:b1:bd:7d:a7:
         d4:06:75:0c:98:40:58:27:bc:b4:62:c0:ee:01:e4:fb:b6:bf:
         fc:4d:c4:7a:af:06:e5:3f:f2:50:81:2a:68:cb:12:c4:50:2a:
         d3:46:9f:0a:67:ee:8d:eb:90:7d:1a:29:96:b3:61:ca:e8:8f:
         f6:e4:8c:35:f8:bb:65:19:21:68:d6:a2:b9:c9:cc:fc:7b:82:
         86:a7:2c:84:a3:12:07:c4:b3:ba:16:ba:42:f9:b4:4c:01:a5:
         b8:d8:f0:e3:ba:8e:df:a7:e8:42:6f:5c:da:4c:83:62:1b:c6:
         bf:c0:7e:e0:d9:62:6e:77:da:f0:ff:ca:73:d9:68:45:c7:ad:
         13:3a:3e:4f:8d:59:18:96:a6:50:d0:b8:c2:9c:75:3e:1c:79:
         e2:01:0c:b9:24:20:be:43:2f:f7:31:13:1f:4b:a1:52:bd:b2:
         c4:e2:12:53:4c:a0:9e:27:d5:3a:08:d3:f5:c7:60:0f:b0:d6:
         c8:3f:74:06:c8:83:a7:c4:4d:34:71:0f:d7:b1:6a:14:98:47:
         c3:7b:b3:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4G4dWfT/5nMEGYvymBk0GdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjYwNTA4MDkxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzkzNGQ3M2YwMTAxZGMwYWNkMTYxZDhhODdkOGRmMGUxYzcyNmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmCyEu+6jmKemOyI7xjgrFbKykkc
5SjdQjSZVZgIvdgQCjuDnO0Da7yrva3Qa9v2JWcRVDO99MA34OEovvT90dr4ujYO
LcfN8NUOfjx01AJ3h7rnvIT9KExudtsPeSnndZwkDJzUpP3oZ7JWdZbyPS8Q7BHN
0ij5tona37WQDmE+QWSqEQMGZTvUld8ugn9jGVMMcodejoVapFbCZb9TpFoA4pHy
DfNyjTUURYJAEsCzpXpMA3HuFAyxQo9Ih4lwvPJ6G9CbCBIURac9hdwduVnJKmdJ
9QbDErnusO8/xMkQ8BmR11MNXjWlwtINHb7+dbeYPZ8QEnGCXqXNbqe+YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOyTTXPwEB3ArNFh2Kh9jfDhxybjMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvN0pOTmNfQVFIY0NzMFdIWXFIMk44T0hISnVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNHYMA0G
CSqGSIb3DQEBCwUAA4IBAQCIY3nZAHBkfoyNblr5WXKgCLvL8N8UBarH2SxgPveM
BrN0t7YL5aoDmWzKtZnrWMtnCbG9fafUBnUMmEBYJ7y0YsDuAeT7tr/8TcR6rwbl
P/JQgSpoyxLEUCrTRp8KZ+6N65B9GimWs2HK6I/25Iw1+LtlGSFo1qK5ycz8e4KG
pyyEoxIHxLO6FrpC+bRMAaW42PDjuo7fp+hCb1zaTINiG8a/wH7g2WJud9rw/8pz
2WhFx60TOj5PjVkYlqZQ0LjCnHU+HHniAQy5JCC+Qy/3MRMfS6FSvbLE4hJTTKCe
J9U6CNP1x2APsNbIP3QGyIOnxE00cQ/XsWoUmEfDe7Pl
-----END CERTIFICATE-----