Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/q2L5SyKqID2l1hg0Qhj5bxpMU78.roa
File:                     q2L5SyKqID2l1hg0Qhj5bxpMU78.roa (raw, json)
Hash identifier:          Z9AmXohIpa+e04Joh+QhWbWtZMLnK/rjPBTVsW3zyT8=
Subject key identifier:   AB:62:F9:4B:22:AA:20:3D:A5:D6:18:34:42:18:F9:6F:1A:4C:53:BF
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       019D9017509C298B48F25C43C7168C8D2355
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/q2L5SyKqID2l1hg0Qhj5bxpMU78.roa
Signing time:             Wed 15 Apr 2026 07:42:20 +0000
ROA not before:           Wed 15 Apr 2026 07:42:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60117
IP address blocks:        185.253.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:90:17:50:9c:29:8b:48:f2:5c:43:c7:16:8c:8d:23:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Apr 15 07:42:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab62f94b22aa203da5d618344218f96f1a4c53bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:4b:48:6d:ea:e1:ab:5f:82:bc:12:8c:4f:67:
                    e6:ea:25:8c:6e:9b:af:29:b4:54:a6:51:99:bc:cb:
                    a9:22:0a:49:9a:45:fa:36:74:7f:31:e4:13:ac:4d:
                    2a:01:d0:ae:c3:6e:06:0b:7b:17:c3:a8:1e:1d:f3:
                    82:6e:d6:fb:61:ae:d7:69:43:e4:fc:7f:df:16:e7:
                    59:59:80:f9:1c:11:74:cd:49:bb:a4:fe:7e:27:20:
                    5c:86:29:5e:03:39:7b:15:e6:07:e4:ca:a7:d9:e5:
                    c0:a0:8b:4f:6a:51:a2:e7:97:a8:93:f1:7c:71:da:
                    8c:a8:e7:1e:48:59:cc:a1:2d:c6:7b:6f:1d:7f:e2:
                    a4:5b:09:65:33:d7:1f:e4:dd:6a:35:30:33:3e:10:
                    eb:93:21:db:6d:a5:4d:78:2b:90:64:95:0a:b2:44:
                    3b:10:85:a5:44:07:bc:8e:06:05:3c:f8:42:c8:a3:
                    02:e9:30:40:fd:6c:d7:ee:68:03:07:a7:bc:1b:e8:
                    a6:29:60:80:76:eb:82:30:f3:3e:17:07:f1:90:aa:
                    ff:61:7f:05:98:d6:fb:c1:81:0d:e1:a2:be:f1:44:
                    14:80:ed:2c:ee:17:4e:df:92:7e:55:ce:2e:e9:e6:
                    85:0c:78:cf:6d:82:c9:96:24:2e:55:e7:65:ae:0b:
                    d2:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:62:F9:4B:22:AA:20:3D:A5:D6:18:34:42:18:F9:6F:1A:4C:53:BF
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/q2L5SyKqID2l1hg0Qhj5bxpMU78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:d1:f8:ad:48:b3:98:e2:c0:02:7c:e6:47:30:21:e5:9a:1f:
         5b:e8:99:ed:99:b9:eb:4f:cc:d8:ed:fc:05:b7:5b:64:6b:7d:
         41:20:44:4b:62:17:9b:ad:eb:64:c4:e3:0e:26:a2:5a:4b:19:
         5a:66:14:6f:9b:1d:09:fd:97:11:8f:36:08:4c:ec:d8:54:e7:
         13:8c:a6:87:7a:e3:c7:92:25:e9:57:e9:34:4a:88:fd:f0:d1:
         1b:fc:a5:62:1b:59:15:c5:de:11:62:31:2b:3f:bd:8e:60:35:
         c8:f3:5e:84:03:89:3e:88:dd:11:12:b2:4d:b8:c5:b6:e3:d3:
         45:60:dd:0f:d8:24:07:f8:2d:19:4c:20:f2:cc:3e:3b:ce:e3:
         2d:d4:e5:3b:3f:66:c7:3f:5d:b8:a4:ad:59:4d:b8:12:64:88:
         67:a3:20:da:c0:76:1c:3f:1a:e2:04:38:41:97:93:2e:88:d4:
         f3:0f:d3:88:e8:16:d6:32:ec:44:12:a9:aa:9f:61:b6:73:7a:
         2b:be:11:77:ae:31:31:54:3c:d1:06:2c:c1:a1:f6:0b:fe:80:
         d8:85:72:b8:2d:35:44:50:5d:13:e7:2a:c1:62:08:5f:f2:37:
         ee:48:fe:6a:8c:21:c2:12:df:57:ba:1f:5b:be:23:b3:5e:74:
         0f:cc:cb:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2QF1CcKYtI8lxDxxaMjSNVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwNDE1MDc0MjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjYyZjk0YjIyYWEyMDNkYTVkNjE4MzQ0MjE4Zjk2ZjFhNGM1M2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1EtIberhq1+CvBKMT2fm6iWMbpuv
KbRUplGZvMupIgpJmkX6NnR/MeQTrE0qAdCuw24GC3sXw6geHfOCbtb7Ya7XaUPk
/H/fFudZWYD5HBF0zUm7pP5+JyBchileAzl7FeYH5Mqn2eXAoItPalGi55eok/F8
cdqMqOceSFnMoS3Ge28df+KkWwllM9cf5N1qNTAzPhDrkyHbbaVNeCuQZJUKskQ7
EIWlRAe8jgYFPPhCyKMC6TBA/WzX7mgDB6e8G+imKWCAduuCMPM+FwfxkKr/YX8F
mNb7wYEN4aK+8UQUgO0s7hdO35J+Vc4u6eaFDHjPbYLJliQuVedlrgvSJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKti+UsiqiA9pdYYNEIY+W8aTFO/MB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvcTJMNVN5S3FJRDJsMWhnMFFoajVieHBNVTc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf09MA0G
CSqGSIb3DQEBCwUAA4IBAQB10fitSLOY4sACfOZHMCHlmh9b6JntmbnrT8zY7fwF
t1tka31BIERLYhebretkxOMOJqJaSxlaZhRvmx0J/ZcRjzYITOzYVOcTjKaHeuPH
kiXpV+k0Soj98NEb/KViG1kVxd4RYjErP72OYDXI816EA4k+iN0RErJNuMW249NF
YN0P2CQH+C0ZTCDyzD47zuMt1OU7P2bHP124pK1ZTbgSZIhnoyDawHYcPxriBDhB
l5MuiNTzD9OI6BbWMuxEEqmqn2G2c3orvhF3rjExVDzRBizBofYL/oDYhXK4LTVE
UF0T5yrBYghf8jfuSP5qjCHCEt9Xuh9bviOzXnQPzMs4
-----END CERTIFICATE-----