Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/INCU2iAXvTzNbBMSAxlrItQxyhA.roa
File:                     INCU2iAXvTzNbBMSAxlrItQxyhA.roa (raw, json)
Hash identifier:          QjZs1QBxW0pY83BtGBXtgMXwn/IF6AETwK3PZKsE2JQ=
Subject key identifier:   20:D0:94:DA:20:17:BD:3C:CD:6C:13:12:03:19:6B:22:D4:31:CA:10
Certificate issuer:       /CN=88fb410a3bfc7340b667b4f221c7cb806267896e
Certificate serial:       019D9B1FB953B8F22AD88AEFC6D74C19E07F
Authority key identifier: 88:FB:41:0A:3B:FC:73:40:B6:67:B4:F2:21:C7:CB:80:62:67:89:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iPtBCjv8c0C2Z7TyIcfLgGJniW4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/INCU2iAXvTzNbBMSAxlrItQxyhA.roa
Signing time:             Fri 17 Apr 2026 11:07:20 +0000
ROA not before:           Fri 17 Apr 2026 11:07:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198846
IP address blocks:        194.99.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/iPtBCjv8c0C2Z7TyIcfLgGJniW4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/iPtBCjv8c0C2Z7TyIcfLgGJniW4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iPtBCjv8c0C2Z7TyIcfLgGJniW4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 11:07:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9b:1f:b9:53:b8:f2:2a:d8:8a:ef:c6:d7:4c:19:e0:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88fb410a3bfc7340b667b4f221c7cb806267896e
        Validity
            Not Before: Apr 17 11:07:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20d094da2017bd3ccd6c131203196b22d431ca10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2b:1b:fd:d2:7d:52:4b:f9:23:c2:0e:ba:77:
                    0c:2e:6d:7a:28:b4:b4:b7:77:ca:11:e7:9f:62:06:
                    92:75:bb:c6:66:1f:ac:05:81:0c:1f:f9:eb:6c:57:
                    49:4a:7e:9f:e2:ae:19:3a:f6:a6:38:0d:22:b8:be:
                    a0:21:c7:c7:96:11:94:6c:d2:e9:f2:4a:e7:db:16:
                    e5:f9:51:09:46:71:54:2d:34:af:a4:dc:7d:5f:f0:
                    14:26:a4:d5:19:f3:48:2f:cc:1b:9b:ce:86:33:2e:
                    80:ad:93:d3:fb:d0:24:01:19:aa:fc:61:0e:9f:85:
                    e4:a8:dc:f3:f1:04:b8:ff:f1:21:b0:b0:19:76:c9:
                    cf:c2:70:9e:56:55:ed:ab:c5:f1:c8:57:f8:f3:d0:
                    22:94:36:97:0e:d2:51:a2:f5:c0:72:5a:59:94:ec:
                    05:b6:b1:e1:38:31:d8:c8:4d:f1:6f:c8:d1:2d:31:
                    d5:46:22:dd:5b:84:89:e3:c2:5d:18:d5:90:1a:48:
                    be:c1:d3:e2:0f:1d:ea:27:f9:99:5f:b1:35:28:cd:
                    d4:7e:e2:49:04:a5:fc:5f:4c:da:61:7e:ae:b1:45:
                    8e:7f:ca:cb:aa:28:01:15:7c:bd:2a:d6:c3:8c:44:
                    1c:92:19:f3:12:bf:ec:38:64:77:69:fd:ee:79:fe:
                    86:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:D0:94:DA:20:17:BD:3C:CD:6C:13:12:03:19:6B:22:D4:31:CA:10
            X509v3 Authority Key Identifier:
                keyid:88:FB:41:0A:3B:FC:73:40:B6:67:B4:F2:21:C7:CB:80:62:67:89:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iPtBCjv8c0C2Z7TyIcfLgGJniW4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/INCU2iAXvTzNbBMSAxlrItQxyhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/iPtBCjv8c0C2Z7TyIcfLgGJniW4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:ce:2c:98:6f:0c:87:2b:d3:ae:23:71:22:24:a9:50:00:d0:
         60:23:1e:78:cc:fe:a1:7a:7e:b9:1b:8e:da:f4:da:46:9d:af:
         9e:d3:f8:ad:59:47:55:43:b7:0a:da:10:d7:b9:80:e7:a2:e0:
         76:f8:25:f4:3d:35:b4:7f:94:6f:84:9b:13:a0:e0:3b:a1:f8:
         74:82:6f:40:e4:3b:a3:f4:75:e8:66:98:27:b1:0d:e0:96:88:
         cf:b7:a2:39:6e:03:c8:7a:71:77:1d:ac:b7:55:73:d2:5a:4b:
         d6:71:7a:20:55:67:0c:9f:48:9b:d3:cf:6d:65:c0:d7:15:f0:
         c0:77:3f:30:df:25:ec:8a:cb:90:16:42:76:8f:92:08:29:d0:
         e7:b9:01:fd:f8:ba:99:10:01:9e:8a:e8:e6:80:10:52:3e:48:
         44:45:60:fe:1d:66:07:4b:95:85:46:61:17:20:dd:17:54:a3:
         6e:4f:6c:43:04:15:9f:97:8c:08:29:9a:52:43:c6:33:c2:e9:
         3c:f1:5b:e9:a0:e2:e6:1d:15:c8:2e:70:e9:f8:46:00:18:83:
         7c:c5:b7:36:f1:d8:ba:93:9e:4e:6b:8a:8e:f3:9a:64:1e:bf:
         6e:36:3e:7c:34:f9:fe:8e:77:94:57:58:73:6c:9a:79:64:a6:
         47:5e:66:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2bH7lTuPIq2IrvxtdMGeB/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZmI0MTBhM2JmYzczNDBiNjY3YjRmMjIxYzdjYjgwNjI2
Nzg5NmUwHhcNMjYwNDE3MTEwNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGQwOTRkYTIwMTdiZDNjY2Q2YzEzMTIwMzE5NmIyMmQ0MzFjYTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCsb/dJ9Ukv5I8IOuncMLm16KLS0
t3fKEeefYgaSdbvGZh+sBYEMH/nrbFdJSn6f4q4ZOvamOA0iuL6gIcfHlhGUbNLp
8krn2xbl+VEJRnFULTSvpNx9X/AUJqTVGfNIL8wbm86GMy6ArZPT+9AkARmq/GEO
n4XkqNzz8QS4//EhsLAZdsnPwnCeVlXtq8XxyFf489AilDaXDtJRovXAclpZlOwF
trHhODHYyE3xb8jRLTHVRiLdW4SJ48JdGNWQGki+wdPiDx3qJ/mZX7E1KM3UfuJJ
BKX8X0zaYX6usUWOf8rLqigBFXy9KtbDjEQckhnzEr/sOGR3af3uef6GmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCDQlNogF708zWwTEgMZayLUMcoQMB8GA1UdIwQY
MBaAFIj7QQo7/HNAtme08iHHy4BiZ4luMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVB0QkNqdjhjMEMyWjdUeUljZkxnR0puaVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80NDYyNGYtMjMxZC00NjZjLWJiMDIt
YjM4YzgwOTUxOTgxLzEvSU5DVTJpQVh2VHpOYkJNU0F4bHJJdFF4eWhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80NDYyNGYtMjMxZC00NjZjLWJiMDItYjM4YzgwOTUxOTgx
LzEvaVB0QkNqdjhjMEMyWjdUeUljZkxnR0puaVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmNKMA0G
CSqGSIb3DQEBCwUAA4IBAQCaziyYbwyHK9OuI3EiJKlQANBgIx54zP6hen65G47a
9NpGna+e0/itWUdVQ7cK2hDXuYDnouB2+CX0PTW0f5RvhJsToOA7ofh0gm9A5Duj
9HXoZpgnsQ3glojPt6I5bgPIenF3Hay3VXPSWkvWcXogVWcMn0ib089tZcDXFfDA
dz8w3yXsisuQFkJ2j5IIKdDnuQH9+LqZEAGeiujmgBBSPkhERWD+HWYHS5WFRmEX
IN0XVKNuT2xDBBWfl4wIKZpSQ8Yzwuk88VvpoOLmHRXILnDp+EYAGIN8xbc28di6
k55Oa4qO85pkHr9uNj58NPn+jneUV1hzbJp5ZKZHXmbN
-----END CERTIFICATE-----