Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/CakbuPAAvMJ7y10UkdQ3f0rAQ_8.roa
File:                     CakbuPAAvMJ7y10UkdQ3f0rAQ_8.roa (raw, json)
Hash identifier:          c7g3eRPhXHGsPL8ZlEcJjETf2t/U9ooVpI3BZvR5LA0=
Subject key identifier:   09:A9:1B:B8:F0:00:BC:C2:7B:CB:5D:14:91:D4:37:7F:4A:C0:43:FF
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019C9A3D7E78CACAF51F850E4D92369706CD
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/CakbuPAAvMJ7y10UkdQ3f0rAQ_8.roa
Signing time:             Thu 26 Feb 2026 13:57:27 +0000
ROA not before:           Thu 26 Feb 2026 13:57:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48207
IP address blocks:        88.218.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9a:3d:7e:78:ca:ca:f5:1f:85:0e:4d:92:36:97:06:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Feb 26 13:57:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09a91bb8f000bcc27bcb5d1491d4377f4ac043ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:1b:e8:e0:93:2a:3a:3d:53:ba:35:0c:0c:73:
                    00:f8:7e:42:b0:c1:20:f1:0c:c4:a0:71:1a:1e:9a:
                    31:63:27:83:de:d9:1f:78:a7:5d:19:30:df:2b:48:
                    79:de:79:1a:4a:f9:c4:17:14:dd:5f:79:3e:54:10:
                    f9:a1:ea:c5:77:ca:ea:63:8e:bc:69:18:0d:d1:7e:
                    80:00:24:6e:74:09:59:f5:66:28:dd:a1:71:1b:ab:
                    1d:11:1d:26:88:a0:69:39:30:92:1e:5f:82:16:0e:
                    36:f2:94:fc:a7:3e:8e:56:c9:94:48:77:0b:cb:6a:
                    87:d0:ce:cd:e2:48:f9:9c:48:b6:65:85:d7:73:55:
                    3c:ac:c1:ea:3a:d3:03:41:dc:a8:db:81:0a:64:e3:
                    1a:18:8f:dc:f6:3a:b0:04:ae:81:76:4a:76:bb:bc:
                    63:89:ca:b4:42:83:1d:65:0d:f6:7f:fe:e9:f2:35:
                    7e:66:6b:cc:29:d0:f3:fa:fb:01:f7:64:ec:42:64:
                    97:e7:79:c4:1a:01:e8:a7:ce:b5:fe:4d:fe:69:38:
                    50:df:4a:d7:e7:8d:8e:a4:e3:c4:01:b2:5e:dc:b6:
                    2f:04:58:fd:de:5d:be:4f:6c:f0:cc:79:2d:a2:c8:
                    7c:9b:2a:f1:78:d0:66:10:dc:33:a8:5e:1c:d2:ce:
                    d2:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:A9:1B:B8:F0:00:BC:C2:7B:CB:5D:14:91:D4:37:7F:4A:C0:43:FF
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/CakbuPAAvMJ7y10UkdQ3f0rAQ_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:3a:79:57:70:1b:86:4d:73:8a:7f:99:f4:cb:3f:87:5e:fe:
         78:f8:99:a8:c5:f8:04:5a:b1:d9:25:b6:da:28:35:67:fc:7d:
         25:99:73:d6:b5:60:ab:13:bc:e3:34:ff:05:fd:46:4d:ee:f5:
         30:90:11:eb:f7:3f:9f:ab:c9:0e:e4:fe:52:59:89:bd:40:46:
         a2:e2:2d:fa:83:a0:57:4d:27:6a:3d:b2:5b:ad:cc:7e:04:7f:
         d9:80:3c:83:be:20:32:f7:1c:ef:32:ce:db:bf:75:fe:3d:92:
         e6:0d:aa:7a:48:92:09:68:6f:34:97:af:fe:34:40:0f:d5:ee:
         f2:60:22:41:59:78:de:11:09:f6:64:b1:f6:a9:ad:c7:71:6d:
         59:6c:95:8c:40:59:85:d3:56:69:bd:e4:5f:33:5a:fc:13:e1:
         67:93:08:ff:a9:cd:77:6d:0c:15:71:3a:cd:02:b0:6a:35:f9:
         10:e8:96:fc:ed:6b:cd:6a:41:18:81:f4:2c:45:fc:23:fd:7c:
         5e:22:60:09:81:3c:e6:2f:9c:1a:28:e8:be:4a:d3:18:3c:c5:
         18:6a:79:a5:4a:1a:fa:93:71:a4:4f:04:c9:ff:5d:b1:19:a9:
         5f:7d:fa:be:60:9c:db:dd:1b:1b:ba:57:c2:ea:10:d2:e0:71:
         12:2e:c9:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyaPX54ysr1H4UOTZI2lwbNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwMjI2MTM1NzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWE5MWJiOGYwMDBiY2MyN2JjYjVkMTQ5MWQ0Mzc3ZjRhYzA0M2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Bvo4JMqOj1TujUMDHMA+H5CsMEg
8QzEoHEaHpoxYyeD3tkfeKddGTDfK0h53nkaSvnEFxTdX3k+VBD5oerFd8rqY468
aRgN0X6AACRudAlZ9WYo3aFxG6sdER0miKBpOTCSHl+CFg428pT8pz6OVsmUSHcL
y2qH0M7N4kj5nEi2ZYXXc1U8rMHqOtMDQdyo24EKZOMaGI/c9jqwBK6Bdkp2u7xj
icq0QoMdZQ32f/7p8jV+ZmvMKdDz+vsB92TsQmSX53nEGgHop861/k3+aThQ30rX
542OpOPEAbJe3LYvBFj93l2+T2zwzHktosh8myrxeNBmENwzqF4c0s7S4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAmpG7jwALzCe8tdFJHUN39KwEP/MB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvQ2FrYnVQQUF2TUo3eTEwVWtkUTNmMHJBUV84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNr6MA0G
CSqGSIb3DQEBCwUAA4IBAQBcOnlXcBuGTXOKf5n0yz+HXv54+JmoxfgEWrHZJbba
KDVn/H0lmXPWtWCrE7zjNP8F/UZN7vUwkBHr9z+fq8kO5P5SWYm9QEai4i36g6BX
TSdqPbJbrcx+BH/ZgDyDviAy9xzvMs7bv3X+PZLmDap6SJIJaG80l6/+NEAP1e7y
YCJBWXjeEQn2ZLH2qa3HcW1ZbJWMQFmF01ZpveRfM1r8E+Fnkwj/qc13bQwVcTrN
ArBqNfkQ6Jb87WvNakEYgfQsRfwj/XxeImAJgTzmL5waKOi+StMYPMUYanmlShr6
k3GkTwTJ/12xGalfffq+YJzb3RsbulfC6hDS4HESLsno
-----END CERTIFICATE-----