Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/CiOsTyFL2d40vTJ0m9LvEDBbyFI.roa
File:                     CiOsTyFL2d40vTJ0m9LvEDBbyFI.roa (raw, json)
Hash identifier:          VtrIAitong9umQO4BUpXCYiuBJOk+XfuDXmVgwoHhXU=
Subject key identifier:   0A:23:AC:4F:21:4B:D9:DE:34:BD:32:74:9B:D2:EF:10:30:5B:C8:52
Certificate issuer:       /CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
Certificate serial:       019D72EB5B205F58B3F298535DFBD7E19973
Authority key identifier: A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/CiOsTyFL2d40vTJ0m9LvEDBbyFI.roa
Signing time:             Thu 09 Apr 2026 15:45:20 +0000
ROA not before:           Thu 09 Apr 2026 15:45:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        87.248.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 21:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:72:eb:5b:20:5f:58:b3:f2:98:53:5d:fb:d7:e1:99:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
        Validity
            Not Before: Apr  9 15:45:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a23ac4f214bd9de34bd32749bd2ef10305bc852
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1d:06:45:ce:99:fd:77:01:0e:a9:84:d3:d6:
                    c2:2b:7d:87:fd:c3:e4:26:bc:ed:34:00:4e:0d:fb:
                    36:36:86:7b:f3:57:e3:cb:fa:04:21:27:90:03:c3:
                    f7:20:71:0c:e0:36:8d:9e:96:52:02:80:8f:b4:47:
                    ac:a3:09:82:ab:da:6b:1a:05:e8:64:b5:3c:cd:d3:
                    0e:d0:3b:34:78:59:28:62:74:f3:c4:8c:b8:2d:57:
                    32:31:db:0e:f2:5e:a6:3e:88:f0:04:d4:59:2e:6b:
                    e9:b7:a9:6b:0e:7b:89:a3:8c:e1:bd:d2:72:ed:c4:
                    9f:89:f2:f0:af:c6:73:ea:db:f0:f0:47:2d:6f:68:
                    d9:1b:4c:19:70:c5:c1:99:2e:fd:bd:02:05:69:f2:
                    0d:f1:03:e5:de:93:07:b4:2d:e8:94:7a:d6:7b:ea:
                    98:8d:d3:71:dc:38:0b:3a:5c:d1:8c:af:56:f3:c7:
                    75:a7:3f:ab:16:08:37:11:5b:b0:ba:de:98:9a:4e:
                    2b:00:43:f4:e2:d0:a5:ce:36:a8:05:89:00:18:88:
                    45:95:46:e8:22:6d:d0:65:d5:dc:3a:74:88:b4:12:
                    41:34:b2:f4:00:3e:09:21:5b:6c:80:79:b9:98:ed:
                    91:9a:ed:18:5c:39:9d:e9:ef:1b:33:f5:0f:ad:8e:
                    fd:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:23:AC:4F:21:4B:D9:DE:34:BD:32:74:9B:D2:EF:10:30:5B:C8:52
            X509v3 Authority Key Identifier:
                keyid:A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/CiOsTyFL2d40vTJ0m9LvEDBbyFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:50:07:75:3e:3a:75:0a:f1:dd:dc:15:a6:a7:f3:c7:30:8f:
         cf:6c:e4:00:8f:22:ed:18:81:39:d1:3e:83:d0:7c:14:4f:06:
         2f:4c:f5:2b:cc:1c:47:0b:46:4f:b6:dc:92:92:91:7a:6d:f6:
         dc:89:fb:6e:e2:80:b4:cd:67:9c:34:67:73:95:f6:b8:c8:f9:
         a7:f2:72:88:11:b3:c5:d1:04:c9:5d:ef:18:03:38:ca:83:21:
         08:d9:3d:5b:7a:e5:de:fc:1c:f6:0a:cb:eb:fe:11:13:a3:33:
         ea:02:e5:69:4e:30:ca:e4:3a:d2:94:87:cc:5d:85:79:24:fa:
         8d:ff:37:ba:95:e9:92:c4:dd:00:da:3b:51:e2:99:08:08:62:
         6b:89:e1:78:7f:dc:c1:f4:d2:e1:91:78:b8:67:ce:9c:3c:1d:
         a5:fa:6a:60:7a:ac:0f:0e:f6:65:1a:c1:33:47:de:e7:a3:a3:
         33:54:3b:25:25:0a:9b:43:ab:16:9f:9c:dd:90:17:2b:18:2a:
         a9:94:c2:3c:79:7d:6e:13:32:b0:e4:9f:be:24:7c:87:4e:39:
         60:2d:64:8c:9e:de:1e:b2:78:be:21:12:d1:1d:dd:df:be:d0:
         3b:a1:2c:5d:20:f3:35:da:d6:6b:0b:80:09:83:32:ad:2c:36:
         87:77:35:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1y61sgX1iz8phTXfvX4ZlzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MGNlZTc1ODJlOTc1OWJlMDE2YzkzMWFiMzRkOTI4NWQy
ZmM4YjQwHhcNMjYwNDA5MTU0NTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTIzYWM0ZjIxNGJkOWRlMzRiZDMyNzQ5YmQyZWYxMDMwNWJjODUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAph0GRc6Z/XcBDqmE09bCK32H/cPk
JrztNABODfs2NoZ781fjy/oEISeQA8P3IHEM4DaNnpZSAoCPtEesowmCq9prGgXo
ZLU8zdMO0Ds0eFkoYnTzxIy4LVcyMdsO8l6mPojwBNRZLmvpt6lrDnuJo4zhvdJy
7cSfifLwr8Zz6tvw8Ectb2jZG0wZcMXBmS79vQIFafIN8QPl3pMHtC3olHrWe+qY
jdNx3DgLOlzRjK9W88d1pz+rFgg3EVuwut6Ymk4rAEP04tClzjaoBYkAGIhFlUbo
Im3QZdXcOnSItBJBNLL0AD4JIVtsgHm5mO2Rmu0YXDmd6e8bM/UPrY79NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAojrE8hS9neNL0ydJvS7xAwW8hSMB8GA1UdIwQY
MBaAFKYM7nWC6XWb4BbJMas02ShdL8i0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTct
ZDNiMzhjZTlkYzM0LzEvQ2lPc1R5RkwyZDQwdlRKMG05THZFREJieUZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTctZDNiMzhjZTlkYzM0
LzEvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iGMA0G
CSqGSIb3DQEBCwUAA4IBAQBLUAd1Pjp1CvHd3BWmp/PHMI/PbOQAjyLtGIE50T6D
0HwUTwYvTPUrzBxHC0ZPttySkpF6bfbciftu4oC0zWecNGdzlfa4yPmn8nKIEbPF
0QTJXe8YAzjKgyEI2T1beuXe/Bz2Csvr/hETozPqAuVpTjDK5DrSlIfMXYV5JPqN
/ze6lemSxN0A2jtR4pkICGJrieF4f9zB9NLhkXi4Z86cPB2l+mpgeqwPDvZlGsEz
R97no6MzVDslJQqbQ6sWn5zdkBcrGCqplMI8eX1uEzKw5J++JHyHTjlgLWSMnt4e
sni+IRLRHd3fvtA7oSxdIPM12tZrC4AJgzKtLDaHdzV8
-----END CERTIFICATE-----