Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/mLoML0jRjU9a2uYSxG0FhUvSMSY.roa
File:                     mLoML0jRjU9a2uYSxG0FhUvSMSY.roa (raw, json)
Hash identifier:          LR5WVjHhKIdgC9ju1n2sYaLSUk17/p/X6vMLPIfVGlw=
Subject key identifier:   98:BA:0C:2F:48:D1:8D:4F:5A:DA:E6:12:C4:6D:05:85:4B:D2:31:26
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       019C99FE51FA0A947E3B10106CD1F9A01918
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/mLoML0jRjU9a2uYSxG0FhUvSMSY.roa
Signing time:             Thu 26 Feb 2026 12:48:27 +0000
ROA not before:           Thu 26 Feb 2026 12:48:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214128
IP address blocks:        88.214.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 22:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:99:fe:51:fa:0a:94:7e:3b:10:10:6c:d1:f9:a0:19:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Feb 26 12:48:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98ba0c2f48d18d4f5adae612c46d05854bd23126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:80:14:c6:d9:2c:78:6b:7a:c6:b0:47:cb:22:
                    9c:45:7b:86:f4:b3:19:63:ee:09:2c:c4:fb:12:18:
                    8a:d6:1a:ec:fe:31:bc:31:4e:e3:9d:e6:77:66:c6:
                    c2:29:2e:c4:d1:34:bf:ab:6f:a4:da:e0:6d:64:d2:
                    00:6a:be:e0:5e:18:01:8e:7d:7c:39:c8:88:a2:60:
                    60:32:3a:c6:54:5d:4d:56:97:a3:13:f6:01:fc:8c:
                    d2:50:19:c3:e6:f1:8b:36:f3:d6:d1:e9:f6:f7:36:
                    06:6c:d8:98:a0:51:a5:d1:20:7a:01:94:c2:0d:e9:
                    56:a8:3d:4c:d5:04:c2:fd:86:5b:99:e1:3c:e7:87:
                    20:e7:4a:f1:e9:f9:af:f7:a9:e8:5e:0c:f3:56:1b:
                    7e:7a:87:04:32:85:a0:f8:e3:eb:3a:19:99:d0:29:
                    8c:3b:3a:ed:df:69:3d:5c:25:e0:bf:1d:04:50:82:
                    fd:52:fc:6f:52:04:cd:c9:fd:23:1d:a2:c1:89:c0:
                    9a:84:44:d8:17:2e:cf:bb:b0:f4:bd:a5:58:d5:c0:
                    8c:14:5c:98:eb:67:0f:f9:1a:2f:66:14:9b:fb:29:
                    74:51:2a:de:4a:4c:e1:43:6a:4c:83:67:46:7f:b2:
                    53:8c:f5:ff:46:ff:4e:24:52:19:92:6a:1e:c0:17:
                    fa:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:BA:0C:2F:48:D1:8D:4F:5A:DA:E6:12:C4:6D:05:85:4B:D2:31:26
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/mLoML0jRjU9a2uYSxG0FhUvSMSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.214.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:a3:c4:9a:d2:83:19:80:1c:be:27:d5:ac:31:d9:ef:67:c1:
         1b:c1:b4:cb:b5:9f:c2:e3:63:d7:d2:b8:87:bd:9d:4b:1c:78:
         47:50:e1:d8:54:15:2a:74:a3:0c:9d:6e:00:ce:2a:f2:3a:0c:
         02:7b:fa:20:6a:b8:dc:07:b2:aa:b7:2d:c4:f5:b8:36:a5:46:
         9a:8d:d9:ee:0b:18:92:76:90:01:e8:4e:7b:65:61:75:b6:7c:
         65:ee:d4:a0:1f:3d:d0:a7:dd:3e:48:bd:d1:96:c5:f1:60:f0:
         ef:3b:5d:f2:02:35:bd:2d:ec:23:ee:cb:93:eb:34:4d:c9:74:
         71:97:e1:27:9a:0d:e6:5d:93:3f:0e:f4:16:6b:98:6e:8c:d6:
         b5:09:62:3d:2a:a1:b5:c7:af:2e:48:1a:b2:2a:92:55:8f:eb:
         9f:ee:f2:12:ec:2d:fb:61:ad:55:48:bc:5d:ae:b0:ec:f1:3a:
         49:c4:0f:9e:eb:52:1d:4c:55:98:94:09:b1:35:e0:ad:2a:9e:
         bc:8f:b9:59:fd:ac:e6:b9:e0:a3:bb:9d:39:cf:83:26:f8:19:
         0d:e2:18:05:d3:1b:30:9b:a8:f5:0f:0b:8e:00:dd:4a:be:c5:
         ac:6d:ed:a9:ff:b2:fc:14:bd:fb:34:26:94:47:97:d0:86:58:
         c4:7f:65:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyZ/lH6CpR+OxAQbNH5oBkYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjYwMjI2MTI0ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGJhMGMyZjQ4ZDE4ZDRmNWFkYWU2MTJjNDZkMDU4NTRiZDIzMTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44AUxtkseGt6xrBHyyKcRXuG9LMZ
Y+4JLMT7EhiK1hrs/jG8MU7jneZ3ZsbCKS7E0TS/q2+k2uBtZNIAar7gXhgBjn18
OciIomBgMjrGVF1NVpejE/YB/IzSUBnD5vGLNvPW0en29zYGbNiYoFGl0SB6AZTC
DelWqD1M1QTC/YZbmeE854cg50rx6fmv96noXgzzVht+eocEMoWg+OPrOhmZ0CmM
Ozrt32k9XCXgvx0EUIL9UvxvUgTNyf0jHaLBicCahETYFy7Pu7D0vaVY1cCMFFyY
62cP+RovZhSb+yl0USreSkzhQ2pMg2dGf7JTjPX/Rv9OJFIZkmoewBf6dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJi6DC9I0Y1PWtrmEsRtBYVL0jEmMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvbUxvTUwwalJqVTlhMnVZU3hHMEZoVXZTTVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNY3MA0G
CSqGSIb3DQEBCwUAA4IBAQBMo8Sa0oMZgBy+J9WsMdnvZ8EbwbTLtZ/C42PX0riH
vZ1LHHhHUOHYVBUqdKMMnW4AziryOgwCe/ogarjcB7Kqty3E9bg2pUaajdnuCxiS
dpAB6E57ZWF1tnxl7tSgHz3Qp90+SL3RlsXxYPDvO13yAjW9Lewj7suT6zRNyXRx
l+Enmg3mXZM/DvQWa5hujNa1CWI9KqG1x68uSBqyKpJVj+uf7vIS7C37Ya1VSLxd
rrDs8TpJxA+e61IdTFWYlAmxNeCtKp68j7lZ/azmueCju505z4Mm+BkN4hgF0xsw
m6j1DwuOAN1KvsWsbe2p/7L8FL37NCaUR5fQhljEf2WB
-----END CERTIFICATE-----