Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/68HNk8HEdL4-oopkdnJE6KyE9tE.roa
File:                     68HNk8HEdL4-oopkdnJE6KyE9tE.roa (raw, json)
Hash identifier:          r+cfQ7TwTUHPP64ePGT4lzc5kagIFx0IEzlAR6zZIV0=
Subject key identifier:   EB:C1:CD:93:C1:C4:74:BE:3E:A2:8A:64:76:72:44:E8:AC:84:F6:D1
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       0198643FF3ADB9910ECCED0D3F1BF25467CC
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/68HNk8HEdL4-oopkdnJE6KyE9tE.roa
Signing time:             Fri 01 Aug 2025 06:09:29 +0000
ROA not before:           Fri 01 Aug 2025 06:09:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214432
IP address blocks:        88.223.42.0/24 maxlen: 24
                          88.223.43.0/24 maxlen: 24
                          88.223.45.0/24 maxlen: 24
                          88.223.168.0/24 maxlen: 24
                          88.223.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:64:3f:f3:ad:b9:91:0e:cc:ed:0d:3f:1b:f2:54:67:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Aug  1 06:09:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebc1cd93c1c474be3ea28a64767244e8ac84f6d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4e:26:e6:62:0d:f7:66:4e:af:77:25:26:52:
                    fb:f9:1e:9b:38:d8:5c:22:7a:c8:1e:42:45:55:73:
                    62:d3:17:fe:13:a7:db:c4:22:68:5a:da:b2:8f:64:
                    ab:08:df:7e:ac:a2:5a:8f:13:7c:b1:5f:02:78:95:
                    2a:56:3f:54:06:08:d0:b8:bf:5e:c6:0e:69:12:7d:
                    59:6b:f0:23:73:dc:4c:ad:6c:a7:10:01:95:d5:dd:
                    6f:aa:5e:8e:7e:51:3c:a5:b9:1b:fe:43:b8:f8:9c:
                    94:44:d4:b0:48:dd:96:c1:40:d6:04:49:9a:ec:37:
                    5c:f9:f1:b5:94:e0:ee:42:cb:e7:8a:c4:2b:6b:39:
                    dd:9a:4d:c0:a7:9b:bd:fe:8b:38:7d:94:db:f1:9f:
                    32:6e:a1:f8:14:c0:a2:1c:6b:03:61:99:3d:d5:02:
                    37:66:f9:39:b1:b3:25:d5:6d:3c:cb:fa:4c:05:67:
                    69:0d:e4:cb:88:b7:df:ab:66:66:45:6c:3f:2b:ef:
                    75:66:c4:27:5c:f5:a9:4a:a6:09:98:c0:23:23:45:
                    92:6e:ed:67:9c:67:2b:41:96:8d:21:46:69:ea:a5:
                    e0:5a:06:3d:9b:9a:a8:28:3a:9a:5a:a5:87:7e:c8:
                    75:3a:63:40:d0:4b:66:5c:82:2a:1e:b7:1f:62:0a:
                    24:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:C1:CD:93:C1:C4:74:BE:3E:A2:8A:64:76:72:44:E8:AC:84:F6:D1
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/68HNk8HEdL4-oopkdnJE6KyE9tE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.223.42.0/23
                  88.223.45.0/24
                  88.223.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:37:88:34:19:97:72:ae:61:9c:59:02:b2:34:f7:31:01:d3:
         da:11:bc:f5:ec:7a:29:81:66:8d:82:b6:b3:d5:9c:25:f8:c6:
         09:05:92:b9:a1:60:f9:34:f7:e2:d2:12:c8:84:56:3b:c9:c3:
         b3:a1:f1:27:8a:df:09:b8:0d:05:7a:ce:4c:41:ae:6d:0a:58:
         e0:14:70:90:a2:40:f4:e8:70:b3:83:13:aa:17:e1:56:d8:82:
         65:6e:9d:48:3c:d3:bb:db:ea:96:ba:48:03:65:7d:b8:dc:57:
         d0:86:63:98:8c:da:38:bb:e6:1b:1a:f7:d9:28:62:49:ac:01:
         54:46:e6:e3:b4:21:5d:65:f9:dc:5c:d6:7e:6f:e2:4a:59:72:
         33:e3:ea:de:2a:e0:14:fa:4a:5c:1d:3b:1c:71:07:de:2a:b5:
         25:d3:45:b6:e2:9d:0b:31:2b:91:9e:61:dd:1f:29:24:ff:c2:
         5a:42:90:26:31:d4:44:ec:b0:02:4d:cb:65:b1:eb:e9:f2:c7:
         3d:0f:27:29:60:65:3e:01:d5:ff:be:a8:ff:0c:53:28:d9:88:
         f1:22:e6:c9:12:eb:8b:6c:9c:8f:d0:b2:c9:1b:42:1f:90:64:
         48:56:71:3c:ca:84:ed:5c:4c:1c:d0:21:48:8d:0c:fb:ec:3f:
         81:12:ed:3a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZhkP/OtuZEOzO0NPxvyVGfMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjUwODAxMDYwOTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmMxY2Q5M2MxYzQ3NGJlM2VhMjhhNjQ3NjcyNDRlOGFjODRmNmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApU4m5mIN92ZOr3clJlL7+R6bONhc
InrIHkJFVXNi0xf+E6fbxCJoWtqyj2SrCN9+rKJajxN8sV8CeJUqVj9UBgjQuL9e
xg5pEn1Za/Ajc9xMrWynEAGV1d1vql6OflE8pbkb/kO4+JyURNSwSN2WwUDWBEma
7Ddc+fG1lODuQsvnisQrazndmk3Ap5u9/os4fZTb8Z8ybqH4FMCiHGsDYZk91QI3
Zvk5sbMl1W08y/pMBWdpDeTLiLffq2ZmRWw/K+91ZsQnXPWpSqYJmMAjI0WSbu1n
nGcrQZaNIUZp6qXgWgY9m5qoKDqaWqWHfsh1OmNA0EtmXIIqHrcfYgok3wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOvBzZPBxHS+PqKKZHZyROishPbRMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvNjhITms4SEVkTDQtb29wa2RuSkU2S3lFOXRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBWN8qAwQA
WN8tAwQBWN+oMA0GCSqGSIb3DQEBCwUAA4IBAQB/N4g0GZdyrmGcWQKyNPcxAdPa
Ebz17HopgWaNgraz1Zwl+MYJBZK5oWD5NPfi0hLIhFY7ycOzofEnit8JuA0Fes5M
Qa5tCljgFHCQokD06HCzgxOqF+FW2IJlbp1IPNO72+qWukgDZX243FfQhmOYjNo4
u+YbGvfZKGJJrAFURubjtCFdZfncXNZ+b+JKWXIz4+reKuAU+kpcHTsccQfeKrUl
00W24p0LMSuRnmHdHykk/8JaQpAmMdRE7LACTctlsevp8sc9DycpYGU+AdX/vqj/
DFMo2YjxIubJEuuLbJyP0LLJG0IfkGRIVnE8yoTtXEwc0CFIjQz77D+BEu06
-----END CERTIFICATE-----
Generated at Mon Aug 4 15:08:02 2025 by rpki-client