Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/Llt9oVyvR4ZsSd9WSCxMeQ5xuNY.roa
File:                     Llt9oVyvR4ZsSd9WSCxMeQ5xuNY.roa (raw, json)
Hash identifier:          IYTtOCX4hGWOuYv1EUpWkMCjOQ7WNnDnjybjqzvLEbk=
Subject key identifier:   2E:5B:7D:A1:5C:AF:47:86:6C:49:DF:56:48:2C:4C:79:0E:71:B8:D6
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       019C8ECF77EBB9DD1D805D3E25B2A2E6FE7D
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/Llt9oVyvR4ZsSd9WSCxMeQ5xuNY.roa
Signing time:             Tue 24 Feb 2026 08:41:27 +0000
ROA not before:           Tue 24 Feb 2026 08:41:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214432
IP address blocks:        88.223.42.0/24 maxlen: 24
                          88.223.43.0/24 maxlen: 24
                          88.223.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8e:cf:77:eb:b9:dd:1d:80:5d:3e:25:b2:a2:e6:fe:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Feb 24 08:41:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2e5b7da15caf47866c49df56482c4c790e71b8d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:03:b8:d0:a7:b7:fb:89:2d:89:82:a5:29:1c:
                    86:b5:2a:52:5a:ed:a9:19:5f:73:b7:f4:f2:ef:ae:
                    3b:bf:d9:85:f1:20:66:18:dc:09:91:88:c0:bc:0f:
                    c4:26:a2:78:66:0c:5c:ea:5a:1a:2b:0b:d7:81:62:
                    82:aa:75:40:da:9a:43:7e:e1:16:b2:58:77:96:bd:
                    ca:48:75:ec:94:33:ac:93:70:55:bc:25:90:23:fd:
                    0a:b6:87:35:94:0e:97:b2:6d:07:b0:36:0a:40:85:
                    ba:2d:9c:ff:ef:42:37:47:92:fb:1b:aa:b0:d5:f9:
                    07:3b:91:03:be:20:2c:a1:b4:61:30:3b:07:95:6e:
                    1f:f7:e7:a6:33:4a:4e:0b:ca:bb:9e:7c:57:27:b2:
                    75:20:79:48:8b:d7:79:05:0c:ad:33:76:ae:93:df:
                    81:ed:6c:ad:c4:c4:1a:0c:23:54:55:b6:14:5e:5a:
                    da:f0:2e:d5:36:a4:70:5d:10:ef:8b:73:c2:bc:34:
                    80:3a:84:7c:63:67:17:9c:71:ae:9a:32:09:73:fd:
                    b1:57:5f:fe:13:f4:ef:d4:1f:de:02:a0:ad:a5:8e:
                    99:0c:2f:42:9c:74:04:61:d8:81:92:52:4e:3e:ba:
                    af:14:73:db:90:d7:f8:33:ab:9a:ec:1f:10:0c:e6:
                    9f:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:5B:7D:A1:5C:AF:47:86:6C:49:DF:56:48:2C:4C:79:0E:71:B8:D6
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/Llt9oVyvR4ZsSd9WSCxMeQ5xuNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.223.42.0/23
                  88.223.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:7e:06:da:92:dc:dc:3d:87:d6:7a:cb:55:33:3c:f7:e0:1f:
         bb:eb:7b:a9:07:d1:cd:b3:8c:59:01:65:d0:c7:6b:54:39:7d:
         38:ff:65:20:76:51:0d:28:40:d3:90:ef:d8:a9:62:47:e5:41:
         82:ec:f3:84:45:c0:87:2e:dc:03:0a:45:77:bb:aa:28:37:04:
         ac:b5:8d:c3:b7:4f:00:dd:d4:48:f7:20:62:08:b9:d3:ae:eb:
         52:df:7e:3d:bf:f5:76:34:b5:54:4c:aa:3c:f0:fd:b9:b0:50:
         f4:3e:5c:3d:ed:87:0a:90:2f:2e:63:23:52:87:b7:38:ff:f9:
         70:99:dd:a9:02:bd:83:f9:1f:ba:18:65:8b:44:a1:61:f5:69:
         84:fa:21:6d:a2:fb:af:0d:19:8e:26:09:18:e7:4e:2a:b3:46:
         da:23:c0:d3:d6:bf:82:8a:81:c3:cd:3d:5d:2a:d8:d5:e8:c9:
         f5:2b:63:98:21:9c:4d:02:08:f0:1e:c9:af:90:63:9c:d7:12:
         af:91:77:00:96:1e:db:0c:60:e3:66:e8:89:c0:c4:45:8f:3a:
         f7:f7:33:61:c7:2f:46:de:82:77:da:6d:82:b1:80:33:31:73:
         36:3f:81:ee:94:72:10:5d:9b:b5:41:00:a0:e2:f8:17:a9:fe:
         a3:86:2e:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyOz3frud0dgF0+JbKi5v59MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjYwMjI0MDg0MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTViN2RhMTVjYWY0Nzg2NmM0OWRmNTY0ODJjNGM3OTBlNzFiOGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAO40Ke3+4ktiYKlKRyGtSpSWu2p
GV9zt/Ty7647v9mF8SBmGNwJkYjAvA/EJqJ4Zgxc6loaKwvXgWKCqnVA2ppDfuEW
slh3lr3KSHXslDOsk3BVvCWQI/0Ktoc1lA6Xsm0HsDYKQIW6LZz/70I3R5L7G6qw
1fkHO5EDviAsobRhMDsHlW4f9+emM0pOC8q7nnxXJ7J1IHlIi9d5BQytM3auk9+B
7WytxMQaDCNUVbYUXlra8C7VNqRwXRDvi3PCvDSAOoR8Y2cXnHGumjIJc/2xV1/+
E/Tv1B/eAqCtpY6ZDC9CnHQEYdiBklJOPrqvFHPbkNf4M6ua7B8QDOafbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC5bfaFcr0eGbEnfVkgsTHkOcbjWMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvTGx0OW9WeXZSNFpzU2Q5V1NDeE1lUTV4dU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBWN8qAwQA
WN8tMA0GCSqGSIb3DQEBCwUAA4IBAQAqfgbaktzcPYfWestVMzz34B+763upB9HN
s4xZAWXQx2tUOX04/2UgdlENKEDTkO/YqWJH5UGC7POERcCHLtwDCkV3u6ooNwSs
tY3Dt08A3dRI9yBiCLnTrutS3349v/V2NLVUTKo88P25sFD0Plw97YcKkC8uYyNS
h7c4//lwmd2pAr2D+R+6GGWLRKFh9WmE+iFtovuvDRmOJgkY504qs0baI8DT1r+C
ioHDzT1dKtjV6Mn1K2OYIZxNAgjwHsmvkGOc1xKvkXcAlh7bDGDjZuiJwMRFjzr3
9zNhxy9G3oJ32m2CsYAzMXM2P4HulHIQXZu1QQCg4vgXqf6jhi5J
-----END CERTIFICATE-----