Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/gVeqMWU2Ff9yUkMUVERGc-86GxA.roa
File:                     gVeqMWU2Ff9yUkMUVERGc-86GxA.roa (raw, json)
Hash identifier:          q5Ugl1fDwvx42mby5THM1p9FuAybFzUDovkLAmBwlxo=
Subject key identifier:   81:57:AA:31:65:36:15:FF:72:52:43:14:54:44:46:73:EF:3A:1B:10
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019EA18CF62FA2BC0CAB4268577EA96773FA
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/gVeqMWU2Ff9yUkMUVERGc-86GxA.roa
Signing time:             Sun 07 Jun 2026 10:07:10 +0000
ROA not before:           Sun 07 Jun 2026 10:07:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198055
IP address blocks:        88.209.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a1:8c:f6:2f:a2:bc:0c:ab:42:68:57:7e:a9:67:73:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jun  7 10:07:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8157aa31653615ff7252431454444673ef3a1b10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:3e:89:e4:e3:02:04:42:1f:35:d6:f6:04:b3:
                    ab:bd:2f:e9:e5:91:85:2e:63:5c:72:15:e9:a4:eb:
                    82:41:3e:e9:c7:d1:ea:aa:ec:3f:f2:b6:2b:de:ba:
                    02:d7:ee:b2:e9:83:18:a4:53:06:e2:ed:44:f7:74:
                    47:d7:7c:f6:cd:9a:ac:0d:3c:ba:d6:c9:0d:6e:03:
                    a9:6b:b0:e9:9a:95:89:23:89:f2:dc:56:2a:fd:49:
                    d8:54:c3:e6:8d:c9:28:5a:2a:8a:37:3a:db:ef:b3:
                    bb:25:8e:a9:d0:ca:a3:8c:db:e8:fc:52:28:18:01:
                    fe:51:3a:ca:8c:27:07:8a:e9:38:62:7e:bd:e5:5c:
                    4b:88:b2:04:21:2d:63:67:66:56:23:b8:9e:d7:db:
                    0e:28:e8:98:1c:31:cf:0e:e3:b3:63:55:4b:a1:7c:
                    54:d5:ad:1a:ba:3c:17:24:5a:a5:31:c2:50:7d:a1:
                    81:06:2f:da:4f:8d:4a:4c:58:75:93:70:c5:97:03:
                    dd:35:47:55:bc:71:d5:0e:73:03:dc:fb:b9:03:5a:
                    90:fe:f5:8b:db:40:05:aa:6c:99:0b:19:41:43:ad:
                    5f:46:86:ab:9c:06:02:f5:a9:6b:ce:60:14:bc:2a:
                    d8:0a:82:ca:f6:a0:ac:4c:41:f5:cb:36:b2:b9:b1:
                    b4:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:57:AA:31:65:36:15:FF:72:52:43:14:54:44:46:73:EF:3A:1B:10
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/gVeqMWU2Ff9yUkMUVERGc-86GxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:5b:e7:a3:7a:f3:f9:67:96:ee:cb:82:e1:16:25:16:77:7c:
         c6:1b:67:25:e8:13:04:de:04:43:40:e9:09:dc:1f:ee:0e:a3:
         1e:9a:19:ce:b9:ab:33:84:8e:ee:71:e0:53:fc:7f:1c:d7:d9:
         a8:83:5e:20:42:7e:b2:e0:f4:37:99:b0:8b:ef:e1:ea:30:93:
         a5:1f:6b:9e:61:b1:f0:5b:d0:2e:7e:5a:67:d7:2b:57:28:3d:
         91:ef:9e:f1:ab:71:b8:89:69:e8:33:d8:a7:71:ed:50:30:da:
         a7:fe:41:39:68:4c:e1:f7:6e:94:3c:c4:5e:41:53:57:c2:30:
         f8:9f:30:8f:6d:af:97:76:90:a8:3b:5c:e4:c9:31:e0:79:c9:
         ee:b1:1e:45:be:9d:3b:65:18:3a:0a:bf:3a:ce:3f:65:66:ab:
         6a:52:6f:d5:5e:43:87:15:c7:5a:ae:05:40:0c:4f:49:a4:cc:
         ab:b6:03:b9:32:3e:23:c8:5a:a3:8b:78:90:9f:52:85:bb:5e:
         c9:c4:6c:6f:87:42:38:64:ce:b3:d3:ac:64:05:c3:01:19:f9:
         4a:f5:a8:1e:ea:d0:19:71:11:c4:57:14:a3:62:12:a9:97:68:
         1e:1d:be:49:b6:29:19:6a:ef:04:f8:cf:b1:d8:8f:ac:89:de:
         c4:81:55:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6hjPYvorwMq0JoV36pZ3P6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjYwNjA3MTAwNzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTU3YWEzMTY1MzYxNWZmNzI1MjQzMTQ1NDQ0NDY3M2VmM2ExYjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxz6J5OMCBEIfNdb2BLOrvS/p5ZGF
LmNcchXppOuCQT7px9Hqquw/8rYr3roC1+6y6YMYpFMG4u1E93RH13z2zZqsDTy6
1skNbgOpa7DpmpWJI4ny3FYq/UnYVMPmjckoWiqKNzrb77O7JY6p0MqjjNvo/FIo
GAH+UTrKjCcHiuk4Yn695VxLiLIEIS1jZ2ZWI7ie19sOKOiYHDHPDuOzY1VLoXxU
1a0aujwXJFqlMcJQfaGBBi/aT41KTFh1k3DFlwPdNUdVvHHVDnMD3Pu5A1qQ/vWL
20AFqmyZCxlBQ61fRoarnAYC9alrzmAUvCrYCoLK9qCsTEH1yzayubG0bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIFXqjFlNhX/clJDFFRERnPvOhsQMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZ1ZlcU1XVTJGZjl5VWtNVVZFUkdjLTg2R3hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNHQMA0G
CSqGSIb3DQEBCwUAA4IBAQCTW+ejevP5Z5buy4LhFiUWd3zGG2cl6BME3gRDQOkJ
3B/uDqMemhnOuaszhI7uceBT/H8c19mog14gQn6y4PQ3mbCL7+HqMJOlH2ueYbHw
W9Auflpn1ytXKD2R757xq3G4iWnoM9ince1QMNqn/kE5aEzh926UPMReQVNXwjD4
nzCPba+XdpCoO1zkyTHgecnusR5Fvp07ZRg6Cr86zj9lZqtqUm/VXkOHFcdargVA
DE9JpMyrtgO5Mj4jyFqji3iQn1KFu17JxGxvh0I4ZM6z06xkBcMBGflK9age6tAZ
cRHEVxSjYhKpl2geHb5JtikZau8E+M+x2I+sid7EgVUC
-----END CERTIFICATE-----