Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/28uNguySV9FxVmWhQEdaW5jt540.roa
File:                     28uNguySV9FxVmWhQEdaW5jt540.roa (raw, json)
Hash identifier:          0ULn8cAnuq4gs0Nanlvx5FnInPzMeeOp0GfmkkuHGbk=
Subject key identifier:   DB:CB:8D:82:EC:92:57:D1:71:56:65:A1:40:47:5A:5B:98:ED:E7:8D
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       019EA59696CB4F35F6B3C679D0C9914BFB6C
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/28uNguySV9FxVmWhQEdaW5jt540.roa
Signing time:             Mon 08 Jun 2026 04:56:10 +0000
ROA not before:           Mon 08 Jun 2026 04:56:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198566
IP address blocks:        88.214.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a5:96:96:cb:4f:35:f6:b3:c6:79:d0:c9:91:4b:fb:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jun  8 04:56:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dbcb8d82ec9257d1715665a140475a5b98ede78d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:eb:70:ea:4b:55:36:75:13:85:29:39:78:a4:
                    7f:91:0b:04:31:f7:75:cd:20:fe:c0:17:91:18:64:
                    1d:2e:02:65:a1:a2:57:35:d7:c9:59:5d:8c:fd:d7:
                    de:66:8c:9e:f4:5d:6e:82:ad:0d:0f:a7:d8:1c:1d:
                    ca:10:31:99:7f:5e:f0:15:89:94:2c:26:8e:e1:85:
                    ae:1f:e7:50:b6:7b:92:a5:52:5e:4b:3b:87:4b:ce:
                    4a:83:84:5d:03:75:1a:69:54:20:b3:5a:d7:f4:ec:
                    3d:26:1e:b9:33:bd:02:96:bf:10:1f:05:2c:4a:76:
                    27:ca:60:67:20:c5:a7:a9:5e:e1:fa:49:08:b5:9b:
                    e4:ca:7d:ea:c9:45:b7:f5:48:53:95:34:e1:c7:03:
                    7a:2c:75:0c:6f:86:f2:76:2b:8f:12:6a:0a:4a:ca:
                    62:42:ce:20:20:77:69:20:bc:ec:97:6a:d7:6e:38:
                    ef:c4:35:a4:7c:03:e5:41:f1:41:e3:a5:be:a7:51:
                    aa:84:16:c2:27:b9:f6:66:22:f7:86:02:72:c5:aa:
                    d7:02:3b:9f:52:3e:d0:c7:67:52:aa:36:45:2a:ae:
                    66:f9:e6:f7:0f:9b:5a:83:fe:d2:41:be:6a:1b:49:
                    95:4e:ce:47:c1:bd:19:cd:7c:a3:f4:49:73:a5:0d:
                    25:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:CB:8D:82:EC:92:57:D1:71:56:65:A1:40:47:5A:5B:98:ED:E7:8D
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/28uNguySV9FxVmWhQEdaW5jt540.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.214.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:76:68:73:b7:52:20:75:ef:a3:81:03:a1:e1:fa:69:8a:df:
         e5:1e:f3:20:31:11:86:0d:01:d4:62:24:9a:fa:ca:73:44:1b:
         c5:11:ba:99:06:a9:82:db:58:6f:d2:c5:b3:e0:d3:e9:df:15:
         4c:a3:7a:d2:00:5b:9c:ab:f0:6b:47:5e:9c:2f:39:f0:fd:7d:
         31:34:58:77:f4:d8:d0:77:38:24:62:71:e7:fd:64:e8:35:3f:
         c9:b7:f8:4f:3b:23:80:f2:30:c6:34:43:60:6c:bf:71:f2:a5:
         a8:ff:e5:d6:6e:3e:81:65:19:e5:93:a9:bc:91:07:b4:51:1e:
         0f:e4:d6:c0:8e:2a:9d:e0:7b:ec:94:5d:d0:46:ce:0c:16:f8:
         4f:5b:f0:11:e3:09:9c:3f:78:c7:c6:58:ee:b3:46:1d:24:ab:
         93:ed:96:d6:e4:95:10:5a:83:0d:38:c7:28:dd:c1:82:55:35:
         3b:5b:03:01:4a:94:01:3c:59:43:1c:7a:69:d6:c8:9b:d6:09:
         5a:42:5e:07:58:69:57:e1:4b:52:82:30:d6:74:43:31:b0:64:
         d5:da:56:cc:b1:99:fe:7c:9a:4a:92:82:bf:b3:b1:af:83:25:
         87:56:9a:f7:ad:ae:60:3f:8b:4a:87:0a:78:54:1a:1c:8e:bc:
         98:ef:58:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6llpbLTzX2s8Z50MmRS/tsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjYwNjA4MDQ1NjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmNiOGQ4MmVjOTI1N2QxNzE1NjY1YTE0MDQ3NWE1Yjk4ZWRlNzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+tw6ktVNnUThSk5eKR/kQsEMfd1
zSD+wBeRGGQdLgJloaJXNdfJWV2M/dfeZoye9F1ugq0ND6fYHB3KEDGZf17wFYmU
LCaO4YWuH+dQtnuSpVJeSzuHS85Kg4RdA3UaaVQgs1rX9Ow9Jh65M70Clr8QHwUs
SnYnymBnIMWnqV7h+kkItZvkyn3qyUW39UhTlTThxwN6LHUMb4bydiuPEmoKSspi
Qs4gIHdpILzsl2rXbjjvxDWkfAPlQfFB46W+p1GqhBbCJ7n2ZiL3hgJyxarXAjuf
Uj7Qx2dSqjZFKq5m+eb3D5tag/7SQb5qG0mVTs5Hwb0ZzXyj9ElzpQ0lAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvLjYLsklfRcVZloUBHWluY7eeNMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvMjh1Tmd1eVNWOUZ4Vm1XaFFFZGFXNWp0NTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNY2MA0G
CSqGSIb3DQEBCwUAA4IBAQCBdmhzt1Igde+jgQOh4fppit/lHvMgMRGGDQHUYiSa
+spzRBvFEbqZBqmC21hv0sWz4NPp3xVMo3rSAFucq/BrR16cLznw/X0xNFh39NjQ
dzgkYnHn/WToNT/Jt/hPOyOA8jDGNENgbL9x8qWo/+XWbj6BZRnlk6m8kQe0UR4P
5NbAjiqd4HvslF3QRs4MFvhPW/AR4wmcP3jHxljus0YdJKuT7ZbW5JUQWoMNOMco
3cGCVTU7WwMBSpQBPFlDHHpp1sib1glaQl4HWGlX4UtSgjDWdEMxsGTV2lbMsZn+
fJpKkoK/s7GvgyWHVpr3ra5gP4tKhwp4VBocjryY71hj
-----END CERTIFICATE-----