Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/OvfyWv9UIqAtBl_nsQu2JTpIQQo.roa
File:                     OvfyWv9UIqAtBl_nsQu2JTpIQQo.roa (raw, json)
Hash identifier:          +BnAMt/KQdaB6b7HaQTEsRH6kJs2SPlugYpLEy1NY2o=
Subject key identifier:   3A:F7:F2:5A:FF:54:22:A0:2D:06:5F:E7:B1:0B:B6:25:3A:48:41:0A
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       019CB2D3BE96FC831DEB86B9A05E683A3AB6
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/OvfyWv9UIqAtBl_nsQu2JTpIQQo.roa
Signing time:             Tue 03 Mar 2026 08:32:27 +0000
ROA not before:           Tue 03 Mar 2026 08:32:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214432
IP address blocks:        88.223.42.0/24 maxlen: 24
                          88.223.43.0/24 maxlen: 24
                          88.223.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b2:d3:be:96:fc:83:1d:eb:86:b9:a0:5e:68:3a:3a:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Mar  3 08:32:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3af7f25aff5422a02d065fe7b10bb6253a48410a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:8e:75:62:2a:79:9e:30:46:01:93:c7:e6:c4:
                    04:53:77:ab:82:20:ee:8b:30:d4:a1:8d:e9:d6:27:
                    b9:5e:8b:5a:e4:2b:f5:f2:eb:e9:c4:f2:bc:b7:bc:
                    09:7e:55:dc:6c:40:32:70:80:3d:fd:f6:b6:cb:36:
                    2b:9e:e4:86:ff:32:9b:94:81:c6:f6:3c:b3:1b:94:
                    a9:47:1c:1a:23:3b:03:0c:1f:68:9e:97:1d:9d:bb:
                    c0:67:60:a3:c1:14:17:46:b8:41:74:07:dc:fc:d7:
                    31:d9:ba:7f:fa:ac:ee:38:e3:1e:6a:52:a8:ff:61:
                    05:b2:f6:09:7d:7b:12:d7:5a:2b:a5:ef:01:e9:11:
                    f3:53:e8:a8:12:c8:6c:6d:f8:6f:d2:c1:3c:71:f4:
                    b4:83:20:68:c1:90:05:4a:d2:1a:48:37:1b:80:0d:
                    36:a3:f9:3e:bc:08:b9:09:7b:63:c8:46:60:ab:12:
                    de:7f:67:3e:94:2b:a4:0e:7a:68:b3:e6:a5:73:c6:
                    3d:90:31:09:b1:ea:e5:8b:80:4f:06:86:09:f0:db:
                    e5:b4:c7:e1:4e:23:45:7c:65:dc:fc:df:b2:0e:19:
                    86:19:a7:9b:8b:77:a1:ab:2a:2f:0e:49:30:1b:9a:
                    b6:05:2a:e3:c4:72:90:e6:ab:cb:46:50:fe:f6:19:
                    67:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:F7:F2:5A:FF:54:22:A0:2D:06:5F:E7:B1:0B:B6:25:3A:48:41:0A
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/OvfyWv9UIqAtBl_nsQu2JTpIQQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.223.42.0/23
                  88.223.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:c8:a1:7b:53:ad:3b:84:d9:62:67:8b:b7:68:ce:aa:be:3f:
         b1:c3:bd:0f:e6:36:07:c0:95:ae:90:3c:93:df:f2:d7:8e:06:
         c3:e7:29:07:c0:a8:5d:49:9d:d4:af:c4:df:a8:1b:48:d6:7d:
         ce:1d:0a:2f:27:36:34:cb:9e:d1:51:b1:aa:51:3e:7b:c5:d8:
         72:2b:0b:ed:ce:6a:62:c8:6a:69:bc:4b:fe:a7:82:4f:83:b1:
         e3:99:18:af:80:ab:82:c2:70:99:d3:b0:44:ab:3c:f9:a1:9c:
         75:88:78:88:33:51:5c:29:ae:c2:26:70:96:00:b0:13:8b:11:
         bc:8d:5c:4d:92:b1:0b:8a:23:ae:35:76:5e:a5:bc:a5:b5:71:
         5b:d3:3e:c9:09:6b:89:51:73:ab:d7:ed:bc:60:b7:26:f2:6c:
         9f:d8:a4:98:90:91:ab:0a:ed:5e:7d:95:ac:d5:41:35:e5:ef:
         f8:8e:7e:68:8a:6d:b3:78:33:16:81:87:04:04:28:92:bd:14:
         a7:44:91:f7:27:3f:1d:92:47:68:bb:2d:30:ad:28:ce:9e:b6:
         b0:07:ff:12:60:cc:34:cf:8c:a3:3a:0d:8d:37:10:8d:9b:bd:
         74:dc:a7:ad:0c:bf:d2:80:9c:fe:8b:37:d3:98:34:ba:63:3f:
         24:6f:b6:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyy076W/IMd64a5oF5oOjq2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjYwMzAzMDgzMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWY3ZjI1YWZmNTQyMmEwMmQwNjVmZTdiMTBiYjYyNTNhNDg0MTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Y51Yip5njBGAZPH5sQEU3ergiDu
izDUoY3p1ie5Xota5Cv18uvpxPK8t7wJflXcbEAycIA9/fa2yzYrnuSG/zKblIHG
9jyzG5SpRxwaIzsDDB9onpcdnbvAZ2CjwRQXRrhBdAfc/Ncx2bp/+qzuOOMealKo
/2EFsvYJfXsS11orpe8B6RHzU+ioEshsbfhv0sE8cfS0gyBowZAFStIaSDcbgA02
o/k+vAi5CXtjyEZgqxLef2c+lCukDnpos+alc8Y9kDEJserli4BPBoYJ8NvltMfh
TiNFfGXc/N+yDhmGGaebi3ehqyovDkkwG5q2BSrjxHKQ5qvLRlD+9hln4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDr38lr/VCKgLQZf57ELtiU6SEEKMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvT3ZmeVd2OVVJcUF0QmxfbnNRdTJKVHBJUVFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBWN8qAwQA
WN8tMA0GCSqGSIb3DQEBCwUAA4IBAQBHyKF7U607hNliZ4u3aM6qvj+xw70P5jYH
wJWukDyT3/LXjgbD5ykHwKhdSZ3Ur8TfqBtI1n3OHQovJzY0y57RUbGqUT57xdhy
KwvtzmpiyGppvEv+p4JPg7HjmRivgKuCwnCZ07BEqzz5oZx1iHiIM1FcKa7CJnCW
ALATixG8jVxNkrELiiOuNXZepbyltXFb0z7JCWuJUXOr1+28YLcm8myf2KSYkJGr
Cu1efZWs1UE15e/4jn5oim2zeDMWgYcEBCiSvRSnRJH3Jz8dkkdouy0wrSjOnraw
B/8SYMw0z4yjOg2NNxCNm7103KetDL/SgJz+izfTmDS6Yz8kb7ZO
-----END CERTIFICATE-----