Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/oBlULmSv_i0ieOy8AvLfPVkbs4A.roa
File:                     oBlULmSv_i0ieOy8AvLfPVkbs4A.roa (raw, json)
Hash identifier:          apnqrgCK6QhMmtVDeNKhspblh84ZaMM+fCKX3ZwWqE0=
Subject key identifier:   A0:19:54:2E:64:AF:FE:2D:22:78:EC:BC:02:F2:DF:3D:59:1B:B3:80
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019EDE96D871E3185DB6AF1A3FFA66D69463
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/oBlULmSv_i0ieOy8AvLfPVkbs4A.roa
Signing time:             Fri 19 Jun 2026 06:34:48 +0000
ROA not before:           Fri 19 Jun 2026 06:34:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     141280
IP address blocks:        88.209.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:de:96:d8:71:e3:18:5d:b6:af:1a:3f:fa:66:d6:94:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jun 19 06:34:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a019542e64affe2d2278ecbc02f2df3d591bb380
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:a6:81:8b:4c:6a:64:35:e7:a4:9a:55:df:46:
                    7b:c4:a3:7f:f1:70:b0:20:8c:ba:5a:76:f9:30:64:
                    82:c6:a7:0e:05:f8:28:48:d9:a0:c8:5c:19:42:d8:
                    06:a4:8c:15:8d:d1:bd:79:61:2a:f0:18:28:77:b1:
                    7b:19:91:66:4f:8a:f8:e2:40:d2:38:3a:4d:1a:88:
                    a4:18:58:32:20:e3:53:27:d8:8b:57:fa:7b:4a:75:
                    1a:74:8f:bb:43:9c:5a:15:8a:d5:19:f6:50:14:1f:
                    8c:6e:ec:08:25:72:0f:7b:00:42:3b:9b:64:08:44:
                    63:25:59:9c:9d:9e:35:41:b6:6f:30:90:ae:ec:3c:
                    d7:a2:bf:d3:7a:ad:bf:f8:7a:a6:26:e2:3d:07:f6:
                    f7:6b:05:48:0f:b1:17:b0:c1:39:1c:09:c7:ba:bd:
                    96:34:41:83:b1:b0:4b:79:06:8a:fd:62:ad:f5:63:
                    5d:9c:b5:81:b3:d1:65:eb:8c:e7:dc:e7:a7:b1:cc:
                    ed:fb:90:c9:05:6b:e6:ef:72:5d:ab:74:41:e4:ba:
                    81:36:fe:d9:82:10:e1:61:d3:77:e9:2f:95:67:21:
                    5d:22:c0:cd:34:70:9c:25:14:c3:8c:ad:b5:ac:e0:
                    d1:55:1d:dc:7d:2e:32:24:98:27:66:82:9f:68:09:
                    99:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:19:54:2E:64:AF:FE:2D:22:78:EC:BC:02:F2:DF:3D:59:1B:B3:80
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/oBlULmSv_i0ieOy8AvLfPVkbs4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:d9:46:35:2e:18:2e:12:92:a8:cf:d7:e5:46:2a:37:90:81:
         5e:b2:84:4e:61:40:58:d6:e8:2b:f9:ae:89:3d:7b:30:69:b9:
         48:eb:8f:7d:e3:ae:36:7f:28:d5:07:6b:f7:81:70:f4:b1:cd:
         3d:cd:9c:3a:6a:53:a4:53:f7:e2:dd:1b:a6:0a:0b:2e:58:3c:
         dd:f5:6a:1c:4f:33:73:78:9f:2f:17:af:bf:ba:ed:bb:fc:3e:
         9e:7f:03:43:1f:58:6b:66:55:5a:ed:f6:91:ca:70:1f:8b:4a:
         77:ed:85:3e:82:76:3e:e9:32:65:e0:2f:8c:bf:c7:b6:42:ec:
         f7:41:13:97:b7:ef:64:6a:0c:ff:18:6e:bd:ab:77:8c:89:1b:
         22:c0:aa:4a:5e:7b:e8:8e:23:42:f9:75:74:a7:f2:e3:47:df:
         a3:7c:09:57:fe:40:fc:c3:f3:da:23:67:b3:4a:c6:62:95:ca:
         34:39:e6:68:0e:df:1c:d6:22:d5:41:d1:94:b6:0f:ae:73:94:
         81:8f:d3:54:5d:01:6b:ac:d5:54:50:e6:80:58:1a:6e:b0:ca:
         a7:30:85:57:55:7c:fa:13:79:ff:8a:64:a1:3d:21:95:ca:28:
         86:c3:93:1b:32:ea:11:d3:e8:24:0d:76:e7:79:1a:36:1d:c4:
         12:2d:90:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7elthx4xhdtq8aP/pm1pRjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjYwNjE5MDYzNDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDE5NTQyZTY0YWZmZTJkMjI3OGVjYmMwMmYyZGYzZDU5MWJiMzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaaBi0xqZDXnpJpV30Z7xKN/8XCw
IIy6Wnb5MGSCxqcOBfgoSNmgyFwZQtgGpIwVjdG9eWEq8Bgod7F7GZFmT4r44kDS
ODpNGoikGFgyIONTJ9iLV/p7SnUadI+7Q5xaFYrVGfZQFB+MbuwIJXIPewBCO5tk
CERjJVmcnZ41QbZvMJCu7DzXor/Teq2/+HqmJuI9B/b3awVID7EXsME5HAnHur2W
NEGDsbBLeQaK/WKt9WNdnLWBs9Fl64zn3Oensczt+5DJBWvm73Jdq3RB5LqBNv7Z
ghDhYdN36S+VZyFdIsDNNHCcJRTDjK21rODRVR3cfS4yJJgnZoKfaAmZWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAZVC5kr/4tInjsvALy3z1ZG7OAMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvb0JsVUxtU3ZfaTBpZU95OEF2TGZQVmticzRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNHiMA0G
CSqGSIb3DQEBCwUAA4IBAQCx2UY1LhguEpKoz9flRio3kIFesoROYUBY1ugr+a6J
PXswablI64994642fyjVB2v3gXD0sc09zZw6alOkU/fi3RumCgsuWDzd9WocTzNz
eJ8vF6+/uu27/D6efwNDH1hrZlVa7faRynAfi0p37YU+gnY+6TJl4C+Mv8e2Quz3
QROXt+9kagz/GG69q3eMiRsiwKpKXnvojiNC+XV0p/LjR9+jfAlX/kD8w/PaI2ez
SsZilco0OeZoDt8c1iLVQdGUtg+uc5SBj9NUXQFrrNVUUOaAWBpusMqnMIVXVXz6
E3n/imShPSGVyiiGw5MbMuoR0+gkDXbneRo2HcQSLZAB
-----END CERTIFICATE-----