Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/_88cGpAaOxlQ618khySC8ZG-OMs.roa
File:                     _88cGpAaOxlQ618khySC8ZG-OMs.roa (raw, json)
Hash identifier:          HCqofKIP/L4h4ZD05S9epNf111ZQ+OjdA9CD8fobtxE=
Subject key identifier:   FF:CF:1C:1A:90:1A:3B:19:50:EB:5F:24:87:24:82:F1:91:BE:38:CB
Certificate issuer:       /CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
Certificate serial:       019F236878890C0F82BD7098AB091087588D
Authority key identifier: C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/_88cGpAaOxlQ618khySC8ZG-OMs.roa
Signing time:             Thu 02 Jul 2026 15:17:56 +0000
ROA not before:           Thu 02 Jul 2026 15:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     133153
IP address blocks:        213.220.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 Jul 2026 15:19:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:78:89:0c:0f:82:bd:70:98:ab:09:10:87:58:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
        Validity
            Not Before: Jul  2 15:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ffcf1c1a901a3b1950eb5f24872482f191be38cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:8d:ae:91:eb:78:43:28:e5:49:22:56:6d:a7:
                    05:a5:18:4b:40:32:ad:64:ca:67:08:ad:9b:9d:75:
                    7c:2c:f6:70:fd:d7:91:fa:52:c0:13:0e:6a:0b:47:
                    3b:05:1c:34:6e:03:11:02:c6:ad:a7:3c:fb:e9:be:
                    7f:49:8b:5b:c5:87:e0:30:5a:64:11:8f:88:12:05:
                    77:16:16:f5:76:7c:0b:93:22:c4:0b:24:79:d9:4d:
                    ae:c3:4b:10:41:e6:86:5a:e3:ce:9e:59:4d:54:5d:
                    47:cb:22:47:d7:a4:a1:df:61:f9:36:b2:3d:5d:09:
                    4f:39:04:2f:f7:0c:d6:31:76:e4:8b:58:28:c3:06:
                    3a:0a:99:2d:e8:87:91:14:98:2f:4f:1c:55:23:ed:
                    64:5f:1b:ed:4a:d7:98:0e:d0:3e:07:c8:5b:1f:5b:
                    6c:0b:13:c2:66:9f:53:06:56:5f:12:5b:e0:03:81:
                    03:c9:60:01:f3:00:bc:75:1c:0e:46:f1:e6:32:8f:
                    09:1d:aa:5b:26:68:23:cf:a1:68:8b:35:f3:ce:b1:
                    db:0a:8a:23:da:e5:bd:42:11:b1:5e:3a:4d:05:e1:
                    70:ae:83:ea:49:de:cb:ec:a6:28:4f:64:f6:a0:91:
                    7d:c3:33:96:6c:44:53:ed:2b:70:fb:98:ea:e6:55:
                    ab:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:CF:1C:1A:90:1A:3B:19:50:EB:5F:24:87:24:82:F1:91:BE:38:CB
            X509v3 Authority Key Identifier:
                keyid:C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/_88cGpAaOxlQ618khySC8ZG-OMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.220.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:41:8c:66:34:f6:2c:a9:6f:1e:c9:57:75:0a:a3:83:ee:78:
         9d:c4:9a:9a:30:32:99:dc:ff:78:10:1a:6e:5f:0e:c8:83:00:
         82:37:88:80:57:07:10:a2:af:32:34:5a:4e:92:5e:53:81:4f:
         51:28:22:0b:b5:a7:c5:2b:26:dc:1b:4d:7b:82:b4:6d:e9:17:
         8f:58:08:4c:22:39:1b:a4:ec:8e:c2:50:09:87:63:6d:d7:dd:
         3c:8c:d7:ab:bc:8b:6c:53:b1:c5:4d:a7:a9:10:e0:d2:1e:b0:
         6b:fa:20:d4:27:dc:4b:60:ab:f9:b9:66:4f:0d:6b:ed:c8:b6:
         3e:01:75:37:33:b1:ae:74:80:4c:0e:9a:91:51:f8:67:3f:71:
         d3:2b:06:1a:88:97:6c:17:74:50:36:c2:6c:e3:b6:62:dd:c0:
         cc:db:73:54:61:fd:b3:17:59:60:75:d1:6a:90:35:c5:e5:5b:
         ef:35:ba:75:f3:4b:f3:37:72:9e:6b:57:50:ab:e6:9e:5b:8a:
         06:b6:19:d2:22:49:2a:48:12:51:4e:19:e7:96:91:cb:7b:ca:
         6c:3f:76:f7:01:d3:12:a8:3f:e5:df:d7:13:dd:9c:40:65:9a:
         56:51:86:27:1b:a5:cf:53:0a:86:b0:c7:ad:68:f6:59:e8:a9:
         e1:ff:28:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaHiJDA+CvXCYqwkQh1iNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNjBkNDZkMWQ4MDQ2YjRkNzRlNGQ4MTU4MThjOGUzNjU5
ZWRiZTkwHhcNMjYwNzAyMTUxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmNmMWMxYTkwMWEzYjE5NTBlYjVmMjQ4NzI0ODJmMTkxYmUzOGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxY2uket4QyjlSSJWbacFpRhLQDKt
ZMpnCK2bnXV8LPZw/deR+lLAEw5qC0c7BRw0bgMRAsatpzz76b5/SYtbxYfgMFpk
EY+IEgV3Fhb1dnwLkyLECyR52U2uw0sQQeaGWuPOnllNVF1HyyJH16Sh32H5NrI9
XQlPOQQv9wzWMXbki1gowwY6Cpkt6IeRFJgvTxxVI+1kXxvtSteYDtA+B8hbH1ts
CxPCZp9TBlZfElvgA4EDyWAB8wC8dRwORvHmMo8JHapbJmgjz6FoizXzzrHbCooj
2uW9QhGxXjpNBeFwroPqSd7L7KYoT2T2oJF9wzOWbERT7Stw+5jq5lWr8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/PHBqQGjsZUOtfJIckgvGRvjjLMB8GA1UdIwQY
MBaAFMBg1G0dgEa0105NgVgYyONlntvpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvXzg4Y0dwQWFPeGxRNjE4a2h5U0M4WkctT01zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dw+MA0G
CSqGSIb3DQEBCwUAA4IBAQAvQYxmNPYsqW8eyVd1CqOD7nidxJqaMDKZ3P94EBpu
Xw7IgwCCN4iAVwcQoq8yNFpOkl5TgU9RKCILtafFKybcG017grRt6RePWAhMIjkb
pOyOwlAJh2Nt1908jNervItsU7HFTaepEODSHrBr+iDUJ9xLYKv5uWZPDWvtyLY+
AXU3M7GudIBMDpqRUfhnP3HTKwYaiJdsF3RQNsJs47Zi3cDM23NUYf2zF1lgddFq
kDXF5VvvNbp180vzN3Kea1dQq+aeW4oGthnSIkkqSBJRThnnlpHLe8psP3b3AdMS
qD/l39cT3ZxAZZpWUYYnG6XPUwqGsMetaPZZ6Knh/yj1
-----END CERTIFICATE-----
Generated at Thu Jul 2 23:45:22 2026 by rpki-client