Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/7h1l5j5kPZGY1fPShhhq4AvtAOo.roa
File:                     7h1l5j5kPZGY1fPShhhq4AvtAOo.roa (raw, json)
Hash identifier:          z0gVmlQfYrP8FwtuAz2ZJs6Kj9mxYte0syDwA98PCOs=
Subject key identifier:   EE:1D:65:E6:3E:64:3D:91:98:D5:F3:D2:86:18:6A:E0:0B:ED:00:EA
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019DBFD95DE44ED2347067D7222E8FF00959
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/7h1l5j5kPZGY1fPShhhq4AvtAOo.roa
Signing time:             Fri 24 Apr 2026 14:16:26 +0000
ROA not before:           Fri 24 Apr 2026 14:16:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206822
IP address blocks:        87.232.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bf:d9:5d:e4:4e:d2:34:70:67:d7:22:2e:8f:f0:09:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Apr 24 14:16:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ee1d65e63e643d9198d5f3d286186ae00bed00ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:29:11:16:bf:18:00:4f:70:71:fd:a9:c7:50:
                    25:0f:8c:9f:0d:bd:1a:21:61:b8:d0:b9:98:fa:89:
                    7e:16:71:a5:b4:ef:3c:fd:35:bf:c8:a7:c0:35:23:
                    db:39:12:36:84:38:69:83:de:6c:d8:3d:39:54:a9:
                    97:72:e2:91:ed:23:bd:d9:67:7f:d8:f2:99:32:b2:
                    61:33:32:ae:96:42:84:13:b7:37:f6:c6:2c:d1:80:
                    45:72:da:d7:31:fd:2c:09:7e:d4:f8:5d:d3:ea:07:
                    98:57:ff:9f:c4:88:dd:d2:49:52:5b:32:ba:6d:3a:
                    c8:c6:b1:bf:93:dd:c9:2c:fd:6d:04:52:d3:62:7b:
                    ff:71:df:5d:f0:7f:5d:1f:49:bf:ea:30:83:25:1b:
                    ab:e8:92:3d:e9:79:e2:62:9f:7b:a2:12:48:68:e7:
                    8c:ba:19:fb:ff:1b:2b:0b:ee:c3:75:e9:8f:f1:c7:
                    44:88:b1:97:51:89:7d:8a:fd:f6:58:ca:33:ee:0e:
                    cb:66:02:26:a1:61:72:2d:b1:48:44:8e:ca:c3:b4:
                    04:a4:de:26:f7:79:65:0f:ba:fe:52:db:a7:9b:ed:
                    e7:3b:2c:71:ce:5e:5b:25:59:2b:f6:20:4d:5f:a7:
                    4e:8b:84:37:4b:9b:cd:19:3e:d8:dd:b9:4f:b3:e1:
                    49:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:1D:65:E6:3E:64:3D:91:98:D5:F3:D2:86:18:6A:E0:0B:ED:00:EA
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/7h1l5j5kPZGY1fPShhhq4AvtAOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:1d:68:a8:1a:90:31:73:ee:3b:9b:e9:15:15:6d:a1:84:90:
         5a:ab:5f:3b:7e:57:d0:c3:34:5b:21:73:68:d9:37:47:ea:14:
         ff:f7:0a:02:bd:a5:99:bc:c5:98:3a:ca:e9:e6:23:d4:7b:24:
         55:e2:be:8d:2d:d2:41:d2:96:b6:a7:20:72:58:55:25:53:bb:
         8f:5b:84:34:88:f8:c5:3d:ca:02:42:6b:de:4e:ae:f7:63:5b:
         db:ec:35:52:bd:9e:b8:c5:d4:fc:06:62:1b:72:0b:47:d1:be:
         70:e9:43:8c:66:c8:55:ee:f3:a6:51:92:24:35:f6:d8:6f:eb:
         af:9f:5f:7c:5a:9a:17:15:c6:d8:63:22:f5:9c:2e:05:21:c2:
         eb:4f:5d:61:fb:65:c2:1d:ef:ba:4c:85:a2:58:82:31:27:31:
         63:80:c7:e3:ab:1e:76:ed:a4:fd:16:63:f1:1e:d6:e3:04:96:
         71:93:d2:80:0d:02:c6:b7:de:6a:6a:2f:f7:84:1f:1c:18:3d:
         47:3d:a9:34:01:99:b7:8a:84:a9:df:d2:21:c0:30:c9:1f:ad:
         22:b2:2f:f2:80:36:92:df:47:fe:d1:d1:76:8f:6b:2e:45:9a:
         ac:2c:2c:5a:1f:da:15:04:b1:df:a1:cc:b6:ee:09:56:e1:5a:
         d5:5f:d9:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2/2V3kTtI0cGfXIi6P8AlZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNDI0MTQxNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTFkNjVlNjNlNjQzZDkxOThkNWYzZDI4NjE4NmFlMDBiZWQwMGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArikRFr8YAE9wcf2px1AlD4yfDb0a
IWG40LmY+ol+FnGltO88/TW/yKfANSPbORI2hDhpg95s2D05VKmXcuKR7SO92Wd/
2PKZMrJhMzKulkKEE7c39sYs0YBFctrXMf0sCX7U+F3T6geYV/+fxIjd0klSWzK6
bTrIxrG/k93JLP1tBFLTYnv/cd9d8H9dH0m/6jCDJRur6JI96XniYp97ohJIaOeM
uhn7/xsrC+7DdemP8cdEiLGXUYl9iv32WMoz7g7LZgImoWFyLbFIRI7Kw7QEpN4m
93llD7r+Utunm+3nOyxxzl5bJVkr9iBNX6dOi4Q3S5vNGT7Y3blPs+FJhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4dZeY+ZD2RmNXz0oYYauAL7QDqMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvN2gxbDVqNWtQWkdZMWZQU2hoaHE0QXZ0QU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hoMA0G
CSqGSIb3DQEBCwUAA4IBAQCOHWioGpAxc+47m+kVFW2hhJBaq187flfQwzRbIXNo
2TdH6hT/9woCvaWZvMWYOsrp5iPUeyRV4r6NLdJB0pa2pyByWFUlU7uPW4Q0iPjF
PcoCQmveTq73Y1vb7DVSvZ64xdT8BmIbcgtH0b5w6UOMZshV7vOmUZIkNfbYb+uv
n198WpoXFcbYYyL1nC4FIcLrT11h+2XCHe+6TIWiWIIxJzFjgMfjqx527aT9FmPx
HtbjBJZxk9KADQLGt95qai/3hB8cGD1HPak0AZm3ioSp39IhwDDJH60isi/ygDaS
30f+0dF2j2suRZqsLCxaH9oVBLHfocy27glW4VrVX9lo
-----END CERTIFICATE-----