Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/el0okByxgtDO8eDVRtN3feI8ob8.roa
File:                     el0okByxgtDO8eDVRtN3feI8ob8.roa (raw, json)
Hash identifier:          i9sQPCfHGmq5+p3p3F4wX95Y4kFAyICHIp866QHLmpw=
Subject key identifier:   7A:5D:28:90:1C:B1:82:D0:CE:F1:E0:D5:46:D3:77:7D:E2:3C:A1:BF
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019DB4FEBDA73D928212C6A963ABBCE3B931
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/el0okByxgtDO8eDVRtN3feI8ob8.roa
Signing time:             Wed 22 Apr 2026 11:41:26 +0000
ROA not before:           Wed 22 Apr 2026 11:41:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64160
IP address blocks:        87.232.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:fe:bd:a7:3d:92:82:12:c6:a9:63:ab:bc:e3:b9:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Apr 22 11:41:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a5d28901cb182d0cef1e0d546d3777de23ca1bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:53:83:fc:db:af:cb:8a:bf:dc:ed:29:2c:03:
                    56:a9:cb:2f:38:65:91:dd:fd:61:70:b9:a2:50:27:
                    17:3f:82:ad:a1:86:c3:f1:14:1f:38:f2:e9:7a:b5:
                    bc:83:ff:2c:ae:cf:82:99:aa:35:3e:20:83:5c:40:
                    9a:89:4a:a0:d1:1f:eb:dd:b6:74:c5:d0:ac:28:92:
                    38:b7:ad:76:61:91:fe:fe:34:d3:fe:db:05:40:1d:
                    41:3d:2d:4a:e2:e5:e3:e2:47:93:93:0b:fd:0d:2b:
                    69:04:f4:eb:d8:ef:76:fb:38:12:e8:a2:fb:17:88:
                    99:08:87:66:7b:35:c3:b6:a9:77:2c:8a:55:2a:ce:
                    ba:be:24:f6:3e:89:d9:3c:f5:ee:41:2c:b5:3b:4a:
                    8b:b0:04:06:94:cf:d5:d2:a5:b5:a5:3e:1e:f8:af:
                    a1:b0:f7:71:34:51:72:b7:28:24:22:dc:cf:f3:42:
                    68:01:3e:2e:1a:b1:af:72:2c:a9:50:f8:40:37:09:
                    17:51:39:9a:20:15:4a:ab:be:79:0d:31:0d:b7:77:
                    3c:b0:eb:09:03:d7:a8:d9:01:8c:42:74:22:9a:24:
                    45:2a:db:e9:96:4b:5c:de:4a:e3:b6:47:ca:dd:06:
                    e4:c5:3e:44:4a:78:4a:3e:5a:0f:90:31:39:f2:bb:
                    03:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:5D:28:90:1C:B1:82:D0:CE:F1:E0:D5:46:D3:77:7D:E2:3C:A1:BF
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/el0okByxgtDO8eDVRtN3feI8ob8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:49:74:1d:53:c0:8e:53:ed:8e:31:05:b0:80:ab:77:08:dc:
         b9:d3:73:04:ac:cf:60:93:84:39:9a:c1:07:7a:4e:54:73:80:
         c3:e0:66:ad:f5:c2:95:59:cb:12:4c:eb:6f:22:11:b4:44:cd:
         5f:1f:21:ac:a1:7e:e4:26:d1:45:42:79:d3:de:43:30:e4:88:
         02:23:dd:c3:37:f6:3d:5c:19:5d:3a:ad:c2:b9:90:29:7f:b8:
         17:bd:71:20:5b:c1:03:36:c6:91:54:ea:31:92:d5:57:07:6e:
         b2:c0:d0:53:a5:1e:57:81:2f:ea:0d:29:06:2b:e6:42:7d:a9:
         6f:9b:8b:a5:9d:19:bb:35:18:79:dc:96:1d:a2:21:ef:2c:b1:
         86:71:64:fc:83:68:0d:f0:18:5e:cc:96:8c:f2:e7:75:09:3f:
         55:ba:74:b3:9c:40:50:64:bf:5d:c8:7a:bf:0e:94:95:ee:a7:
         38:ae:38:33:1b:5b:52:ad:1a:7b:b8:0c:e9:56:52:a1:42:fd:
         63:aa:b0:7e:33:9b:6b:73:88:81:23:77:04:2e:4e:f2:b8:99:
         21:9a:3f:52:59:a8:83:9e:2a:de:cf:02:bf:9d:7f:09:5e:ca:
         b5:e4:9e:03:7b:28:c8:cc:2f:41:a2:81:8c:80:20:2a:52:41:
         38:f9:b2:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ20/r2nPZKCEsapY6u847kxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNDIyMTE0MTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTVkMjg5MDFjYjE4MmQwY2VmMWUwZDU0NmQzNzc3ZGUyM2NhMWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlOD/Nuvy4q/3O0pLANWqcsvOGWR
3f1hcLmiUCcXP4KtoYbD8RQfOPLperW8g/8srs+Cmao1PiCDXECaiUqg0R/r3bZ0
xdCsKJI4t612YZH+/jTT/tsFQB1BPS1K4uXj4keTkwv9DStpBPTr2O92+zgS6KL7
F4iZCIdmezXDtql3LIpVKs66viT2PonZPPXuQSy1O0qLsAQGlM/V0qW1pT4e+K+h
sPdxNFFytygkItzP80JoAT4uGrGvciypUPhANwkXUTmaIBVKq755DTENt3c8sOsJ
A9eo2QGMQnQimiRFKtvplktc3krjtkfK3QbkxT5ESnhKPloPkDE58rsDlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHpdKJAcsYLQzvHg1UbTd33iPKG/MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvZWwwb2tCeXhndERPOGVEVlJ0TjNmZUk4b2I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+htMA0G
CSqGSIb3DQEBCwUAA4IBAQBtSXQdU8COU+2OMQWwgKt3CNy503MErM9gk4Q5msEH
ek5Uc4DD4Gat9cKVWcsSTOtvIhG0RM1fHyGsoX7kJtFFQnnT3kMw5IgCI93DN/Y9
XBldOq3CuZApf7gXvXEgW8EDNsaRVOoxktVXB26ywNBTpR5XgS/qDSkGK+ZCfalv
m4ulnRm7NRh53JYdoiHvLLGGcWT8g2gN8BhezJaM8ud1CT9VunSznEBQZL9dyHq/
DpSV7qc4rjgzG1tSrRp7uAzpVlKhQv1jqrB+M5trc4iBI3cELk7yuJkhmj9SWaiD
nirezwK/nX8JXsq15J4DeyjIzC9BooGMgCAqUkE4+bK4
-----END CERTIFICATE-----