Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/xJv0jE46YN2mbzs5eNU-ob4QwOg.roa
File:                     xJv0jE46YN2mbzs5eNU-ob4QwOg.roa (raw, json)
Hash identifier:          Y5TYsFH1B/E8aRNGtDb7/691TMD/vaPmGyNJAC1jOo8=
Subject key identifier:   C4:9B:F4:8C:4E:3A:60:DD:A6:6F:3B:39:78:D5:3E:A1:BE:10:C0:E8
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019DD5A9832F23DB0230FE32534AFBE9B679
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/xJv0jE46YN2mbzs5eNU-ob4QwOg.roa
Signing time:             Tue 28 Apr 2026 19:55:49 +0000
ROA not before:           Tue 28 Apr 2026 19:55:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5065
IP address blocks:        87.232.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d5:a9:83:2f:23:db:02:30:fe:32:53:4a:fb:e9:b6:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Apr 28 19:55:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c49bf48c4e3a60dda66f3b3978d53ea1be10c0e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ae:fa:92:58:6c:99:a7:fe:f8:47:c7:de:4f:
                    87:96:68:f7:79:d0:30:bd:e3:fd:1c:19:3c:3f:af:
                    45:5f:b5:19:da:15:8a:b8:b4:6d:37:44:4b:95:b3:
                    8c:6a:c1:0a:63:12:ef:50:62:62:76:5b:02:64:4d:
                    d2:f2:fd:11:40:b0:9b:7d:88:83:67:95:9a:16:59:
                    27:76:bd:9e:98:ae:d6:3f:c6:b6:30:87:1a:2b:0e:
                    d6:7b:f4:3a:bd:48:50:03:b9:60:0b:9c:bb:10:e5:
                    0d:f8:7f:d7:9c:4e:5a:8e:65:19:5f:51:6f:22:9a:
                    4d:50:46:a1:5d:ab:d9:9f:1c:2f:20:4d:3e:6a:7c:
                    80:69:01:b2:4f:89:70:4e:b3:c2:d3:56:73:29:b3:
                    c1:bd:8c:37:3f:6d:5b:a8:98:62:56:5b:7c:82:d3:
                    ca:25:77:70:a2:bd:43:6d:1e:16:c5:5d:c8:fd:28:
                    b8:0c:78:8d:6a:3f:d7:97:79:04:4b:b0:33:b9:f9:
                    ab:a5:e9:5c:79:6d:59:5d:84:d5:47:9c:6a:be:91:
                    b9:b5:74:d5:c5:2e:09:9e:57:42:15:35:6b:7a:3a:
                    af:19:67:e7:e1:58:ed:6f:7d:dc:f8:e3:8e:b8:57:
                    a2:da:ae:8d:06:ad:b1:c0:98:39:f4:89:0d:28:9f:
                    f5:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:9B:F4:8C:4E:3A:60:DD:A6:6F:3B:39:78:D5:3E:A1:BE:10:C0:E8
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/xJv0jE46YN2mbzs5eNU-ob4QwOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:c6:a9:6f:31:65:f0:fe:5c:ee:4d:14:5b:f9:40:bc:b7:7e:
         dd:f9:09:36:a4:dc:aa:6e:5d:f6:64:8c:89:23:0f:13:f7:ea:
         8b:ff:9b:b4:8a:9e:e5:d5:b9:42:bf:f5:d4:cf:fc:87:84:62:
         d7:4d:21:c6:17:85:7d:53:e5:d6:cd:ff:64:87:07:6c:3e:a6:
         a4:71:4c:c6:24:17:4e:0d:be:d2:2a:25:0a:e4:dc:10:d1:52:
         bf:31:ca:6a:9d:bd:26:4d:dd:94:f8:b8:9f:de:0e:d2:97:4c:
         81:de:a6:0d:81:97:68:a8:06:66:d1:8e:56:77:1d:49:94:e4:
         4b:b6:1e:2e:af:b4:fe:c6:b6:5d:53:5e:cc:e4:39:e9:d8:32:
         74:fd:fb:3e:75:4d:56:d6:08:28:79:62:fb:b3:24:21:c4:fe:
         cc:03:ba:22:76:eb:b4:27:af:77:08:67:23:25:d7:19:08:6d:
         b1:41:f8:ff:1e:f0:e8:b7:eb:10:f8:3b:75:d7:a4:02:dd:13:
         f8:d3:16:de:d7:fe:59:42:a6:ab:fb:76:23:e5:9a:62:ad:24:
         0e:7b:a4:49:17:5c:63:fb:75:8d:df:40:c0:9a:ad:3c:7a:56:
         65:f0:5d:21:dd:6a:b2:f6:fc:ba:6c:bd:f0:64:0b:33:d4:fb:
         3f:37:61:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3VqYMvI9sCMP4yU0r76bZ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNDI4MTk1NTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDliZjQ4YzRlM2E2MGRkYTY2ZjNiMzk3OGQ1M2VhMWJlMTBjMGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlK76klhsmaf++EfH3k+Hlmj3edAw
veP9HBk8P69FX7UZ2hWKuLRtN0RLlbOMasEKYxLvUGJidlsCZE3S8v0RQLCbfYiD
Z5WaFlkndr2emK7WP8a2MIcaKw7We/Q6vUhQA7lgC5y7EOUN+H/XnE5ajmUZX1Fv
IppNUEahXavZnxwvIE0+anyAaQGyT4lwTrPC01ZzKbPBvYw3P21bqJhiVlt8gtPK
JXdwor1DbR4WxV3I/Si4DHiNaj/Xl3kES7AzufmrpelceW1ZXYTVR5xqvpG5tXTV
xS4JnldCFTVrejqvGWfn4Vjtb33c+OOOuFei2q6NBq2xwJg59IkNKJ/1EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSb9IxOOmDdpm87OXjVPqG+EMDoMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEveEp2MGpFNDZZTjJtYnpzNWVOVS1vYjRRd09nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hvMA0G
CSqGSIb3DQEBCwUAA4IBAQCoxqlvMWXw/lzuTRRb+UC8t37d+Qk2pNyqbl32ZIyJ
Iw8T9+qL/5u0ip7l1blCv/XUz/yHhGLXTSHGF4V9U+XWzf9khwdsPqakcUzGJBdO
Db7SKiUK5NwQ0VK/Mcpqnb0mTd2U+Lif3g7Sl0yB3qYNgZdoqAZm0Y5Wdx1JlORL
th4ur7T+xrZdU17M5Dnp2DJ0/fs+dU1W1ggoeWL7syQhxP7MA7oiduu0J693CGcj
JdcZCG2xQfj/HvDot+sQ+Dt116QC3RP40xbe1/5ZQqar+3Yj5ZpirSQOe6RJF1xj
+3WN30DAmq08elZl8F0h3Wqy9vy6bL3wZAsz1Ps/N2FT
-----END CERTIFICATE-----