Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/z3LBj92CRHHEO5gfqa-shqfBz_8.roa
File:                     z3LBj92CRHHEO5gfqa-shqfBz_8.roa (raw, json)
Hash identifier:          bof7eYtB9ryT0UVyWq/iZA2BXTrmPtSACX263qbmEnc=
Subject key identifier:   CF:72:C1:8F:DD:82:44:71:C4:3B:98:1F:A9:AF:AC:86:A7:C1:CF:FF
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019DA59FB63B3842454E67538462D0AEB273
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/z3LBj92CRHHEO5gfqa-shqfBz_8.roa
Signing time:             Sun 19 Apr 2026 12:03:20 +0000
ROA not before:           Sun 19 Apr 2026 12:03:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215968
IP address blocks:        87.232.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a5:9f:b6:3b:38:42:45:4e:67:53:84:62:d0:ae:b2:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Apr 19 12:03:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf72c18fdd824471c43b981fa9afac86a7c1cfff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:eb:1d:bc:fe:15:6f:90:3f:4c:5b:97:3a:88:
                    47:6a:4a:7d:ee:62:20:8e:85:6e:e1:72:09:12:45:
                    01:cb:04:da:a8:d2:53:9d:5c:90:63:a7:4a:57:5c:
                    da:df:54:00:9d:5e:bf:cf:f5:9e:4d:56:4d:cf:d7:
                    9a:4f:c2:a5:f1:65:80:0a:ce:0b:25:b0:0b:b0:4a:
                    3f:a0:81:98:2d:ae:f5:ff:39:20:91:41:87:dc:3a:
                    99:e2:57:2a:21:f6:3c:f8:88:33:36:45:fe:49:20:
                    84:65:07:eb:80:a2:87:3e:3c:23:89:fa:15:9f:25:
                    3c:6a:9f:73:25:17:73:ea:d1:d7:e3:4a:93:f4:76:
                    5b:2c:4b:e9:41:f4:fe:83:f1:3a:f8:52:f4:b0:d7:
                    ab:47:5f:c3:21:e1:36:f2:f8:32:11:38:9e:0c:8b:
                    b4:b4:be:59:db:a2:e8:1a:56:93:45:56:00:c8:3f:
                    da:75:c2:75:7a:b3:41:71:c0:a9:8b:9d:6e:92:21:
                    e6:f4:12:bf:16:5f:4c:77:0d:bb:b6:f6:25:2b:fd:
                    83:c0:c6:88:a9:6e:2b:81:1c:2b:d9:d1:14:fb:62:
                    a7:8f:d4:98:73:c7:d4:4a:0a:32:c3:c1:1d:95:19:
                    6f:d5:63:5c:54:78:e1:49:ed:39:45:cb:e0:b1:d5:
                    1d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:72:C1:8F:DD:82:44:71:C4:3B:98:1F:A9:AF:AC:86:A7:C1:CF:FF
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/z3LBj92CRHHEO5gfqa-shqfBz_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:55:d5:09:7a:d2:43:2a:42:f2:d9:b6:23:85:6f:5c:29:a7:
         ef:2e:5c:f1:8c:c4:e0:9f:20:32:39:f5:fb:62:42:42:d0:27:
         1c:56:23:7b:af:6f:ac:62:61:f5:d0:4f:5e:83:b9:4a:e7:92:
         e6:de:b7:d3:e5:10:1d:3e:d0:f4:ac:44:1f:21:11:84:19:cb:
         61:77:f0:e9:15:5a:de:10:e2:08:7f:0e:93:f0:d6:0c:44:ce:
         b0:13:cd:84:b5:55:cf:39:ca:e3:86:5e:5d:cb:41:a6:b4:bb:
         5f:cc:36:16:26:ba:c7:cc:5e:59:bf:70:91:6c:18:34:fc:79:
         20:5c:06:ef:6e:96:92:66:d6:86:0f:58:4f:8e:2a:39:f1:26:
         a7:96:07:d4:b4:ec:06:e7:28:fd:18:90:79:23:05:39:47:89:
         1d:b1:b3:19:f0:54:00:94:93:5c:e5:bc:41:37:f2:4d:87:4f:
         1e:3b:f3:d1:19:cf:a6:cf:83:b8:6d:07:76:2d:86:c8:74:b1:
         86:d4:8e:42:0f:57:35:7c:73:ab:f0:82:a0:a8:5f:6b:91:90:
         33:f5:b0:89:e7:fd:4e:f1:87:35:46:3d:76:03:1d:07:b7:8c:
         b5:99:d2:d0:68:07:f5:d9:ff:57:7e:43:1a:ba:b0:c3:45:f9:
         03:21:e3:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2ln7Y7OEJFTmdThGLQrrJzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNDE5MTIwMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjcyYzE4ZmRkODI0NDcxYzQzYjk4MWZhOWFmYWM4NmE3YzFjZmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAresdvP4Vb5A/TFuXOohHakp97mIg
joVu4XIJEkUBywTaqNJTnVyQY6dKV1za31QAnV6/z/WeTVZNz9eaT8Kl8WWACs4L
JbALsEo/oIGYLa71/zkgkUGH3DqZ4lcqIfY8+IgzNkX+SSCEZQfrgKKHPjwjifoV
nyU8ap9zJRdz6tHX40qT9HZbLEvpQfT+g/E6+FL0sNerR1/DIeE28vgyETieDIu0
tL5Z26LoGlaTRVYAyD/adcJ1erNBccCpi51ukiHm9BK/Fl9Mdw27tvYlK/2DwMaI
qW4rgRwr2dEU+2Knj9SYc8fUSgoyw8EdlRlv1WNcVHjhSe05RcvgsdUdUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9ywY/dgkRxxDuYH6mvrIanwc//MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvejNMQmo5MkNSSEhFTzVnZnFhLXNocWZCel84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hkMA0G
CSqGSIb3DQEBCwUAA4IBAQC/VdUJetJDKkLy2bYjhW9cKafvLlzxjMTgnyAyOfX7
YkJC0CccViN7r2+sYmH10E9eg7lK55Lm3rfT5RAdPtD0rEQfIRGEGcthd/DpFVre
EOIIfw6T8NYMRM6wE82EtVXPOcrjhl5dy0GmtLtfzDYWJrrHzF5Zv3CRbBg0/Hkg
XAbvbpaSZtaGD1hPjio58SanlgfUtOwG5yj9GJB5IwU5R4kdsbMZ8FQAlJNc5bxB
N/JNh08eO/PRGc+mz4O4bQd2LYbIdLGG1I5CD1c1fHOr8IKgqF9rkZAz9bCJ5/1O
8Yc1Rj12Ax0Ht4y1mdLQaAf12f9XfkMaurDDRfkDIeMY
-----END CERTIFICATE-----