Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/lrweZiSjlgHqgBNyk5JF5iC3jsU.roa
File:                     lrweZiSjlgHqgBNyk5JF5iC3jsU.roa (raw, json)
Hash identifier:          +2TCUIQ339e21cgXf4PNZFT2eloz8XQMUvYOW8cr1IU=
Subject key identifier:   96:BC:1E:66:24:A3:96:01:EA:80:13:72:93:92:45:E6:20:B7:8E:C5
Certificate issuer:       /CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
Certificate serial:       019D1A8DBCD0D762B49197C3DA42955881F0
Authority key identifier: 5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/lrweZiSjlgHqgBNyk5JF5iC3jsU.roa
Signing time:             Mon 23 Mar 2026 11:56:29 +0000
ROA not before:           Mon 23 Mar 2026 11:56:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214578
IP address blocks:        87.232.84.0/24 maxlen: 24
                          87.232.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1a:8d:bc:d0:d7:62:b4:91:97:c3:da:42:95:58:81:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
        Validity
            Not Before: Mar 23 11:56:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=96bc1e6624a39601ea801372939245e620b78ec5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:fd:50:3b:e9:56:ce:fe:0d:6d:67:73:31:cb:
                    63:f0:09:b9:b6:20:a0:d3:c3:29:e6:c6:58:62:be:
                    a0:53:69:5e:13:a0:79:b0:3d:8a:0d:5d:0b:96:b0:
                    8a:52:a7:0f:64:a5:68:af:68:5c:f7:b3:87:6c:4b:
                    68:ed:2b:29:10:3a:2d:17:58:76:3d:02:d1:0b:a0:
                    02:59:a8:0e:67:d3:d1:95:32:84:37:2a:1f:53:21:
                    1a:02:cb:cf:a4:ff:c3:81:cc:09:8b:f8:ea:68:18:
                    a3:8b:29:94:31:31:df:9a:e3:17:b2:21:22:ef:6d:
                    ae:53:d4:66:d4:38:6f:2d:55:eb:ff:51:75:c3:1a:
                    71:60:de:09:a8:dc:01:99:f8:c9:56:44:e1:da:41:
                    25:52:11:d6:6b:df:ea:5d:51:f4:33:a0:c3:17:80:
                    27:5c:97:0e:95:16:52:2c:d8:17:16:2d:de:20:06:
                    0e:a6:ab:ea:cc:15:af:67:35:b2:f8:cc:e4:12:d8:
                    4e:9d:81:b5:0c:55:55:d9:5e:62:0c:28:9c:b3:97:
                    33:ad:ac:d0:61:c4:4e:ff:0d:ed:9e:3f:e3:f5:31:
                    ae:41:aa:54:3c:3e:72:11:72:58:aa:21:db:fb:0b:
                    ad:64:a4:c5:ab:af:64:d1:0e:1e:2d:c9:9c:bc:9e:
                    e8:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:BC:1E:66:24:A3:96:01:EA:80:13:72:93:92:45:E6:20:B7:8E:C5
            X509v3 Authority Key Identifier:
                keyid:5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/lrweZiSjlgHqgBNyk5JF5iC3jsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.84.0/24
                  87.232.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:a3:c7:6f:2f:7c:c5:96:64:8c:ec:b5:f8:59:69:b9:27:36:
         6b:62:c5:36:e6:5d:33:89:95:b4:14:c1:5a:69:d7:c9:ad:57:
         cc:08:41:7c:19:60:04:a0:91:ab:80:55:57:84:32:88:bd:d4:
         9c:a0:4c:f7:0e:89:d5:46:53:84:7a:9e:a0:19:c1:5a:10:57:
         53:b3:fa:96:2b:2f:06:8a:d7:12:de:27:ff:5e:2b:6b:31:a9:
         2b:c5:ca:94:7f:0f:4a:5f:88:e4:f1:29:05:54:f2:1d:a4:a4:
         4c:71:26:bf:e4:39:33:48:f0:8b:37:84:d5:72:bd:92:bf:a9:
         ee:77:08:21:4f:f3:90:86:be:34:65:b8:7c:6a:25:f6:47:45:
         0f:ad:5a:a0:cd:8e:0b:c1:c2:5b:c2:e3:9d:7f:38:06:e0:84:
         8b:70:4d:40:65:01:25:ed:0d:73:48:90:9b:4a:ec:d2:42:a5:
         22:87:72:30:2a:46:e0:e4:cc:61:fd:0f:2e:5e:7b:4e:23:b5:
         f5:41:f0:2f:ab:66:9d:1f:9b:66:93:24:3b:a3:82:39:09:ac:
         27:90:14:63:73:dc:66:d1:eb:c0:f7:c3:c0:7a:72:cc:b3:d0:
         9a:1f:dd:42:48:c5:84:a1:fb:4f:3d:40:e2:0e:37:00:2e:c8:
         a2:21:36:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0ajbzQ12K0kZfD2kKVWIHwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZTUzYzBiZmMzYzhmYjU2YjgxMTkxMzE3MTQ0NDQzZTBl
MjlkMjUwHhcNMjYwMzIzMTE1NjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmJjMWU2NjI0YTM5NjAxZWE4MDEzNzI5MzkyNDVlNjIwYjc4ZWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwP1QO+lWzv4NbWdzMctj8Am5tiCg
08Mp5sZYYr6gU2leE6B5sD2KDV0LlrCKUqcPZKVor2hc97OHbEto7SspEDotF1h2
PQLRC6ACWagOZ9PRlTKENyofUyEaAsvPpP/DgcwJi/jqaBijiymUMTHfmuMXsiEi
722uU9Rm1DhvLVXr/1F1wxpxYN4JqNwBmfjJVkTh2kElUhHWa9/qXVH0M6DDF4An
XJcOlRZSLNgXFi3eIAYOpqvqzBWvZzWy+MzkEthOnYG1DFVV2V5iDCics5czrazQ
YcRO/w3tnj/j9TGuQapUPD5yEXJYqiHb+wutZKTFq69k0Q4eLcmcvJ7o9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJa8HmYko5YB6oATcpOSReYgt47FMB8GA1UdIwQY
MBaAFF/lPAv8PI+1a4EZExcUREPg4p0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDct
NWNmNTZlZTQzNWIzLzEvbHJ3ZVppU2psZ0hxZ0JOeWs1SkY1aUMzanNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDctNWNmNTZlZTQzNWIz
LzEvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV+hUAwQA
V+hbMA0GCSqGSIb3DQEBCwUAA4IBAQCSo8dvL3zFlmSM7LX4WWm5JzZrYsU25l0z
iZW0FMFaadfJrVfMCEF8GWAEoJGrgFVXhDKIvdScoEz3DonVRlOEep6gGcFaEFdT
s/qWKy8GitcS3if/XitrMakrxcqUfw9KX4jk8SkFVPIdpKRMcSa/5DkzSPCLN4TV
cr2Sv6nudwghT/OQhr40Zbh8aiX2R0UPrVqgzY4LwcJbwuOdfzgG4ISLcE1AZQEl
7Q1zSJCbSuzSQqUih3IwKkbg5Mxh/Q8uXntOI7X1QfAvq2adH5tmkyQ7o4I5Cawn
kBRjc9xm0evA98PAenLMs9CaH91CSMWEoftPPUDiDjcALsiiITbD
-----END CERTIFICATE-----