Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/m7L8GdBSJuHsneaCtMC9pI2g3BE.roa
File:                     m7L8GdBSJuHsneaCtMC9pI2g3BE.roa (raw, json)
Hash identifier:          3YAZliRjuOyVqU2J+wnklyVi5UbfdetsxH5GTzeE2T4=
Subject key identifier:   9B:B2:FC:19:D0:52:26:E1:EC:9D:E6:82:B4:C0:BD:A4:8D:A0:DC:11
Certificate issuer:       /CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
Certificate serial:       019D26B6ABA7EBAD27FF91009366AA536753
Authority key identifier: 5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/m7L8GdBSJuHsneaCtMC9pI2g3BE.roa
Signing time:             Wed 25 Mar 2026 20:36:38 +0000
ROA not before:           Wed 25 Mar 2026 20:36:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199794
IP address blocks:        87.232.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:26:b6:ab:a7:eb:ad:27:ff:91:00:93:66:aa:53:67:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
        Validity
            Not Before: Mar 25 20:36:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9bb2fc19d05226e1ec9de682b4c0bda48da0dc11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:0f:5c:1d:67:45:d6:4a:76:85:1b:7d:54:3e:
                    77:40:26:20:d4:0d:bb:98:a2:40:5b:6a:30:50:7f:
                    b5:11:0c:11:f6:e8:ba:b4:7a:58:64:5a:98:05:b6:
                    9a:b5:ee:d5:05:ee:de:b3:15:dd:58:c4:59:ed:52:
                    60:ae:a1:34:b1:e3:da:89:5e:0a:8a:87:02:19:ee:
                    e1:6f:80:ae:85:11:29:74:69:69:b4:1c:0c:8b:55:
                    2e:95:df:df:0f:70:92:ad:7f:9f:01:65:1d:a9:1d:
                    a6:6c:3c:1f:c7:3d:15:0e:25:53:0d:53:5d:23:08:
                    a9:dd:36:a0:a3:dd:39:b2:be:e0:bb:b2:61:bb:40:
                    8b:85:06:64:8a:63:0c:0c:da:96:da:c7:02:bd:b5:
                    5c:9b:c6:e0:3d:13:e9:85:4a:05:3a:5d:82:51:d1:
                    7a:a7:27:d0:d6:5d:64:7e:3e:76:75:21:c4:3c:5d:
                    20:50:7e:80:ba:df:0a:8b:6e:fb:3c:51:d6:de:97:
                    31:52:20:64:31:30:da:d9:28:0d:2f:f0:0f:e4:fa:
                    33:13:2b:83:55:49:e0:bb:30:21:79:53:c2:a1:96:
                    99:d5:08:8b:53:15:13:ba:86:ee:ea:12:62:53:12:
                    24:68:3b:71:3a:08:bb:92:80:40:cd:c1:cd:5a:6d:
                    8b:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:B2:FC:19:D0:52:26:E1:EC:9D:E6:82:B4:C0:BD:A4:8D:A0:DC:11
            X509v3 Authority Key Identifier:
                keyid:5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/m7L8GdBSJuHsneaCtMC9pI2g3BE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:27:60:33:db:23:33:a9:9d:72:56:03:9a:1b:ca:82:0f:67:
         dc:98:6a:e7:3f:cd:42:76:6d:f0:0c:91:a0:f8:19:d3:a4:16:
         aa:5f:3d:46:a0:7b:c1:78:fc:c9:1e:29:b1:45:cd:de:41:24:
         2c:a1:20:6a:4e:8c:80:bf:90:0e:b1:b5:e5:d9:15:50:eb:71:
         d8:15:b4:fb:bb:78:ea:bd:b9:6b:ce:5e:a2:b4:b5:51:1d:10:
         67:e8:86:36:b2:72:50:bf:d6:71:ce:81:41:03:82:30:61:a4:
         fd:c3:7b:ed:c1:be:56:fb:c2:7b:91:41:cc:0c:97:eb:80:0a:
         a7:8b:9c:f4:70:60:ec:08:15:d3:9a:8b:db:2f:f1:57:cb:b3:
         b7:b7:ae:5a:95:99:d2:b1:05:b3:5f:13:30:81:cc:d5:d0:de:
         67:3a:d8:9d:c0:e8:e2:ab:00:bc:84:41:13:68:86:ff:d5:81:
         db:14:01:7d:3c:44:62:18:db:88:8d:1e:7d:f7:fd:31:b8:58:
         38:d7:74:f0:7a:e9:60:72:ff:f8:cb:3a:a2:30:d2:4f:da:74:
         16:bd:7b:34:1a:f6:f4:14:b7:f6:26:52:7d:0c:a6:22:e0:f4:
         f0:c9:7d:8c:b4:22:09:1d:ac:e9:73:09:fc:5f:3b:d9:0d:8d:
         8e:3b:21:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0mtqun660n/5EAk2aqU2dTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZTUzYzBiZmMzYzhmYjU2YjgxMTkxMzE3MTQ0NDQzZTBl
MjlkMjUwHhcNMjYwMzI1MjAzNjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmIyZmMxOWQwNTIyNmUxZWM5ZGU2ODJiNGMwYmRhNDhkYTBkYzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0A9cHWdF1kp2hRt9VD53QCYg1A27
mKJAW2owUH+1EQwR9ui6tHpYZFqYBbaate7VBe7esxXdWMRZ7VJgrqE0sePaiV4K
iocCGe7hb4CuhREpdGlptBwMi1Uuld/fD3CSrX+fAWUdqR2mbDwfxz0VDiVTDVNd
Iwip3Tago905sr7gu7Jhu0CLhQZkimMMDNqW2scCvbVcm8bgPRPphUoFOl2CUdF6
pyfQ1l1kfj52dSHEPF0gUH6Aut8Ki277PFHW3pcxUiBkMTDa2SgNL/AP5PozEyuD
VUnguzAheVPCoZaZ1QiLUxUTuobu6hJiUxIkaDtxOgi7koBAzcHNWm2LcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJuy/BnQUibh7J3mgrTAvaSNoNwRMB8GA1UdIwQY
MBaAFF/lPAv8PI+1a4EZExcUREPg4p0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDct
NWNmNTZlZTQzNWIzLzEvbTdMOEdkQlNKdUhzbmVhQ3RNQzlwSTJnM0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDctNWNmNTZlZTQzNWIz
LzEvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hQMA0G
CSqGSIb3DQEBCwUAA4IBAQAGJ2Az2yMzqZ1yVgOaG8qCD2fcmGrnP81Cdm3wDJGg
+BnTpBaqXz1GoHvBePzJHimxRc3eQSQsoSBqToyAv5AOsbXl2RVQ63HYFbT7u3jq
vblrzl6itLVRHRBn6IY2snJQv9ZxzoFBA4IwYaT9w3vtwb5W+8J7kUHMDJfrgAqn
i5z0cGDsCBXTmovbL/FXy7O3t65alZnSsQWzXxMwgczV0N5nOtidwOjiqwC8hEET
aIb/1YHbFAF9PERiGNuIjR599/0xuFg413Tweulgcv/4yzqiMNJP2nQWvXs0Gvb0
FLf2JlJ9DKYi4PTwyX2MtCIJHazpcwn8XzvZDY2OOyHU
-----END CERTIFICATE-----