Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/F9zGDMsYKk1kyoNA7CaGn0in9Ss.roa
File:                     F9zGDMsYKk1kyoNA7CaGn0in9Ss.roa (raw, json)
Hash identifier:          f1/QuB/XhxKjUnG6t087utjEUtFtY7Pq8RiBSpBSIy0=
Subject key identifier:   17:DC:C6:0C:CB:18:2A:4D:64:CA:83:40:EC:26:86:9F:48:A7:F5:2B
Certificate issuer:       /CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
Certificate serial:       019DF7D25E54480BFB468EE1A6EDF792DAFF
Authority key identifier: A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/F9zGDMsYKk1kyoNA7CaGn0in9Ss.roa
Signing time:             Tue 05 May 2026 11:07:32 +0000
ROA not before:           Tue 05 May 2026 11:07:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204834
IP address blocks:        87.248.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f7:d2:5e:54:48:0b:fb:46:8e:e1:a6:ed:f7:92:da:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
        Validity
            Not Before: May  5 11:07:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=17dcc60ccb182a4d64ca8340ec26869f48a7f52b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c0:7d:93:c2:a7:ff:04:dd:bc:bc:17:c5:8f:
                    a1:8a:69:33:62:d3:96:e2:56:2f:ca:be:22:b7:b8:
                    77:88:72:2e:9a:d4:fd:24:01:08:94:58:31:91:f5:
                    ae:47:8a:6c:13:a8:ce:7e:d3:31:6c:b0:7a:67:76:
                    cd:20:f8:4d:5c:4a:94:c0:01:e3:80:39:a8:56:1c:
                    e1:fa:6b:a9:d4:1e:c7:61:0b:3b:ab:2d:8d:01:34:
                    82:2e:40:84:00:00:3c:8e:7c:a6:c7:91:64:19:ca:
                    f6:c8:1b:62:42:cb:fd:ab:59:22:91:bb:6d:b8:e2:
                    39:f9:c8:85:a8:78:f6:13:81:3d:ae:28:d1:b8:c2:
                    d7:95:5b:79:b1:ca:b2:a1:48:75:1d:d6:fb:97:00:
                    3a:19:0d:b5:cb:51:68:46:0b:b3:3d:68:b2:ce:14:
                    44:4e:fe:dd:a6:f9:60:ac:41:5f:ba:7d:7d:56:15:
                    17:2d:fd:37:3e:47:b0:e1:53:01:ea:26:13:7a:3e:
                    86:aa:d0:7f:ae:8c:6c:fd:a2:51:1e:ff:5f:11:8c:
                    81:33:72:9d:22:fc:c4:df:a7:cf:c4:69:b9:fa:b0:
                    7f:ef:da:8a:e4:0e:ef:e3:a0:3d:7d:45:b6:96:13:
                    ff:66:c8:ab:bd:9e:a4:a3:1e:eb:5b:42:60:18:76:
                    69:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:DC:C6:0C:CB:18:2A:4D:64:CA:83:40:EC:26:86:9F:48:A7:F5:2B
            X509v3 Authority Key Identifier:
                keyid:A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/F9zGDMsYKk1kyoNA7CaGn0in9Ss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:7b:e5:94:5f:fe:dd:a8:be:3e:45:e4:8a:bf:35:1e:db:e3:
         62:b1:38:82:31:6a:43:b1:90:f1:d7:f6:fb:43:9c:db:cc:00:
         e7:ee:4a:4c:77:fc:27:e4:82:86:f3:d9:6b:f5:17:81:e1:27:
         9a:84:2a:22:11:df:72:47:9b:47:84:be:80:0e:09:7e:0c:ef:
         07:47:11:34:d3:90:7a:2b:82:ba:d3:50:7a:5c:70:67:35:44:
         04:28:89:3a:2d:8f:de:8c:6e:20:52:44:78:08:78:58:6f:42:
         bf:f4:38:4f:c4:82:b5:b8:09:1a:08:b9:1b:4f:81:05:2d:97:
         0b:0a:32:c5:c9:69:80:25:90:a9:15:ab:b3:f6:57:71:6e:86:
         d0:54:76:6c:50:62:15:c6:c3:ca:a8:32:90:a3:8d:39:be:47:
         bd:20:ba:3a:ef:24:00:4e:66:22:8d:35:d1:71:d4:38:53:4a:
         6f:01:1c:88:f9:04:16:e9:f0:35:92:d8:c7:a6:ef:7a:a2:2d:
         0b:4e:ac:45:81:da:82:42:9b:4a:16:d7:86:d0:01:8b:67:7d:
         90:2d:8f:9a:95:b5:44:d7:4a:7d:ba:d0:4d:40:24:fb:21:60:
         a1:3a:f2:6d:8d:1e:0f:7c:4b:5d:51:a1:cd:24:0b:cc:7c:53:
         4a:dc:c6:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ330l5USAv7Ro7hpu33ktr/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MGNlZTc1ODJlOTc1OWJlMDE2YzkzMWFiMzRkOTI4NWQy
ZmM4YjQwHhcNMjYwNTA1MTEwNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2RjYzYwY2NiMTgyYTRkNjRjYTgzNDBlYzI2ODY5ZjQ4YTdmNTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMB9k8Kn/wTdvLwXxY+himkzYtOW
4lYvyr4it7h3iHIumtT9JAEIlFgxkfWuR4psE6jOftMxbLB6Z3bNIPhNXEqUwAHj
gDmoVhzh+mup1B7HYQs7qy2NATSCLkCEAAA8jnymx5FkGcr2yBtiQsv9q1kikbtt
uOI5+ciFqHj2E4E9rijRuMLXlVt5scqyoUh1Hdb7lwA6GQ21y1FoRguzPWiyzhRE
Tv7dpvlgrEFfun19VhUXLf03Pkew4VMB6iYTej6GqtB/roxs/aJRHv9fEYyBM3Kd
IvzE36fPxGm5+rB/79qK5A7v46A9fUW2lhP/ZsirvZ6kox7rW0JgGHZpdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfcxgzLGCpNZMqDQOwmhp9Ip/UrMB8GA1UdIwQY
MBaAFKYM7nWC6XWb4BbJMas02ShdL8i0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTct
ZDNiMzhjZTlkYzM0LzEvRjl6R0RNc1lLazFreW9OQTdDYUduMGluOVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTctZDNiMzhjZTlkYzM0
LzEvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iVMA0G
CSqGSIb3DQEBCwUAA4IBAQAae+WUX/7dqL4+ReSKvzUe2+NisTiCMWpDsZDx1/b7
Q5zbzADn7kpMd/wn5IKG89lr9ReB4SeahCoiEd9yR5tHhL6ADgl+DO8HRxE005B6
K4K601B6XHBnNUQEKIk6LY/ejG4gUkR4CHhYb0K/9DhPxIK1uAkaCLkbT4EFLZcL
CjLFyWmAJZCpFauz9ldxbobQVHZsUGIVxsPKqDKQo405vke9ILo67yQATmYijTXR
cdQ4U0pvARyI+QQW6fA1ktjHpu96oi0LTqxFgdqCQptKFteG0AGLZ32QLY+albVE
10p9utBNQCT7IWChOvJtjR4PfEtdUaHNJAvMfFNK3MZr
-----END CERTIFICATE-----