Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/YPkt1jruYotHGMDoh_NhQbS7AZ0.roa
File:                     YPkt1jruYotHGMDoh_NhQbS7AZ0.roa (raw, json)
Hash identifier:          vBMT0xvVWKDdvl7r1JWRUSdw/li+beCVD6lJ4Us1gWU=
Subject key identifier:   60:F9:2D:D6:3A:EE:62:8B:47:18:C0:E8:87:F3:61:41:B4:BB:01:9D
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019E0E28D21E7882A3C71B9E892EE5413534
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/YPkt1jruYotHGMDoh_NhQbS7AZ0.roa
Signing time:             Sat 09 May 2026 19:13:36 +0000
ROA not before:           Sat 09 May 2026 19:13:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400536
IP address blocks:        87.58.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:0e:28:d2:1e:78:82:a3:c7:1b:9e:89:2e:e5:41:35:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: May  9 19:13:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60f92dd63aee628b4718c0e887f36141b4bb019d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:8b:39:e6:3c:bd:e9:64:2b:bf:d9:7d:fc:f4:
                    ef:96:fe:10:cd:a6:ed:5e:24:94:ea:c6:49:b8:cd:
                    b2:7e:9f:e7:cc:be:c5:24:20:84:58:9d:48:f3:89:
                    f1:ba:86:ad:24:e0:a6:d2:19:e5:e1:16:8b:52:52:
                    77:81:fe:06:e6:d8:d5:9c:9b:a9:f6:54:bf:11:e3:
                    fe:29:b4:47:54:96:53:fd:78:bd:35:e9:84:b8:51:
                    5d:e7:79:d8:b8:72:f1:57:de:95:6a:68:52:94:db:
                    d1:a6:ed:2f:86:19:ab:33:52:7a:f8:21:2f:2e:4a:
                    0d:d1:7c:48:08:9a:09:81:86:57:d9:2a:42:2d:a7:
                    d0:39:17:24:1b:5a:c1:3a:13:96:70:92:f1:4b:f6:
                    4a:1b:09:c5:f1:89:4f:6c:4c:c1:2a:05:eb:cb:ba:
                    58:29:7d:55:ed:e0:d5:e8:f4:e3:3a:69:88:66:14:
                    a1:43:c1:43:80:a7:6a:92:10:91:0b:ca:c3:b3:f3:
                    70:08:c9:48:7b:56:d6:97:0f:35:83:a1:d4:3e:f3:
                    03:ea:7e:4b:d5:80:2e:b3:dc:4f:af:7c:bd:9b:b9:
                    f9:36:ff:4b:e0:bb:b2:ce:6d:fd:14:c1:37:36:9f:
                    e8:28:51:b7:6d:dd:ac:23:5b:88:c4:a5:65:f8:9d:
                    87:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:F9:2D:D6:3A:EE:62:8B:47:18:C0:E8:87:F3:61:41:B4:BB:01:9D
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/YPkt1jruYotHGMDoh_NhQbS7AZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.58.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:82:65:a2:09:07:0c:25:cc:8d:94:aa:57:8e:71:f8:9c:4f:
         42:e4:cc:79:db:8c:fb:a9:c7:9c:ee:47:10:ee:cd:07:e4:51:
         86:9e:35:89:38:bd:14:93:16:dc:18:c8:73:d9:d9:1c:da:22:
         d3:2b:2d:9d:51:f8:d5:33:00:29:ef:3f:f9:08:40:14:d4:28:
         c2:f1:9a:d6:30:13:18:fd:ba:9a:bc:57:39:c6:35:ce:53:0c:
         c9:f7:e2:dd:54:59:d5:dc:92:d2:60:f3:56:09:9b:34:66:a8:
         6c:45:24:6f:19:e0:8c:8d:db:fd:45:c8:ae:b0:19:e1:f7:a6:
         e8:86:23:0b:9e:5b:bc:c9:b5:37:77:f4:44:e3:aa:63:be:c1:
         4d:e4:ec:8d:70:28:16:a6:ea:20:d1:3a:96:b2:f1:9f:6d:b7:
         42:ce:fc:60:eb:07:ef:67:cb:8c:63:35:28:91:0e:1e:c5:ae:
         58:7c:55:fa:f7:b3:57:0c:63:20:b3:98:ac:2f:32:3b:d3:0a:
         8e:4c:67:6c:57:41:8c:4b:9f:5f:b0:6d:13:4b:92:56:b7:b0:
         92:34:aa:a6:73:d1:ca:bb:ed:78:13:dc:73:1c:32:76:49:5b:
         60:cd:4c:ce:05:3e:5a:65:60:a0:ef:c5:63:96:b6:88:b8:ea:
         bf:d3:43:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4OKNIeeIKjxxueiS7lQTU0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNTA5MTkxMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGY5MmRkNjNhZWU2MjhiNDcxOGMwZTg4N2YzNjE0MWI0YmIwMTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsos55jy96WQrv9l9/PTvlv4Qzabt
XiSU6sZJuM2yfp/nzL7FJCCEWJ1I84nxuoatJOCm0hnl4RaLUlJ3gf4G5tjVnJup
9lS/EeP+KbRHVJZT/Xi9NemEuFFd53nYuHLxV96VamhSlNvRpu0vhhmrM1J6+CEv
LkoN0XxICJoJgYZX2SpCLafQORckG1rBOhOWcJLxS/ZKGwnF8YlPbEzBKgXry7pY
KX1V7eDV6PTjOmmIZhShQ8FDgKdqkhCRC8rDs/NwCMlIe1bWlw81g6HUPvMD6n5L
1YAus9xPr3y9m7n5Nv9L4Luyzm39FME3Np/oKFG3bd2sI1uIxKVl+J2HqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGD5LdY67mKLRxjA6IfzYUG0uwGdMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvWVBrdDFqcnVZb3RIR01Eb2hfTmhRYlM3QVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVzrZMA0G
CSqGSIb3DQEBCwUAA4IBAQBOgmWiCQcMJcyNlKpXjnH4nE9C5Mx524z7qcec7kcQ
7s0H5FGGnjWJOL0UkxbcGMhz2dkc2iLTKy2dUfjVMwAp7z/5CEAU1CjC8ZrWMBMY
/bqavFc5xjXOUwzJ9+LdVFnV3JLSYPNWCZs0ZqhsRSRvGeCMjdv9RciusBnh96bo
hiMLnlu8ybU3d/RE46pjvsFN5OyNcCgWpuog0TqWsvGfbbdCzvxg6wfvZ8uMYzUo
kQ4exa5YfFX697NXDGMgs5isLzI70wqOTGdsV0GMS59fsG0TS5JWt7CSNKqmc9HK
u+14E9xzHDJ2SVtgzUzOBT5aZWCg78VjlraIuOq/00MP
-----END CERTIFICATE-----