Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/p_9z-cM8Rga_7QiwTIC7S2NXIVM.roa
File:                     p_9z-cM8Rga_7QiwTIC7S2NXIVM.roa (raw, json)
Hash identifier:          CDOXjPavZstrynB7vCBl3xJ2mtnkEBYNuiEl7eoeVrg=
Subject key identifier:   A7:FF:73:F9:C3:3C:46:06:BF:ED:08:B0:4C:80:BB:4B:63:57:21:53
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019E079700F8F4676206BDE6E042119A7799
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/p_9z-cM8Rga_7QiwTIC7S2NXIVM.roa
Signing time:             Fri 08 May 2026 12:36:37 +0000
ROA not before:           Fri 08 May 2026 12:36:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135392
IP address blocks:        87.58.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:07:97:00:f8:f4:67:62:06:bd:e6:e0:42:11:9a:77:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: May  8 12:36:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a7ff73f9c33c4606bfed08b04c80bb4b63572153
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:2b:bc:e6:3f:cd:de:e9:05:1d:85:d6:00:3b:
                    96:da:9c:24:d3:00:35:59:a1:0d:51:68:6d:78:18:
                    18:33:3a:45:c9:e5:99:8c:d2:46:51:c4:bc:89:7d:
                    4b:9f:c1:c1:9c:24:a9:f8:a8:33:f0:87:b4:83:ce:
                    6d:ee:71:5a:9d:80:7d:10:bf:42:3c:7f:58:c7:64:
                    b9:c2:2a:f6:fb:b0:e5:ff:47:24:ce:90:85:81:e9:
                    6c:54:f9:b0:5c:5c:a9:3e:ac:ac:94:65:f2:79:fa:
                    65:47:8c:84:7c:7d:fd:a3:dd:48:2e:42:80:00:66:
                    bb:5d:5d:29:e3:5f:b1:69:5a:24:e6:bb:07:6e:07:
                    a4:7d:15:ae:33:2a:55:f7:8c:18:b4:13:fa:9e:4b:
                    53:97:57:39:b3:0a:52:a2:2d:9d:c7:77:25:b8:06:
                    03:ce:e3:04:f3:e8:b0:a3:22:63:17:d4:02:b7:99:
                    22:de:fb:f5:bf:18:1b:8c:31:b9:b7:30:91:96:56:
                    5b:b4:f5:67:05:4f:07:4e:83:bf:93:fb:1c:ff:67:
                    c1:e8:6c:15:f1:25:cb:1f:91:90:e8:e1:c4:6a:45:
                    4e:32:f1:89:45:15:c4:ed:d0:30:1f:19:a2:47:6e:
                    6b:4e:1c:c4:e7:db:90:17:79:d1:39:a7:ba:9d:40:
                    59:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:FF:73:F9:C3:3C:46:06:BF:ED:08:B0:4C:80:BB:4B:63:57:21:53
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/p_9z-cM8Rga_7QiwTIC7S2NXIVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.58.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:26:7e:ab:41:cc:7d:01:3f:5c:b8:e1:f1:aa:2e:e4:f0:df:
         83:7a:be:47:3e:8e:ff:c9:cd:c5:b7:6d:95:5d:b9:80:a4:6f:
         60:cb:35:c2:8b:e8:8f:90:90:76:01:39:f8:3e:a3:df:f9:a2:
         05:f4:0f:51:a0:63:d2:73:b3:9b:04:e7:10:1b:fe:6e:a8:e0:
         7f:1e:60:b1:1a:ed:b8:28:85:f9:10:38:49:85:9a:e1:64:dd:
         bb:b9:fd:d3:f7:38:24:21:60:58:5a:4a:7a:a6:d8:5d:7a:8c:
         c0:19:c9:a7:ba:b5:19:07:18:0f:fe:63:22:ff:21:8b:9f:99:
         19:a7:69:88:25:56:d3:d4:bf:ec:47:8e:4f:f7:92:55:a9:89:
         15:4f:2b:2f:00:e7:28:c3:4f:6c:f8:98:7e:a8:c3:24:5d:8c:
         f4:69:d8:a3:33:dc:ed:98:11:28:fe:d5:3b:4a:67:04:fb:e2:
         25:d0:7c:ec:3a:df:85:8d:62:4d:54:63:d1:c6:55:4d:b4:e0:
         da:65:f7:4d:ef:93:85:a2:0a:69:0f:86:e3:a2:9e:77:93:d2:
         8e:10:5b:3f:6c:eb:b6:d1:66:9a:df:b2:6c:b4:6b:88:9c:60:
         91:7e:6b:15:db:a0:f3:e4:66:7e:27:d6:98:50:fd:bd:8a:d5:
         e2:bf:ce:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4HlwD49GdiBr3m4EIRmneZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNTA4MTIzNjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2ZmNzNmOWMzM2M0NjA2YmZlZDA4YjA0YzgwYmI0YjYzNTcyMTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSu85j/N3ukFHYXWADuW2pwk0wA1
WaENUWhteBgYMzpFyeWZjNJGUcS8iX1Ln8HBnCSp+Kgz8Ie0g85t7nFanYB9EL9C
PH9Yx2S5wir2+7Dl/0ckzpCFgelsVPmwXFypPqyslGXyefplR4yEfH39o91ILkKA
AGa7XV0p41+xaVok5rsHbgekfRWuMypV94wYtBP6nktTl1c5swpSoi2dx3cluAYD
zuME8+iwoyJjF9QCt5ki3vv1vxgbjDG5tzCRllZbtPVnBU8HToO/k/sc/2fB6GwV
8SXLH5GQ6OHEakVOMvGJRRXE7dAwHxmiR25rThzE59uQF3nROae6nUBZQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKf/c/nDPEYGv+0IsEyAu0tjVyFTMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvcF85ei1jTThSZ2FfN1Fpd1RJQzdTMk5YSVZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVzrCMA0G
CSqGSIb3DQEBCwUAA4IBAQCIJn6rQcx9AT9cuOHxqi7k8N+Der5HPo7/yc3Ft22V
XbmApG9gyzXCi+iPkJB2ATn4PqPf+aIF9A9RoGPSc7ObBOcQG/5uqOB/HmCxGu24
KIX5EDhJhZrhZN27uf3T9zgkIWBYWkp6pthdeozAGcmnurUZBxgP/mMi/yGLn5kZ
p2mIJVbT1L/sR45P95JVqYkVTysvAOcow09s+Jh+qMMkXYz0adijM9ztmBEo/tU7
SmcE++Il0HzsOt+FjWJNVGPRxlVNtODaZfdN75OFogppD4bjop53k9KOEFs/bOu2
0Waa37JstGuInGCRfmsV26Dz5GZ+J9aYUP29itXiv840
-----END CERTIFICATE-----