Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/vV3qztAuySxmj_M4LrWPYFeYHG4.roa
File:                     vV3qztAuySxmj_M4LrWPYFeYHG4.roa (raw, json)
Hash identifier:          UvLOMR+InrN8lr21tIq0j8f9KmRpU/O5MOk27aa9JN8=
Subject key identifier:   BD:5D:EA:CE:D0:2E:C9:2C:66:8F:F3:38:2E:B5:8F:60:57:98:1C:6E
Certificate issuer:       /CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
Certificate serial:       019CADEAB86C0696F0BF7179E7C04A8C5BFE
Authority key identifier: 30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/vV3qztAuySxmj_M4LrWPYFeYHG4.roa
Signing time:             Mon 02 Mar 2026 09:39:26 +0000
ROA not before:           Mon 02 Mar 2026 09:39:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26769
IP address blocks:        185.87.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 14:20:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ad:ea:b8:6c:06:96:f0:bf:71:79:e7:c0:4a:8c:5b:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
        Validity
            Not Before: Mar  2 09:39:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd5deaced02ec92c668ff3382eb58f6057981c6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:3c:c3:07:b4:f6:14:53:8d:59:0f:3c:18:76:
                    b3:52:55:fd:13:57:e3:e7:5b:a1:6d:8f:d5:d5:91:
                    ce:8a:6f:a5:7b:7d:6a:27:b8:c9:f1:af:78:d5:b8:
                    f5:47:59:1a:34:3b:16:85:9f:21:3a:ea:51:8a:fe:
                    3a:b3:d6:ec:2b:ed:2e:e0:d4:0e:2d:f2:11:96:a3:
                    e3:1c:8a:ac:92:30:d6:f9:1b:a8:ac:5f:f6:b1:49:
                    33:9d:49:44:3b:5a:2b:c9:ab:08:74:21:1e:da:26:
                    38:cb:ec:45:8d:3c:14:1f:42:de:f5:22:d4:90:c1:
                    7e:67:fa:bf:e9:47:d4:6c:82:77:2d:80:89:24:e4:
                    23:21:69:b6:a8:bc:c1:08:b3:21:d2:6b:d7:09:54:
                    7c:e5:62:bf:d2:5e:95:4b:35:f9:b1:40:3a:a6:1d:
                    b6:5f:32:dc:a7:c1:53:66:d1:76:dd:4c:9c:7b:61:
                    04:ef:c6:ed:8c:ab:52:6f:28:2d:4f:4f:7a:ef:75:
                    6c:a9:93:a8:b4:d4:91:8a:14:aa:e4:a3:6c:eb:6c:
                    1e:d0:36:89:20:7b:c6:27:5a:6a:f2:fc:8c:a9:1a:
                    63:7d:b8:61:52:43:91:93:4c:6c:14:92:47:4e:a0:
                    e2:d7:4e:ee:7a:48:a1:c0:63:e6:4b:0b:0f:25:59:
                    5f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:5D:EA:CE:D0:2E:C9:2C:66:8F:F3:38:2E:B5:8F:60:57:98:1C:6E
            X509v3 Authority Key Identifier:
                keyid:30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/vV3qztAuySxmj_M4LrWPYFeYHG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:6f:ee:d0:7b:cd:9d:34:a9:ef:55:fd:4d:07:ed:a9:c2:5d:
         f5:15:67:c4:9f:88:d9:7e:69:4e:d9:a2:c5:97:b7:72:49:fb:
         85:3c:5d:1a:64:35:68:18:ae:f4:2d:a8:42:35:48:8c:6e:01:
         76:e2:d8:65:93:30:08:92:91:02:5c:05:0b:15:89:0e:0a:05:
         56:0a:71:25:05:4f:2f:f0:6d:f4:32:da:a8:67:0e:59:cb:ce:
         8e:54:e1:af:a0:58:54:3e:3e:58:7d:7a:da:92:64:25:09:74:
         7e:5d:38:d8:9c:2c:d6:16:e0:9f:18:8b:ed:f5:a0:6a:21:3e:
         20:70:6a:20:c9:8a:18:1a:6e:05:e9:25:9f:23:3d:e8:08:77:
         2c:d1:1b:55:35:10:92:e0:3f:17:4c:ce:68:16:33:82:ef:72:
         cc:4d:7c:20:3b:b5:b2:88:fe:3a:15:aa:cf:e8:60:c7:0a:c8:
         c6:d3:35:a6:46:21:8e:2a:24:ca:ae:2a:a9:50:61:75:df:3f:
         bf:f0:68:7e:7e:0e:d5:38:37:11:7c:fd:dc:f3:42:bf:7c:d3:
         41:86:e2:e5:bf:ba:2c:01:08:b8:a4:77:ba:d7:54:d2:fc:40:
         18:39:54:24:59:df:ff:45:99:b6:19:92:4e:08:79:48:eb:10:
         74:eb:3a:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyt6rhsBpbwv3F558BKjFv+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjdhNjMxYmI2NzM4ZWI2OGJiNmVhNmM0MjRlZjRhN2Qx
NGMzY2IwHhcNMjYwMzAyMDkzOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDVkZWFjZWQwMmVjOTJjNjY4ZmYzMzgyZWI1OGY2MDU3OTgxYzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzzDB7T2FFONWQ88GHazUlX9E1fj
51uhbY/V1ZHOim+le31qJ7jJ8a941bj1R1kaNDsWhZ8hOupRiv46s9bsK+0u4NQO
LfIRlqPjHIqskjDW+RuorF/2sUkznUlEO1oryasIdCEe2iY4y+xFjTwUH0Le9SLU
kMF+Z/q/6UfUbIJ3LYCJJOQjIWm2qLzBCLMh0mvXCVR85WK/0l6VSzX5sUA6ph22
XzLcp8FTZtF23Uyce2EE78btjKtSbygtT09673VsqZOotNSRihSq5KNs62we0DaJ
IHvGJ1pq8vyMqRpjfbhhUkORk0xsFJJHTqDi107uekihwGPmSwsPJVlfywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1d6s7QLsksZo/zOC61j2BXmBxuMB8GA1UdIwQY
MBaAFDAnpjG7ZzjraLtupsQk70p9FMPLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYt
MWRkNmQyODFjODhhLzEvdlYzcXp0QXV5U3htal9NNExyV1BZRmVZSEc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYtMWRkNmQyODFjODhh
LzEvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVc7MA0G
CSqGSIb3DQEBCwUAA4IBAQBpb+7Qe82dNKnvVf1NB+2pwl31FWfEn4jZfmlO2aLF
l7dySfuFPF0aZDVoGK70LahCNUiMbgF24thlkzAIkpECXAULFYkOCgVWCnElBU8v
8G30MtqoZw5Zy86OVOGvoFhUPj5YfXrakmQlCXR+XTjYnCzWFuCfGIvt9aBqIT4g
cGogyYoYGm4F6SWfIz3oCHcs0RtVNRCS4D8XTM5oFjOC73LMTXwgO7WyiP46FarP
6GDHCsjG0zWmRiGOKiTKriqpUGF13z+/8Gh+fg7VODcRfP3c80K/fNNBhuLlv7os
AQi4pHe611TS/EAYOVQkWd//RZm2GZJOCHlI6xB06zpH
-----END CERTIFICATE-----