Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/AEisFAMg_EvbWtTF2Rs_CbnG4Bw.roa
File:                     AEisFAMg_EvbWtTF2Rs_CbnG4Bw.roa (raw, json)
Hash identifier:          eO0j+pE4bdrVcFDVR46BcWOs7/gZ01+5PEaWgxXd82s=
Subject key identifier:   00:48:AC:14:03:20:FC:4B:DB:5A:D4:C5:D9:1B:3F:09:B9:C6:E0:1C
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019D687DAE0D3B3A5B3BEF329518E1A899F7
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/AEisFAMg_EvbWtTF2Rs_CbnG4Bw.roa
Signing time:             Tue 07 Apr 2026 15:09:20 +0000
ROA not before:           Tue 07 Apr 2026 15:09:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402187
IP address blocks:        87.232.113.0/24 maxlen: 24
                          87.232.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 Apr 2026 20:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:68:7d:ae:0d:3b:3a:5b:3b:ef:32:95:18:e1:a8:99:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Apr  7 15:09:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0048ac140320fc4bdb5ad4c5d91b3f09b9c6e01c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:1e:80:fe:81:2d:25:67:d7:97:18:9c:44:d8:
                    45:75:a3:4e:70:7e:45:51:61:62:12:0c:de:34:a0:
                    eb:23:67:ed:ed:b5:43:dc:40:ce:47:3e:bb:bf:cc:
                    13:9c:bc:a6:a2:df:43:45:8c:11:9a:f9:c4:23:6b:
                    3e:0a:c1:17:48:f7:19:dc:ac:2c:7e:17:62:c4:cc:
                    a1:16:1b:6e:7a:0a:52:61:5b:d1:81:60:3a:73:af:
                    07:29:03:f0:25:ce:cc:3f:f2:86:4b:89:f4:3a:5f:
                    47:61:2c:b5:a6:6d:d0:18:97:96:15:27:99:c3:1a:
                    16:da:3b:3b:35:11:a0:3f:fd:b3:63:64:75:20:e8:
                    30:34:6c:a7:71:ca:d9:2f:04:23:be:24:89:41:d0:
                    79:72:0f:75:08:c6:e7:51:a2:cf:92:4e:af:7e:e1:
                    33:66:d4:93:cc:54:53:ac:89:2a:31:21:55:2c:eb:
                    05:c4:d2:e7:f3:8a:ed:b4:36:62:c0:74:0e:3b:c4:
                    00:ef:3a:2b:8f:ef:b7:eb:ac:db:df:2d:d5:e4:7c:
                    db:c0:f4:39:53:38:b8:06:47:1d:09:9f:f6:e4:a0:
                    64:af:dd:f9:29:d4:53:02:2c:30:8f:96:95:3c:e6:
                    c5:10:50:1c:4f:b1:46:50:db:a6:cd:1f:c0:14:2e:
                    95:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:48:AC:14:03:20:FC:4B:DB:5A:D4:C5:D9:1B:3F:09:B9:C6:E0:1C
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/AEisFAMg_EvbWtTF2Rs_CbnG4Bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.113.0/24
                  87.232.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:c6:b6:f3:6a:34:2c:f2:9c:c4:6f:84:46:07:9b:d4:7b:55:
         4e:85:d9:80:26:37:f0:94:78:18:2e:ca:24:37:55:40:e4:61:
         2a:ac:b0:8c:23:15:b1:f7:84:7a:5e:99:19:9b:8b:a9:72:46:
         df:38:4d:7e:40:83:cf:ac:fc:41:69:c1:36:77:40:18:49:02:
         d1:73:06:c8:0b:29:5d:a1:90:23:8c:cd:9e:99:ee:a2:af:1f:
         59:d9:0d:bb:ba:7d:a7:4b:e0:83:a3:3b:a0:21:5d:af:19:3b:
         6b:18:d1:71:65:2e:5b:c0:41:e8:52:72:6a:5c:7e:1d:7c:50:
         7e:b9:e6:c4:48:4b:1d:79:a2:32:80:56:31:fe:22:53:25:18:
         a0:b9:0f:6b:c7:2b:88:c1:bf:58:f3:2c:13:23:bc:1d:4b:f0:
         07:ec:65:e5:74:62:5a:a8:54:0b:5f:b5:b3:63:8e:5b:12:ee:
         20:b3:ba:9f:31:f4:da:d1:0e:55:c5:fc:59:17:35:bd:1a:d8:
         e2:ae:b7:4b:4b:b9:86:de:54:8b:95:73:6e:47:4d:ec:dc:e8:
         9c:25:56:5c:a0:ce:ad:77:e6:01:50:08:72:29:1c:85:d6:66:
         84:11:af:65:4b:38:86:db:79:27:2d:6e:bd:0c:96:b7:f5:32:
         83:f6:3c:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1ofa4NOzpbO+8ylRjhqJn3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNDA3MTUwOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDQ4YWMxNDAzMjBmYzRiZGI1YWQ0YzVkOTFiM2YwOWI5YzZlMDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAux6A/oEtJWfXlxicRNhFdaNOcH5F
UWFiEgzeNKDrI2ft7bVD3EDORz67v8wTnLymot9DRYwRmvnEI2s+CsEXSPcZ3Kws
fhdixMyhFhtuegpSYVvRgWA6c68HKQPwJc7MP/KGS4n0Ol9HYSy1pm3QGJeWFSeZ
wxoW2js7NRGgP/2zY2R1IOgwNGynccrZLwQjviSJQdB5cg91CMbnUaLPkk6vfuEz
ZtSTzFRTrIkqMSFVLOsFxNLn84rttDZiwHQOO8QA7zorj++366zb3y3V5HzbwPQ5
Uzi4BkcdCZ/25KBkr935KdRTAiwwj5aVPObFEFAcT7FGUNumzR/AFC6VwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFABIrBQDIPxL21rUxdkbPwm5xuAcMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvQUVpc0ZBTWdfRXZiV3RURjJSc19DYm5HNEJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV+hxAwQA
V+h7MA0GCSqGSIb3DQEBCwUAA4IBAQAhxrbzajQs8pzEb4RGB5vUe1VOhdmAJjfw
lHgYLsokN1VA5GEqrLCMIxWx94R6XpkZm4upckbfOE1+QIPPrPxBacE2d0AYSQLR
cwbICyldoZAjjM2eme6irx9Z2Q27un2nS+CDozugIV2vGTtrGNFxZS5bwEHoUnJq
XH4dfFB+uebESEsdeaIygFYx/iJTJRiguQ9rxyuIwb9Y8ywTI7wdS/AH7GXldGJa
qFQLX7WzY45bEu4gs7qfMfTa0Q5VxfxZFzW9GtjirrdLS7mG3lSLlXNuR03s3Oic
JVZcoM6td+YBUAhyKRyF1maEEa9lSziG23knLW69DJa39TKD9jzN
-----END CERTIFICATE-----