Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/DqXn_J_EuMzTk5HqPRikQkwRqHw.roa
File:                     DqXn_J_EuMzTk5HqPRikQkwRqHw.roa (raw, json)
Hash identifier:          VEz7fJK4evko6wheJJ5wfj/YFEGNYI7CH9dE7TXWmX0=
Subject key identifier:   0E:A5:E7:FC:9F:C4:B8:CC:D3:93:91:EA:3D:18:A4:42:4C:11:A8:7C
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019D789BF63F6DBF7CFF7DCBEEDBA4351B5B
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/DqXn_J_EuMzTk5HqPRikQkwRqHw.roa
Signing time:             Fri 10 Apr 2026 18:16:20 +0000
ROA not before:           Fri 10 Apr 2026 18:16:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214432
IP address blocks:        87.232.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 Apr 2026 20:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:78:9b:f6:3f:6d:bf:7c:ff:7d:cb:ee:db:a4:35:1b:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Apr 10 18:16:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ea5e7fc9fc4b8ccd39391ea3d18a4424c11a87c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:fe:4b:f4:86:b1:3e:28:80:71:d2:a0:b0:f8:
                    9f:25:20:1b:65:69:f3:4b:df:19:bb:b3:f5:54:3f:
                    ca:8f:8e:77:48:aa:53:09:a2:70:ce:14:e2:dc:b6:
                    eb:df:46:f0:59:05:50:83:c7:92:30:36:11:c5:f7:
                    68:a8:95:c3:7f:82:a9:08:a0:30:5c:2e:77:e5:bf:
                    f4:88:29:04:e0:72:e1:3c:13:d5:27:fe:70:16:d8:
                    c9:ab:b1:a9:66:be:93:35:7d:d1:00:8b:d3:6d:45:
                    78:4c:69:94:a9:d1:dd:81:26:84:2e:ff:7b:c2:a8:
                    a3:e0:e1:49:1c:94:c3:d6:f5:f2:f1:53:4a:66:08:
                    b8:ed:46:d6:46:35:d5:ce:e9:e0:f0:2c:63:91:26:
                    08:14:3c:cc:8c:3f:f8:ac:49:62:99:01:a8:23:30:
                    45:ec:a1:ee:af:d5:11:15:09:67:e0:a4:d5:db:54:
                    af:06:7d:5f:e6:2e:d5:46:3c:ae:c0:b9:69:d2:96:
                    0f:6e:5b:d3:04:99:f7:93:ed:73:b4:ed:0b:0f:bc:
                    ed:1c:e8:81:8e:29:8b:e0:18:cf:d1:2c:db:95:aa:
                    1d:79:64:99:4a:63:53:d8:d6:ab:3a:89:5c:77:6a:
                    9a:80:c8:37:b7:d2:e6:e4:5a:88:52:80:78:76:9b:
                    31:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:A5:E7:FC:9F:C4:B8:CC:D3:93:91:EA:3D:18:A4:42:4C:11:A8:7C
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/DqXn_J_EuMzTk5HqPRikQkwRqHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:02:ff:80:6c:72:a9:d2:50:b4:a9:75:42:39:f6:6e:ac:22:
         2b:2e:5b:55:07:86:38:c2:06:df:40:bd:85:8f:9d:4a:f9:22:
         a2:39:27:4a:72:9f:8c:39:ff:f3:78:a6:1c:eb:e7:34:a4:c5:
         97:4f:bf:34:97:47:d9:07:5b:4e:f6:63:b5:29:8e:97:ec:c1:
         75:97:56:9e:97:1e:f5:c7:66:61:ac:a1:6b:b6:66:07:ec:3b:
         66:70:84:30:1b:83:d8:df:39:f1:7d:cb:5f:a6:b9:d9:0c:c4:
         52:f6:2d:1a:29:3d:e7:07:ca:05:9b:1f:78:e5:23:57:62:33:
         74:40:b7:37:27:da:3b:3c:af:4a:9b:69:2d:28:6d:6a:af:39:
         48:02:ac:f0:f1:fb:15:36:2d:f6:99:95:46:48:03:a6:2b:8e:
         13:29:62:6a:88:49:cb:9e:80:c9:82:ad:0d:e6:9c:59:99:50:
         ac:46:13:29:6b:10:86:26:4e:9e:09:75:93:1e:19:ce:a4:a1:
         1d:10:af:f3:4b:0f:ec:d8:81:62:9b:14:ab:0d:a1:21:30:87:
         88:1a:90:e9:77:52:4f:47:5d:0c:58:e9:7d:36:52:6a:65:c7:
         75:e7:a8:f5:f0:26:ce:cc:a6:c0:84:99:0c:2e:41:fa:10:ab:
         fc:f2:c4:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ14m/Y/bb98/33L7tukNRtbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNDEwMTgxNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWE1ZTdmYzlmYzRiOGNjZDM5MzkxZWEzZDE4YTQ0MjRjMTFhODdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxP5L9IaxPiiAcdKgsPifJSAbZWnz
S98Zu7P1VD/Kj453SKpTCaJwzhTi3Lbr30bwWQVQg8eSMDYRxfdoqJXDf4KpCKAw
XC535b/0iCkE4HLhPBPVJ/5wFtjJq7GpZr6TNX3RAIvTbUV4TGmUqdHdgSaELv97
wqij4OFJHJTD1vXy8VNKZgi47UbWRjXVzung8CxjkSYIFDzMjD/4rElimQGoIzBF
7KHur9URFQln4KTV21SvBn1f5i7VRjyuwLlp0pYPblvTBJn3k+1ztO0LD7ztHOiB
jimL4BjP0SzblaodeWSZSmNT2NarOolcd2qagMg3t9Lm5FqIUoB4dpsx5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6l5/yfxLjM05OR6j0YpEJMEah8MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvRHFYbl9KX0V1TXpUazVIcVBSaWtRa3dScUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+h0MA0G
CSqGSIb3DQEBCwUAA4IBAQC0Av+AbHKp0lC0qXVCOfZurCIrLltVB4Y4wgbfQL2F
j51K+SKiOSdKcp+MOf/zeKYc6+c0pMWXT780l0fZB1tO9mO1KY6X7MF1l1aelx71
x2ZhrKFrtmYH7DtmcIQwG4PY3znxfctfprnZDMRS9i0aKT3nB8oFmx945SNXYjN0
QLc3J9o7PK9Km2ktKG1qrzlIAqzw8fsVNi32mZVGSAOmK44TKWJqiEnLnoDJgq0N
5pxZmVCsRhMpaxCGJk6eCXWTHhnOpKEdEK/zSw/s2IFimxSrDaEhMIeIGpDpd1JP
R10MWOl9NlJqZcd156j18CbOzKbAhJkMLkH6EKv88sR0
-----END CERTIFICATE-----