Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/Rv7PLwLMue9XoMoQzU0Y7ibcBFI.roa
File:                     Rv7PLwLMue9XoMoQzU0Y7ibcBFI.roa (raw, json)
Hash identifier:          KTmtskHCqkx5XXQVeZWfJSJ/HkS8OZ3pfbVRisdKZJQ=
Subject key identifier:   46:FE:CF:2F:02:CC:B9:EF:57:A0:CA:10:CD:4D:18:EE:26:DC:04:52
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019E2327E21360EECA73306761D3D6A02CFD
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/Rv7PLwLMue9XoMoQzU0Y7ibcBFI.roa
Signing time:             Wed 13 May 2026 21:04:36 +0000
ROA not before:           Wed 13 May 2026 21:04:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198550
IP address blocks:        87.232.119.0/24 maxlen: 24
                          87.232.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:23:27:e2:13:60:ee:ca:73:30:67:61:d3:d6:a0:2c:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: May 13 21:04:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=46fecf2f02ccb9ef57a0ca10cd4d18ee26dc0452
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:0b:a9:ef:d7:c4:74:4a:9f:46:4d:f6:77:01:
                    0b:c1:7f:77:66:82:c4:23:23:32:19:40:09:7a:0f:
                    66:1f:aa:6d:1e:f2:b6:a5:7e:2b:93:85:a1:51:df:
                    34:34:aa:d4:51:c1:ad:fa:2b:40:78:f0:1f:07:08:
                    e7:fe:4e:f3:86:ba:e4:e9:75:fb:f5:8a:ad:d3:31:
                    cb:ce:6b:d9:fe:b7:51:01:a2:9f:d5:e1:98:cb:ce:
                    29:e3:49:16:17:ea:1e:c8:fd:37:59:9b:24:6e:12:
                    12:b8:82:87:8b:94:60:ee:06:fe:41:a0:e0:4d:ae:
                    e2:c6:8d:b9:da:7d:6a:0d:86:23:bd:2b:39:b1:c4:
                    e9:f0:00:65:8f:1c:08:32:af:e4:d7:f0:1f:df:71:
                    5a:df:c5:68:49:9f:b5:77:97:ee:94:18:e8:26:88:
                    ce:a8:6e:e1:3f:a9:3d:96:42:2c:53:7f:79:e9:d7:
                    bd:08:3e:6f:0f:58:12:de:cb:6e:c3:1e:d1:48:ae:
                    97:4e:f2:86:dc:64:66:a0:df:d0:16:2a:c8:44:87:
                    e8:1c:19:5d:6a:3d:3b:a3:f7:23:32:40:e4:02:e5:
                    a1:41:d1:bd:b0:1b:08:01:50:5c:98:33:e1:1b:29:
                    e3:e4:be:81:a1:18:95:43:56:76:14:a0:c6:37:65:
                    81:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:FE:CF:2F:02:CC:B9:EF:57:A0:CA:10:CD:4D:18:EE:26:DC:04:52
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/Rv7PLwLMue9XoMoQzU0Y7ibcBFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.119.0/24
                  87.232.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:f7:86:6f:b1:a1:fe:b8:e9:b9:01:d2:48:d2:bb:65:e4:e7:
         e5:d3:1e:6b:3e:45:9e:29:c8:47:b3:dc:00:51:3e:b2:a8:f9:
         07:e5:73:bd:cc:2e:36:67:a2:d7:43:cc:fb:f5:25:f2:0c:fe:
         61:1e:f3:de:ae:b3:54:bd:a8:75:73:50:a1:29:0b:b3:1e:6c:
         90:38:79:4d:19:89:35:34:8b:09:f9:1d:0a:c4:d0:d8:ee:0b:
         06:8c:7b:12:66:a4:61:90:b9:e2:89:8d:29:08:a7:bc:79:bb:
         4c:a5:95:8d:17:78:7d:12:b2:24:83:5b:5d:e0:93:c7:7d:aa:
         2a:04:72:bf:1f:1d:20:6a:25:ea:a4:1e:df:f1:1e:39:de:59:
         d5:9e:5f:1c:8c:bb:c6:1b:81:ea:56:3f:a2:12:30:83:80:d6:
         c5:1d:a2:63:4d:7e:3b:31:c2:45:73:02:06:e8:b8:c3:12:12:
         22:95:6f:03:6a:bb:5a:ca:81:ba:94:84:ea:de:82:65:24:1e:
         08:35:41:58:6f:61:28:a8:23:4b:1b:13:af:ec:9b:73:79:48:
         3f:76:34:c4:4a:80:7c:29:a2:33:6d:b2:57:21:de:c2:39:a4:
         b4:58:d0:f9:2b:9c:6c:d5:df:71:fe:bc:ff:b1:dc:e1:d2:0c:
         e5:12:5a:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4jJ+ITYO7KczBnYdPWoCz9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNTEzMjEwNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmZlY2YyZjAyY2NiOWVmNTdhMGNhMTBjZDRkMThlZTI2ZGMwNDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgup79fEdEqfRk32dwELwX93ZoLE
IyMyGUAJeg9mH6ptHvK2pX4rk4WhUd80NKrUUcGt+itAePAfBwjn/k7zhrrk6XX7
9Yqt0zHLzmvZ/rdRAaKf1eGYy84p40kWF+oeyP03WZskbhISuIKHi5Rg7gb+QaDg
Ta7ixo252n1qDYYjvSs5scTp8ABljxwIMq/k1/Af33Fa38VoSZ+1d5fulBjoJojO
qG7hP6k9lkIsU3956de9CD5vD1gS3stuwx7RSK6XTvKG3GRmoN/QFirIRIfoHBld
aj07o/cjMkDkAuWhQdG9sBsIAVBcmDPhGynj5L6BoRiVQ1Z2FKDGN2WB1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEb+zy8CzLnvV6DKEM1NGO4m3ARSMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvUnY3UEx3TE11ZTlYb01vUXpVMFk3aWJjQkZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV+h3AwQA
V+h7MA0GCSqGSIb3DQEBCwUAA4IBAQAe94ZvsaH+uOm5AdJI0rtl5Ofl0x5rPkWe
KchHs9wAUT6yqPkH5XO9zC42Z6LXQ8z79SXyDP5hHvPerrNUvah1c1ChKQuzHmyQ
OHlNGYk1NIsJ+R0KxNDY7gsGjHsSZqRhkLniiY0pCKe8ebtMpZWNF3h9ErIkg1td
4JPHfaoqBHK/Hx0gaiXqpB7f8R453lnVnl8cjLvGG4HqVj+iEjCDgNbFHaJjTX47
McJFcwIG6LjDEhIilW8DartayoG6lITq3oJlJB4INUFYb2EoqCNLGxOv7JtzeUg/
djTESoB8KaIzbbJXId7COaS0WND5K5xs1d9x/rz/sdzh0gzlElp9
-----END CERTIFICATE-----