Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/RyYxMlB-2xBOFZFyHXn05_190ec.roa
File:                     RyYxMlB-2xBOFZFyHXn05_190ec.roa (raw, json)
Hash identifier:          IR3uAfDegzF1xwd0PJjtvstW9r/lPg5MaTRN1a8qaMU=
Subject key identifier:   47:26:31:32:50:7E:DB:10:4E:15:91:72:1D:79:F4:E7:FD:7D:D1:E7
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019D78984CF32DD4751E1C9E46F82D43C278
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/RyYxMlB-2xBOFZFyHXn05_190ec.roa
Signing time:             Fri 10 Apr 2026 18:12:20 +0000
ROA not before:           Fri 10 Apr 2026 18:12:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207550
IP address blocks:        87.232.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 Apr 2026 20:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:78:98:4c:f3:2d:d4:75:1e:1c:9e:46:f8:2d:43:c2:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Apr 10 18:12:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=47263132507edb104e1591721d79f4e7fd7dd1e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:44:07:d5:6e:e8:f7:35:87:cf:c6:08:ac:25:
                    42:66:de:af:b4:f3:2e:06:7d:b3:fe:ab:d4:63:09:
                    1d:65:20:12:05:06:08:5c:27:c4:44:7d:45:e8:4b:
                    a2:1a:3b:25:56:4f:bc:ba:ba:d2:af:a6:51:eb:3b:
                    50:de:3c:76:74:8e:bd:c1:b3:40:b2:2a:a5:b3:c5:
                    eb:d9:76:02:74:f6:6a:db:69:e5:cf:57:6b:4d:35:
                    68:ad:97:7c:a7:6a:3d:26:8a:78:d2:8e:42:ea:71:
                    01:e8:a8:92:df:d0:4e:1e:e9:9c:6d:81:b5:49:27:
                    35:01:5f:cf:cc:1f:8c:cc:5e:98:e2:6a:a0:ce:ae:
                    c0:a7:0a:4b:35:cf:17:ce:ab:c2:90:f1:9f:6d:2c:
                    92:6e:1f:b3:a9:2d:4c:c3:ea:0d:40:0f:f6:08:fc:
                    f7:b1:85:11:16:67:3d:a3:aa:ca:e5:b6:a6:1b:2b:
                    87:e7:bb:c8:12:0b:e4:09:f4:e1:80:e5:d2:e7:03:
                    4c:0a:d8:4f:42:cb:0f:c5:64:82:43:ec:c7:88:39:
                    40:d7:f1:1e:01:70:a9:c0:b1:1f:07:36:fb:9f:a7:
                    7c:08:6e:9b:6b:ba:e8:b7:4b:ae:92:3d:72:8c:58:
                    45:09:02:6e:76:88:66:72:61:0e:6a:d4:b7:d1:8a:
                    b9:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:26:31:32:50:7E:DB:10:4E:15:91:72:1D:79:F4:E7:FD:7D:D1:E7
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/RyYxMlB-2xBOFZFyHXn05_190ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:db:95:ad:aa:d4:f4:26:a2:4c:37:86:3c:f7:0a:da:66:b4:
         c5:79:6e:37:45:3c:ed:bd:ce:08:ba:2c:10:81:e5:cf:fc:29:
         15:66:99:01:3f:e8:ac:ce:e9:00:df:6d:25:b9:3b:34:fc:7e:
         d8:13:ee:03:32:8f:2b:32:d7:a3:56:66:dc:a3:d1:de:80:c2:
         e2:5a:d4:14:e0:db:01:1d:69:f4:af:20:64:88:e6:e5:04:75:
         ed:a9:1d:39:60:70:4e:06:be:22:fc:81:d2:12:01:e6:d3:cd:
         71:60:13:9b:37:3e:54:ee:27:58:52:64:4b:9a:8d:e1:f4:d3:
         57:b3:43:a7:b0:43:f9:70:b2:a5:43:f7:02:57:72:13:27:42:
         9f:0a:6c:55:e0:f6:67:46:43:2d:f0:8b:b4:9f:b2:cd:51:f3:
         91:0e:8b:b7:98:39:a8:dd:d3:38:74:9d:cf:a8:03:80:e8:dc:
         57:c2:86:3b:ee:bd:fb:5d:74:b8:ec:28:78:ba:10:5f:db:16:
         97:44:54:7e:d9:9f:16:96:c0:f4:e5:55:99:22:4b:bf:bf:ad:
         85:d6:d1:10:9d:9c:b7:24:5f:4f:2d:24:f3:10:13:9b:70:57:
         9e:d5:74:71:53:c8:54:63:2a:43:8a:bb:98:94:54:c7:e4:9d:
         2d:a7:9b:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ14mEzzLdR1HhyeRvgtQ8J4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNDEwMTgxMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzI2MzEzMjUwN2VkYjEwNGUxNTkxNzIxZDc5ZjRlN2ZkN2RkMWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEQH1W7o9zWHz8YIrCVCZt6vtPMu
Bn2z/qvUYwkdZSASBQYIXCfERH1F6EuiGjslVk+8urrSr6ZR6ztQ3jx2dI69wbNA
siqls8Xr2XYCdPZq22nlz1drTTVorZd8p2o9Jop40o5C6nEB6KiS39BOHumcbYG1
SSc1AV/PzB+MzF6Y4mqgzq7ApwpLNc8XzqvCkPGfbSySbh+zqS1Mw+oNQA/2CPz3
sYURFmc9o6rK5bamGyuH57vIEgvkCfThgOXS5wNMCthPQssPxWSCQ+zHiDlA1/Ee
AXCpwLEfBzb7n6d8CG6ba7rot0uukj1yjFhFCQJudohmcmEOatS30Yq5jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEcmMTJQftsQThWRch159Of9fdHnMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvUnlZeE1sQi0yeEJPRlpGeUhYbjA1XzE5MGVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+h3MA0G
CSqGSIb3DQEBCwUAA4IBAQCT25WtqtT0JqJMN4Y89wraZrTFeW43RTztvc4IuiwQ
geXP/CkVZpkBP+iszukA320luTs0/H7YE+4DMo8rMtejVmbco9HegMLiWtQU4NsB
HWn0ryBkiOblBHXtqR05YHBOBr4i/IHSEgHm081xYBObNz5U7idYUmRLmo3h9NNX
s0OnsEP5cLKlQ/cCV3ITJ0KfCmxV4PZnRkMt8Iu0n7LNUfORDou3mDmo3dM4dJ3P
qAOA6NxXwoY77r37XXS47Ch4uhBf2xaXRFR+2Z8WlsD05VWZIku/v62F1tEQnZy3
JF9PLSTzEBObcFee1XRxU8hUYypDiruYlFTH5J0tp5tF
-----END CERTIFICATE-----