Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/WSqrUHTnUSVvLZzNMol3FLgJAyw.roa
File:                     WSqrUHTnUSVvLZzNMol3FLgJAyw.roa (raw, json)
Hash identifier:          jLrRsJZ935OIndzmg3bPjLHRmUTwsJDNca52qwhEJJs=
Subject key identifier:   59:2A:AB:50:74:E7:51:25:6F:2D:9C:CD:32:89:77:14:B8:09:03:2C
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019DE421BC414001E0C1EB71F16AA5B3C648
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/WSqrUHTnUSVvLZzNMol3FLgJAyw.roa
Signing time:             Fri 01 May 2026 15:21:49 +0000
ROA not before:           Fri 01 May 2026 15:21:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203156
IP address blocks:        87.232.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 May 2026 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e4:21:bc:41:40:01:e0:c1:eb:71:f1:6a:a5:b3:c6:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: May  1 15:21:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=592aab5074e751256f2d9ccd32897714b809032c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4c:25:5d:3c:df:90:a9:ca:a3:1e:30:de:5e:
                    76:ec:dd:bf:b8:6f:f0:5b:3d:6f:7d:fa:45:1c:2e:
                    56:5e:bb:86:3e:dd:66:a9:22:e0:cd:7c:29:dc:90:
                    90:64:be:e3:10:b9:16:24:9d:ad:c3:13:57:24:1b:
                    5f:07:61:88:9e:c5:37:67:83:b1:ef:59:23:1b:6b:
                    16:c2:91:d0:84:1a:28:dd:ac:94:08:be:ed:4f:e9:
                    aa:b8:f5:01:42:c0:cd:6f:94:1c:8e:52:72:ac:d8:
                    bf:56:02:e6:46:61:2b:89:f4:b9:93:3a:91:c4:67:
                    2a:2c:eb:7e:fc:97:a6:e7:2f:2c:17:88:87:b3:75:
                    79:82:1d:70:12:8c:0b:72:97:81:87:45:ee:43:09:
                    76:33:35:21:11:58:d4:9f:74:ab:76:5f:a8:5b:42:
                    c7:25:ed:e1:da:b6:00:da:df:36:83:17:5f:da:36:
                    24:4c:28:cd:ad:88:27:78:53:bd:48:48:60:75:f4:
                    35:9d:fd:91:10:53:39:26:eb:43:41:be:29:c0:ea:
                    5e:36:1d:28:05:46:57:83:fd:15:c3:78:5b:dc:a2:
                    4e:71:b1:a6:20:83:c8:3f:96:91:aa:41:90:d0:c0:
                    2f:ba:b2:57:15:ff:d3:ad:4a:f4:c6:7b:88:d5:fe:
                    a8:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:2A:AB:50:74:E7:51:25:6F:2D:9C:CD:32:89:77:14:B8:09:03:2C
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/WSqrUHTnUSVvLZzNMol3FLgJAyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:86:bd:29:b1:6d:8d:87:73:cf:67:c6:65:05:72:b6:cf:79:
         c6:93:aa:f3:20:d0:5b:73:4f:c4:aa:c3:7e:1b:72:94:70:66:
         40:e3:60:e4:fe:08:31:4d:4f:fd:aa:31:0d:4e:5d:b7:18:1e:
         57:41:5b:be:27:52:41:23:a4:0b:03:bb:0d:24:c4:e0:9f:ce:
         63:b8:0c:fe:37:b2:e2:d9:bd:b9:64:9d:cd:0d:42:53:f8:2b:
         f6:2e:d8:16:ca:cf:d6:11:6c:69:4a:b2:75:69:0e:fe:0d:6f:
         cd:05:1f:13:d0:40:5d:87:a2:9a:a2:3d:be:c7:cb:78:5c:96:
         98:3d:15:51:79:d3:69:b9:60:c2:fe:96:92:df:47:6d:08:cd:
         af:44:de:3f:cb:81:5c:a8:e7:eb:c7:27:76:84:c1:25:d5:7e:
         37:ca:df:86:d6:11:ff:40:cd:df:95:c8:76:8d:78:08:1f:33:
         e3:7f:c2:c9:a2:18:85:78:10:6b:69:87:2a:d5:c9:65:43:85:
         a5:2e:8b:8b:01:cd:2f:09:f7:5b:8d:dc:4d:49:24:93:cc:c3:
         b8:f5:bc:6d:06:67:0d:38:c0:e3:f4:49:13:45:cc:f5:89:42:
         ef:99:49:68:2b:22:ca:d8:1c:15:fc:6b:ae:bd:4d:93:a6:c3:
         07:29:1b:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3kIbxBQAHgwetx8Wqls8ZIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNTAxMTUyMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTJhYWI1MDc0ZTc1MTI1NmYyZDljY2QzMjg5NzcxNGI4MDkwMzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEwlXTzfkKnKox4w3l527N2/uG/w
Wz1vffpFHC5WXruGPt1mqSLgzXwp3JCQZL7jELkWJJ2twxNXJBtfB2GInsU3Z4Ox
71kjG2sWwpHQhBoo3ayUCL7tT+mquPUBQsDNb5QcjlJyrNi/VgLmRmErifS5kzqR
xGcqLOt+/Jem5y8sF4iHs3V5gh1wEowLcpeBh0XuQwl2MzUhEVjUn3Srdl+oW0LH
Je3h2rYA2t82gxdf2jYkTCjNrYgneFO9SEhgdfQ1nf2REFM5JutDQb4pwOpeNh0o
BUZXg/0Vw3hb3KJOcbGmIIPIP5aRqkGQ0MAvurJXFf/TrUr0xnuI1f6oIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFkqq1B051Elby2czTKJdxS4CQMsMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvV1NxclVIVG5VU1Z2TFp6Tk1vbDNGTGdKQXl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hxMA0G
CSqGSIb3DQEBCwUAA4IBAQCYhr0psW2Nh3PPZ8ZlBXK2z3nGk6rzINBbc0/EqsN+
G3KUcGZA42Dk/ggxTU/9qjENTl23GB5XQVu+J1JBI6QLA7sNJMTgn85juAz+N7Li
2b25ZJ3NDUJT+Cv2LtgWys/WEWxpSrJ1aQ7+DW/NBR8T0EBdh6Kaoj2+x8t4XJaY
PRVRedNpuWDC/paS30dtCM2vRN4/y4FcqOfrxyd2hMEl1X43yt+G1hH/QM3flch2
jXgIHzPjf8LJohiFeBBraYcq1cllQ4WlLouLAc0vCfdbjdxNSSSTzMO49bxtBmcN
OMDj9EkTRcz1iULvmUloKyLK2BwV/GuuvU2TpsMHKRsK
-----END CERTIFICATE-----