Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_KxFP4e5fBvka3euslOKTXwcVxA.roa
File:                     _KxFP4e5fBvka3euslOKTXwcVxA.roa (raw, json)
Hash identifier:          YwzuL8U/lVjU12p7SEShDZZZh1j0ctyWgcNaTqCaOrU=
Subject key identifier:   FC:AC:45:3F:87:B9:7C:1B:E4:6B:77:AE:B2:53:8A:4D:7C:1C:57:10
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019E207FA57B481C8747DC8E7B5BE828B3F5
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_KxFP4e5fBvka3euslOKTXwcVxA.roa
Signing time:             Wed 13 May 2026 08:41:36 +0000
ROA not before:           Wed 13 May 2026 08:41:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401776
IP address blocks:        87.232.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:20:7f:a5:7b:48:1c:87:47:dc:8e:7b:5b:e8:28:b3:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: May 13 08:41:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fcac453f87b97c1be46b77aeb2538a4d7c1c5710
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:61:e6:f3:f2:5a:f5:12:03:e4:5f:77:b7:3b:
                    d6:3d:0a:c1:24:9a:ee:2e:84:34:c1:9d:4b:3f:f9:
                    7e:e0:88:e2:2b:c2:ca:2a:d7:ba:f5:b9:2f:14:0b:
                    a6:27:73:cd:8e:15:1a:8b:f1:73:aa:03:dd:8d:59:
                    57:cb:04:00:af:ad:6f:d2:6f:6e:2a:b4:00:16:6f:
                    19:9d:cd:f5:0a:37:16:fe:89:3f:65:ed:00:f1:31:
                    7e:11:48:51:c7:71:d2:ae:9f:a7:bc:0c:a6:49:4c:
                    52:ff:03:0a:d4:f8:97:50:02:2c:d1:75:83:ed:b6:
                    57:37:3a:7e:c1:b1:71:da:78:e3:b7:8a:2c:7f:e0:
                    7f:11:0b:fd:b6:97:b6:2d:28:36:28:a2:09:69:dc:
                    da:f8:66:e9:e3:75:b4:c8:77:8f:09:1a:9d:53:d1:
                    d0:01:21:ec:c4:80:61:4d:4c:d3:d9:64:05:be:8b:
                    07:5c:29:9e:c1:12:89:b9:0a:2e:d1:0f:91:36:fc:
                    84:36:c8:dd:3e:46:e0:0d:01:46:3c:75:b5:30:c9:
                    57:63:38:6e:20:4a:d7:f2:cc:be:38:32:c8:23:25:
                    88:2d:4d:c4:15:32:25:91:06:4a:0e:10:d1:05:44:
                    d1:15:01:24:38:2d:e5:d3:78:5f:cf:c6:79:11:4e:
                    25:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:AC:45:3F:87:B9:7C:1B:E4:6B:77:AE:B2:53:8A:4D:7C:1C:57:10
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_KxFP4e5fBvka3euslOKTXwcVxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:17:90:65:20:09:26:d2:ff:39:2d:55:d6:eb:1d:47:69:4c:
         b6:d5:61:aa:e2:a6:71:74:8e:93:5a:50:a4:08:b9:f6:15:81:
         e8:da:a3:66:65:e6:ff:b3:51:bc:4d:ba:23:b8:3a:9a:88:2e:
         00:1c:05:75:6e:7f:f4:7b:68:0a:c0:95:b1:ba:91:81:6d:a4:
         82:4c:ff:f2:7e:b3:27:de:1e:ba:ad:f3:5b:25:be:89:2d:4b:
         32:98:61:da:15:19:dd:5b:3c:c5:25:41:45:1b:d3:0f:3f:b9:
         15:f8:a1:e7:79:dc:7f:62:9c:77:13:25:55:47:1d:c7:04:5e:
         db:79:f5:23:d9:4a:0e:20:50:24:ac:a2:a4:8a:25:94:eb:ae:
         b8:96:3a:c8:5b:36:1a:79:d6:20:10:d6:09:d0:ea:a1:0e:e8:
         95:a3:3c:c1:8e:04:ff:82:9d:87:30:57:a6:72:25:9c:bc:40:
         ac:66:6b:98:26:14:69:42:4b:62:1f:74:52:4e:e1:dd:27:e8:
         be:98:b6:76:42:42:3c:85:db:c1:a8:53:dd:2c:ec:12:85:a7:
         a4:27:aa:61:51:3a:ef:a5:d6:7a:96:b3:4d:5a:b7:51:88:33:
         e9:09:ef:f7:ef:1b:17:cf:0e:ce:79:3a:c1:01:95:49:bd:6f:
         57:27:85:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4gf6V7SByHR9yOe1voKLP1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNTEzMDg0MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2FjNDUzZjg3Yjk3YzFiZTQ2Yjc3YWViMjUzOGE0ZDdjMWM1NzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmHm8/Ja9RID5F93tzvWPQrBJJru
LoQ0wZ1LP/l+4IjiK8LKKte69bkvFAumJ3PNjhUai/FzqgPdjVlXywQAr61v0m9u
KrQAFm8Znc31CjcW/ok/Ze0A8TF+EUhRx3HSrp+nvAymSUxS/wMK1PiXUAIs0XWD
7bZXNzp+wbFx2njjt4osf+B/EQv9tpe2LSg2KKIJadza+Gbp43W0yHePCRqdU9HQ
ASHsxIBhTUzT2WQFvosHXCmewRKJuQou0Q+RNvyENsjdPkbgDQFGPHW1MMlXYzhu
IErX8sy+ODLIIyWILU3EFTIlkQZKDhDRBUTRFQEkOC3l03hfz8Z5EU4lgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPysRT+HuXwb5Gt3rrJTik18HFcQMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvX0t4RlA0ZTVmQnZrYTNldXNsT0tUWHdjVnhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hiMA0G
CSqGSIb3DQEBCwUAA4IBAQCLF5BlIAkm0v85LVXW6x1HaUy21WGq4qZxdI6TWlCk
CLn2FYHo2qNmZeb/s1G8TbojuDqaiC4AHAV1bn/0e2gKwJWxupGBbaSCTP/yfrMn
3h66rfNbJb6JLUsymGHaFRndWzzFJUFFG9MPP7kV+KHnedx/Ypx3EyVVRx3HBF7b
efUj2UoOIFAkrKKkiiWU6664ljrIWzYaedYgENYJ0OqhDuiVozzBjgT/gp2HMFem
ciWcvECsZmuYJhRpQktiH3RSTuHdJ+i+mLZ2QkI8hdvBqFPdLOwShaekJ6phUTrv
pdZ6lrNNWrdRiDPpCe/37xsXzw7OeTrBAZVJvW9XJ4VQ
-----END CERTIFICATE-----