Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/b1wq4G8ZFhGzoeDnEfKvSta7MtA.roa
File:                     b1wq4G8ZFhGzoeDnEfKvSta7MtA.roa (raw, json)
Hash identifier:          JttNNVghw77cRy+oKISb+g34KOXPcTeC0HG3AL+1p5E=
Subject key identifier:   6F:5C:2A:E0:6F:19:16:11:B3:A1:E0:E7:11:F2:AF:4A:D6:BB:32:D0
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019DB6C6AD6F1A3460F5E9ED07FA40FC1D8C
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/b1wq4G8ZFhGzoeDnEfKvSta7MtA.roa
Signing time:             Wed 22 Apr 2026 19:59:26 +0000
ROA not before:           Wed 22 Apr 2026 19:59:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214432
IP address blocks:        87.232.110.0/24 maxlen: 24
                          87.232.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b6:c6:ad:6f:1a:34:60:f5:e9:ed:07:fa:40:fc:1d:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Apr 22 19:59:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f5c2ae06f191611b3a1e0e711f2af4ad6bb32d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9e:cd:01:89:ce:38:5f:ef:ed:3e:c7:fe:14:
                    e2:0c:38:42:18:07:fc:06:f3:10:1d:82:bd:1e:39:
                    05:31:e9:99:34:c2:45:a7:16:93:a7:c4:0e:de:fa:
                    19:bf:8b:f9:9e:6d:80:19:2e:dc:1e:51:c9:64:70:
                    4f:85:7f:90:79:09:56:bb:56:48:ce:f9:9c:57:bf:
                    ca:a1:df:87:48:7b:89:19:ae:d4:94:46:45:2a:b9:
                    66:c3:4a:a1:ec:3b:77:7a:94:5f:ed:f6:15:83:e2:
                    77:aa:b3:76:46:fa:48:d3:e2:bd:10:d2:b7:60:a8:
                    f7:1a:3a:aa:58:f3:2a:96:ee:b3:3e:ac:be:1a:59:
                    0b:ea:3e:d6:f5:6e:80:1f:05:54:ee:16:5b:61:94:
                    89:a1:25:bb:fc:b2:48:22:0e:62:20:bc:84:b6:fa:
                    bc:1e:80:2f:da:7b:0d:cc:4b:34:cc:c6:eb:55:f9:
                    01:a2:77:dd:44:90:4d:0c:cd:ea:04:28:23:b7:e6:
                    19:91:5e:5f:21:a2:cb:f4:ea:bd:a5:b9:ee:cc:e3:
                    52:f7:73:e1:58:3a:d5:65:bd:8c:5f:8b:92:b6:fd:
                    d0:56:6a:3d:63:c8:25:b9:5a:e4:b0:95:55:b6:a2:
                    a0:95:a3:aa:3e:7c:48:92:4a:64:b9:ea:ce:ab:76:
                    19:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:5C:2A:E0:6F:19:16:11:B3:A1:E0:E7:11:F2:AF:4A:D6:BB:32:D0
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/b1wq4G8ZFhGzoeDnEfKvSta7MtA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.110.0/24
                  87.232.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:e8:3f:91:13:ea:f4:43:8e:1b:55:6b:66:5e:78:6b:f4:49:
         5b:cf:07:8d:af:7b:99:14:79:e0:72:41:0d:09:cc:b6:3d:7d:
         3b:a4:e9:c0:19:1c:98:a1:24:7a:df:8b:f2:3c:84:9e:83:2a:
         3c:a0:33:44:6e:60:23:38:9d:af:14:9e:9b:ae:1c:91:55:c6:
         0b:30:7f:ec:e8:f7:56:da:7e:91:28:5a:03:fd:bc:e3:60:8d:
         03:19:d1:fa:3b:af:6d:e3:21:91:2a:c6:83:1f:0b:d9:7d:35:
         0b:f2:35:c8:33:83:13:e7:41:fd:c1:36:63:18:c6:b4:1f:9d:
         c2:c4:88:02:4d:66:92:b7:21:fc:57:a8:4e:e9:2f:4e:1d:15:
         4e:97:14:c7:13:56:af:5d:81:6a:72:07:37:f2:e0:b5:84:e5:
         63:58:c2:90:3e:92:88:4a:06:72:85:a8:70:87:0d:a4:bd:aa:
         21:f3:06:30:1c:f7:d0:23:cf:2d:05:00:18:37:39:05:1e:0f:
         17:17:1d:78:e7:d5:a1:cf:04:17:2d:bb:73:28:6e:fe:33:9d:
         e9:52:47:61:43:7d:f5:5c:17:33:21:3f:77:cd:c7:70:66:83:
         85:c4:07:03:74:bd:7b:3d:eb:4d:57:9b:a9:44:6d:53:5c:a1:
         bd:e9:cb:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ22xq1vGjRg9entB/pA/B2MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNDIyMTk1OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjVjMmFlMDZmMTkxNjExYjNhMWUwZTcxMWYyYWY0YWQ2YmIzMmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZ7NAYnOOF/v7T7H/hTiDDhCGAf8
BvMQHYK9HjkFMemZNMJFpxaTp8QO3voZv4v5nm2AGS7cHlHJZHBPhX+QeQlWu1ZI
zvmcV7/Kod+HSHuJGa7UlEZFKrlmw0qh7Dt3epRf7fYVg+J3qrN2RvpI0+K9ENK3
YKj3GjqqWPMqlu6zPqy+GlkL6j7W9W6AHwVU7hZbYZSJoSW7/LJIIg5iILyEtvq8
HoAv2nsNzEs0zMbrVfkBonfdRJBNDM3qBCgjt+YZkV5fIaLL9Oq9pbnuzONS93Ph
WDrVZb2MX4uStv3QVmo9Y8gluVrksJVVtqKglaOqPnxIkkpkuerOq3YZEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG9cKuBvGRYRs6Hg5xHyr0rWuzLQMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvYjF3cTRHOFpGaEd6b2VEbkVmS3ZTdGE3TXRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV+huAwQA
V+h0MA0GCSqGSIb3DQEBCwUAA4IBAQCY6D+RE+r0Q44bVWtmXnhr9ElbzweNr3uZ
FHngckENCcy2PX07pOnAGRyYoSR634vyPISegyo8oDNEbmAjOJ2vFJ6brhyRVcYL
MH/s6PdW2n6RKFoD/bzjYI0DGdH6O69t4yGRKsaDHwvZfTUL8jXIM4MT50H9wTZj
GMa0H53CxIgCTWaStyH8V6hO6S9OHRVOlxTHE1avXYFqcgc38uC1hOVjWMKQPpKI
SgZyhahwhw2kvaoh8wYwHPfQI88tBQAYNzkFHg8XFx1459WhzwQXLbtzKG7+M53p
UkdhQ331XBczIT93zcdwZoOFxAcDdL17PetNV5upRG1TXKG96cs4
-----END CERTIFICATE-----