Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/vtoW2ghZCiqt1o16LTSiIqzI1cU.roa
File:                     vtoW2ghZCiqt1o16LTSiIqzI1cU.roa (raw, json)
Hash identifier:          J3/TucU/D8vyTfTGT9C4K3FTtqpMCcZo8T2j8CCxmTg=
Subject key identifier:   BE:DA:16:DA:08:59:0A:2A:AD:D6:8D:7A:2D:34:A2:22:AC:C8:D5:C5
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019D73A360D48C5E364C435470833CF7E25B
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/vtoW2ghZCiqt1o16LTSiIqzI1cU.roa
Signing time:             Thu 09 Apr 2026 19:06:20 +0000
ROA not before:           Thu 09 Apr 2026 19:06:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        87.232.118.0/24 maxlen: 24
                          87.232.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 Apr 2026 20:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:73:a3:60:d4:8c:5e:36:4c:43:54:70:83:3c:f7:e2:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Apr  9 19:06:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=beda16da08590a2aadd68d7a2d34a222acc8d5c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c8:19:9a:d7:62:92:79:7b:93:6d:f1:66:58:
                    08:51:61:b6:df:b5:ea:6e:54:03:6c:ef:99:f3:7c:
                    16:45:8e:1b:33:c2:5b:03:ad:c8:13:f3:61:2e:d8:
                    c8:1b:81:6a:40:03:00:f8:26:99:29:73:66:16:f5:
                    c5:a3:e5:f1:7a:d7:f1:e1:93:d6:3a:f8:79:8d:97:
                    a9:e1:a0:0e:b2:bc:9e:d8:47:71:be:c7:65:b8:a9:
                    d8:da:ba:f1:31:ef:10:c2:ff:5e:37:ef:ee:99:c4:
                    75:0e:c9:3a:d5:99:57:fe:b9:42:8d:5e:c0:5c:b1:
                    36:56:89:a6:34:cb:d8:2f:e6:81:b8:fa:f6:77:3e:
                    7f:5e:37:22:5f:c0:c8:d8:34:3f:cf:ab:d2:11:42:
                    fa:c7:43:09:8f:e6:08:47:39:4a:7e:6c:fa:b1:37:
                    0d:fb:66:86:9a:16:e3:b9:30:1b:28:6f:16:a1:f5:
                    83:3b:a2:cd:d1:f7:f6:5a:54:eb:9c:26:be:a2:f1:
                    2e:5f:9c:a8:67:f5:ba:ff:b7:e9:b7:be:a9:7d:db:
                    9e:00:cf:dd:8a:00:cb:3c:50:44:9e:52:d4:7c:e4:
                    eb:ec:33:d7:74:3f:bd:27:47:e5:33:82:79:bd:29:
                    03:0f:c8:e9:4a:b8:5e:b1:7a:aa:d6:57:04:15:5a:
                    1c:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:DA:16:DA:08:59:0A:2A:AD:D6:8D:7A:2D:34:A2:22:AC:C8:D5:C5
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/vtoW2ghZCiqt1o16LTSiIqzI1cU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.118.0/24
                  87.232.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:a5:1a:28:90:9e:72:e5:f4:3f:5b:42:2e:6c:83:09:2a:7c:
         ce:d0:8e:41:cd:d1:c7:75:ec:d4:fd:a7:05:da:61:b0:25:73:
         7b:52:f6:4b:9d:61:47:70:7e:46:4f:4b:eb:df:a8:8f:06:c3:
         f1:5f:f3:65:55:a7:f8:8e:11:e7:f1:27:e9:77:b5:47:9f:76:
         0a:c7:8d:45:6d:93:fe:be:f6:d2:13:ba:97:c9:f1:6f:1a:1d:
         c2:66:98:e7:50:0a:dc:0f:22:71:9c:f6:bd:f7:2e:06:e3:e5:
         5b:3b:25:b7:79:e7:33:d8:81:0a:ec:be:a9:e8:3f:3a:e3:ff:
         0b:49:f8:f6:bc:97:c9:2f:dc:94:ad:c6:f2:e9:4b:86:16:af:
         99:37:95:56:2a:a7:e3:b3:59:ff:a1:ba:69:06:5e:33:37:09:
         da:b1:95:35:f5:e2:a3:aa:b1:1d:76:56:2d:a5:3d:8f:20:b9:
         6f:69:b5:d2:58:c6:4c:0a:80:66:1d:63:1c:99:5c:2e:69:27:
         f7:4f:e0:62:95:19:0e:29:e4:b8:91:66:20:f9:91:b0:cf:65:
         c1:87:0b:8a:1f:35:bc:a0:73:59:bf:47:42:e5:3a:5f:0a:d2:
         9b:9d:90:95:93:03:91:30:8a:92:d7:82:09:5a:58:e9:98:49:
         3f:88:1b:d9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1zo2DUjF42TENUcIM89+JbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNDA5MTkwNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWRhMTZkYTA4NTkwYTJhYWRkNjhkN2EyZDM0YTIyMmFjYzhkNWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8gZmtdiknl7k23xZlgIUWG237Xq
blQDbO+Z83wWRY4bM8JbA63IE/NhLtjIG4FqQAMA+CaZKXNmFvXFo+Xxetfx4ZPW
Ovh5jZep4aAOsrye2EdxvsdluKnY2rrxMe8Qwv9eN+/umcR1Dsk61ZlX/rlCjV7A
XLE2VommNMvYL+aBuPr2dz5/XjciX8DI2DQ/z6vSEUL6x0MJj+YIRzlKfmz6sTcN
+2aGmhbjuTAbKG8WofWDO6LN0ff2WlTrnCa+ovEuX5yoZ/W6/7fpt76pfdueAM/d
igDLPFBEnlLUfOTr7DPXdD+9J0flM4J5vSkDD8jpSrhesXqq1lcEFVocZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL7aFtoIWQoqrdaNei00oiKsyNXFMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvdnRvVzJnaFpDaXF0MW8xNkxUU2lJcXpJMWNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV+h2AwQA
V+h5MA0GCSqGSIb3DQEBCwUAA4IBAQA3pRookJ5y5fQ/W0IubIMJKnzO0I5BzdHH
dezU/acF2mGwJXN7UvZLnWFHcH5GT0vr36iPBsPxX/NlVaf4jhHn8Sfpd7VHn3YK
x41FbZP+vvbSE7qXyfFvGh3CZpjnUArcDyJxnPa99y4G4+VbOyW3eecz2IEK7L6p
6D864/8LSfj2vJfJL9yUrcby6UuGFq+ZN5VWKqfjs1n/obppBl4zNwnasZU19eKj
qrEddlYtpT2PILlvabXSWMZMCoBmHWMcmVwuaSf3T+BilRkOKeS4kWYg+ZGwz2XB
hwuKHzW8oHNZv0dC5TpfCtKbnZCVkwORMIqS14IJWljpmEk/iBvZ
-----END CERTIFICATE-----