Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/1-8jdSIgGg6tIpFSJk121gLMsNrA.roa
File:                     1-8jdSIgGg6tIpFSJk121gLMsNrA.roa (raw, json)
Hash identifier:          90MxpWk81rltMmjii04vbOeLkTQn8RYI1EVx0iIVr8g=
Subject key identifier:   FB:C8:DD:48:88:06:83:AB:48:A4:54:89:93:5D:B5:80:B3:2C:36:B0
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019E7531EF1DB7E16E21E3A5FC038B2E3110
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/1-8jdSIgGg6tIpFSJk121gLMsNrA.roa
Signing time:             Fri 29 May 2026 19:24:27 +0000
ROA not before:           Fri 29 May 2026 19:24:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     151338
IP address blocks:        87.229.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:75:31:ef:1d:b7:e1:6e:21:e3:a5:fc:03:8b:2e:31:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: May 29 19:24:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fbc8dd48880683ab48a45489935db580b32c36b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ac:93:31:03:e9:e2:31:4e:1e:c6:61:31:5a:
                    e1:3e:41:8f:cf:6f:9f:04:18:0e:1c:75:a9:15:97:
                    b4:1a:b2:69:67:3b:0b:c7:86:6b:f1:0f:bf:6d:0a:
                    3b:2f:98:93:02:cd:cd:13:a3:f3:3f:93:13:5b:b2:
                    38:e6:47:e4:9e:f0:fb:f9:cb:f1:1b:3b:1f:c2:ab:
                    09:07:1b:f1:c0:32:0a:91:df:35:11:a9:96:4c:e0:
                    a7:bf:2d:93:8d:95:2b:c6:81:a3:04:77:1d:c9:a8:
                    a2:9e:a9:cd:7c:9a:7b:cd:92:ab:99:f7:56:9f:97:
                    50:75:24:9f:cb:5b:f0:fe:22:dc:1e:f5:55:b1:73:
                    b1:f1:09:0a:a6:8c:7f:38:d2:2e:f5:84:1c:53:f0:
                    e2:12:5d:0c:70:69:81:19:61:ba:49:ef:79:8a:d0:
                    9a:ca:2a:00:fc:76:59:8e:1f:46:a6:11:3b:12:f3:
                    54:6b:53:04:e5:06:e5:e5:03:e9:32:32:ec:07:33:
                    08:df:e5:dd:a7:ba:db:c8:d5:3e:29:9b:f5:61:53:
                    1e:b7:a0:6d:8c:ce:c2:7f:8f:fc:1e:de:b3:79:85:
                    6a:11:9a:27:ba:dc:7b:3a:39:9c:16:75:bb:9f:10:
                    1d:71:7d:b5:c8:10:3a:cf:39:2a:22:7f:7b:d0:6a:
                    9f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:C8:DD:48:88:06:83:AB:48:A4:54:89:93:5D:B5:80:B3:2C:36:B0
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/1-8jdSIgGg6tIpFSJk121gLMsNrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:eb:30:c8:3c:7e:4a:25:c7:4a:c5:d7:31:8b:c4:46:33:64:
         3c:13:74:5b:6a:79:94:7a:40:c1:4a:6e:81:a0:22:8d:9c:b1:
         a2:10:0f:c4:d6:21:f4:39:a3:64:0f:77:06:97:3d:23:65:54:
         ab:a2:b8:53:7b:5b:e4:8c:e3:d4:67:ea:cc:4b:52:74:8a:78:
         f2:5a:6e:d4:5e:97:a5:ca:c9:6e:37:d7:40:81:ec:15:6d:10:
         b1:87:e1:f9:04:a1:8a:b1:db:71:ce:a4:85:f4:2a:0d:12:44:
         4e:5b:36:3b:0b:f7:a7:cf:56:d4:d2:6a:af:40:87:63:87:ef:
         63:b5:b6:c2:16:9d:89:15:4e:2e:ce:95:f0:16:cc:7e:87:79:
         ca:66:db:28:ed:ad:55:d7:5f:7c:08:0e:fe:76:fa:c9:98:db:
         4c:57:3b:d8:31:57:80:16:b6:88:f3:38:ea:40:7a:5f:86:f6:
         1f:2e:70:54:bc:34:d1:b3:db:80:4e:ae:a2:1e:ed:b8:fd:3e:
         27:93:f9:ba:a7:4d:d1:40:f8:24:68:01:c8:1d:a0:82:cf:7d:
         62:51:1d:e3:c3:af:81:52:13:77:c0:94:e2:47:5b:f8:ff:71:
         b7:63:81:94:4f:cb:31:dc:06:1f:dd:bf:36:73:b0:5e:d5:da:
         fe:dc:bb:65
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ51Me8dt+FuIeOl/AOLLjEQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjYwNTI5MTkyNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmM4ZGQ0ODg4MDY4M2FiNDhhNDU0ODk5MzVkYjU4MGIzMmMzNmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvayTMQPp4jFOHsZhMVrhPkGPz2+f
BBgOHHWpFZe0GrJpZzsLx4Zr8Q+/bQo7L5iTAs3NE6PzP5MTW7I45kfknvD7+cvx
GzsfwqsJBxvxwDIKkd81EamWTOCnvy2TjZUrxoGjBHcdyaiinqnNfJp7zZKrmfdW
n5dQdSSfy1vw/iLcHvVVsXOx8QkKpox/ONIu9YQcU/DiEl0McGmBGWG6Se95itCa
yioA/HZZjh9GphE7EvNUa1ME5Qbl5QPpMjLsBzMI3+Xdp7rbyNU+KZv1YVMet6Bt
jM7Cf4/8Ht6zeYVqEZonutx7OjmcFnW7nxAdcX21yBA6zzkqIn970GqfJwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPvI3UiIBoOrSKRUiZNdtYCzLDawMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvMS04amRTSWdHZzZ0SXBGU0prMTIxZ0xNc05yQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTcvMjY3MjhlLWRkYzctNGIwZi05ZDFlLTk1OTNhNDg4YWZj
Yy8xL2UxNDM5dU81dlJ6emFFdWNBOEE2MGNwa0pKYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFflQDAN
BgkqhkiG9w0BAQsFAAOCAQEAFeswyDx+SiXHSsXXMYvERjNkPBN0W2p5lHpAwUpu
gaAijZyxohAPxNYh9DmjZA93Bpc9I2VUq6K4U3tb5Izj1GfqzEtSdIp48lpu1F6X
pcrJbjfXQIHsFW0QsYfh+QShirHbcc6khfQqDRJETls2Owv3p89W1NJqr0CHY4fv
Y7W2whadiRVOLs6V8BbMfod5ymbbKO2tVddffAgO/nb6yZjbTFc72DFXgBa2iPM4
6kB6X4b2Hy5wVLw00bPbgE6uoh7tuP0+J5P5uqdN0UD4JGgByB2ggs99YlEd48Ov
gVITd8CU4kdb+P9xt2OBlE/LMdwGH92/NnOwXtXa/ty7ZQ==
-----END CERTIFICATE-----