Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/F8AX7HfNykoNGvvtmmp8wBILg1A.roa
File:                     F8AX7HfNykoNGvvtmmp8wBILg1A.roa (raw, json)
Hash identifier:          TQP0cq3RgQ8RZcbtx0C++kX89tRQmFRmohFyeH+ghDA=
Subject key identifier:   17:C0:17:EC:77:CD:CA:4A:0D:1A:FB:ED:9A:6A:7C:C0:12:0B:83:50
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019E8720647403E9CFCD7D8BA9DD9615067B
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/F8AX7HfNykoNGvvtmmp8wBILg1A.roa
Signing time:             Tue 02 Jun 2026 06:58:27 +0000
ROA not before:           Tue 02 Jun 2026 06:58:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     139734
IP address blocks:        87.229.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:87:20:64:74:03:e9:cf:cd:7d:8b:a9:dd:96:15:06:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jun  2 06:58:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=17c017ec77cdca4a0d1afbed9a6a7cc0120b8350
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:27:31:0d:10:9b:3e:62:ba:ec:1c:dc:28:4d:
                    b1:ad:f7:a1:7f:07:fe:14:eb:52:55:82:c5:4d:e6:
                    11:10:c6:4d:c7:95:b7:a1:9b:ee:f2:07:0e:f4:6d:
                    3f:05:f9:61:92:c8:db:ea:f4:fc:56:40:d9:26:9f:
                    1c:46:ed:1d:64:d9:70:d1:10:50:51:1f:d2:02:dc:
                    b3:ab:a3:11:88:a0:df:32:2e:41:7b:ed:a6:31:bb:
                    a7:8c:e4:03:0c:a0:c3:9c:02:49:d8:b8:87:78:33:
                    b5:8c:37:14:86:7f:b5:bc:63:a9:e7:d3:3a:60:b2:
                    b6:45:0c:d2:ff:21:6b:a6:4a:04:48:e8:5e:b7:cc:
                    0b:a1:65:f9:0a:a0:5b:f8:6f:1a:55:84:75:2a:3f:
                    fc:1a:80:8c:59:b1:ee:19:56:d2:1b:24:72:e3:05:
                    af:99:43:ee:38:8a:3c:61:7c:f1:6a:09:69:83:46:
                    e8:2d:b0:70:16:f6:d1:78:4a:ab:9c:97:b0:78:92:
                    13:18:c3:bb:02:2c:43:3b:a5:25:45:03:75:e3:20:
                    fc:6a:85:1d:86:42:f6:41:23:43:b6:ca:43:de:b6:
                    2b:8a:aa:8b:43:ae:c6:45:29:16:97:85:e8:da:02:
                    08:f2:cf:14:c9:12:51:32:64:e0:c8:25:73:1a:e5:
                    d0:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:C0:17:EC:77:CD:CA:4A:0D:1A:FB:ED:9A:6A:7C:C0:12:0B:83:50
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/F8AX7HfNykoNGvvtmmp8wBILg1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:95:df:e5:d4:78:b1:59:eb:46:1f:79:fa:e7:7d:5e:97:18:
         a0:c3:47:e9:8e:59:11:5d:9b:d6:bc:25:c5:70:47:a7:d1:c5:
         e6:a4:b8:24:b4:ac:71:74:ae:fa:ae:95:ed:0a:23:1c:da:13:
         5d:93:10:ba:53:95:bf:36:a2:0c:ca:e3:87:d9:e4:d1:3c:05:
         4f:6a:c1:05:c6:e6:54:83:64:a7:85:d2:cf:fe:3d:96:b2:f1:
         a7:b1:bf:e4:ac:4c:98:a6:16:7f:f5:07:f8:97:0a:07:bc:8b:
         13:3c:06:b3:cd:c4:a1:2f:96:94:e3:69:cd:26:d4:3c:12:50:
         02:15:4a:0e:e5:47:0a:cc:67:47:62:3a:d1:7e:65:f3:7f:17:
         7f:18:df:52:d8:9a:41:56:12:7c:5b:48:11:4f:c1:55:88:ff:
         0a:f4:e1:87:12:b2:e5:95:b7:65:f3:c3:3e:c5:c7:0c:da:67:
         5d:c0:6c:9c:d0:47:ab:d4:e8:1f:01:72:4c:e1:32:79:61:2a:
         67:8b:36:50:0a:3d:f9:94:4a:71:91:24:47:21:67:e5:bf:f8:
         50:d6:42:a3:e3:a9:88:1d:e8:83:ed:e7:19:de:a6:37:b1:21:
         10:57:d9:44:89:09:06:cb:97:c6:3c:bc:39:9f:f9:cc:32:d9:
         4a:d2:56:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6HIGR0A+nPzX2Lqd2WFQZ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjYwNjAyMDY1ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2MwMTdlYzc3Y2RjYTRhMGQxYWZiZWQ5YTZhN2NjMDEyMGI4MzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyycxDRCbPmK67BzcKE2xrfehfwf+
FOtSVYLFTeYREMZNx5W3oZvu8gcO9G0/Bflhksjb6vT8VkDZJp8cRu0dZNlw0RBQ
UR/SAtyzq6MRiKDfMi5Be+2mMbunjOQDDKDDnAJJ2LiHeDO1jDcUhn+1vGOp59M6
YLK2RQzS/yFrpkoESOhet8wLoWX5CqBb+G8aVYR1Kj/8GoCMWbHuGVbSGyRy4wWv
mUPuOIo8YXzxaglpg0boLbBwFvbReEqrnJeweJITGMO7AixDO6UlRQN14yD8aoUd
hkL2QSNDtspD3rYriqqLQ67GRSkWl4Xo2gII8s8UyRJRMmTgyCVzGuXQGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfAF+x3zcpKDRr77ZpqfMASC4NQMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvRjhBWDdIZk55a29OR3Z2dG1tcDh3QklMZzFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+UyMA0G
CSqGSIb3DQEBCwUAA4IBAQCEld/l1HixWetGH3n6531elxigw0fpjlkRXZvWvCXF
cEen0cXmpLgktKxxdK76rpXtCiMc2hNdkxC6U5W/NqIMyuOH2eTRPAVPasEFxuZU
g2SnhdLP/j2WsvGnsb/krEyYphZ/9Qf4lwoHvIsTPAazzcShL5aU42nNJtQ8ElAC
FUoO5UcKzGdHYjrRfmXzfxd/GN9S2JpBVhJ8W0gRT8FViP8K9OGHErLllbdl88M+
xccM2mddwGyc0Eer1OgfAXJM4TJ5YSpnizZQCj35lEpxkSRHIWflv/hQ1kKj46mI
HeiD7ecZ3qY3sSEQV9lEiQkGy5fGPLw5n/nMMtlK0lbc
-----END CERTIFICATE-----