Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/f9ZsfSFN7LJ3KGfv8uns-5fC1N4.roa
File:                     f9ZsfSFN7LJ3KGfv8uns-5fC1N4.roa (raw, json)
Hash identifier:          YgnaRCV5n3O2W+kUu774ZmHJ9iswPGIKvlSAz5n5jaI=
Subject key identifier:   7F:D6:6C:7D:21:4D:EC:B2:77:28:67:EF:F2:E9:EC:FB:97:C2:D4:DE
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019E871F7B99B6376F4EFA6537F1690EF2C9
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/f9ZsfSFN7LJ3KGfv8uns-5fC1N4.roa
Signing time:             Tue 02 Jun 2026 06:57:27 +0000
ROA not before:           Tue 02 Jun 2026 06:57:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212895
IP address blocks:        87.229.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:87:1f:7b:99:b6:37:6f:4e:fa:65:37:f1:69:0e:f2:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jun  2 06:57:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7fd66c7d214decb2772867eff2e9ecfb97c2d4de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:60:99:6a:e0:68:82:51:e8:ca:0f:3b:58:73:
                    c5:5e:d4:a3:0c:97:93:cd:60:17:3c:9f:80:40:11:
                    7f:3d:0c:9d:81:03:a2:b4:d5:7c:c7:b1:9f:b8:1a:
                    07:1d:11:3a:91:3b:40:ef:00:9e:7f:3c:ea:4e:ac:
                    70:70:0c:9e:23:e4:28:b8:cd:16:25:b2:d6:7c:19:
                    85:d6:4e:db:62:5c:09:51:0a:64:c9:13:96:84:28:
                    43:9a:4a:c0:41:11:43:cc:28:da:c0:b6:e4:76:1d:
                    c8:f6:5c:ce:a1:e5:7a:2f:16:7d:51:a3:fb:ba:5b:
                    3e:cf:f9:bb:6f:12:2e:45:c8:22:85:80:0d:fb:84:
                    45:5d:ac:e9:43:5c:29:65:85:81:1c:e2:41:90:2c:
                    c2:a9:97:10:aa:63:05:0d:c6:69:b7:22:91:d8:c7:
                    df:3d:a3:b3:58:50:44:a9:cc:15:b3:3f:51:c0:d0:
                    1f:d5:fe:aa:2f:7f:a7:40:30:1f:a4:1a:2b:2c:97:
                    e4:8f:fb:29:75:9e:51:55:6f:e2:4a:f0:a0:1b:7c:
                    cb:8e:53:d4:f9:c6:ad:0b:86:d7:7a:68:ff:8d:68:
                    cc:79:f5:7f:8e:70:82:44:d4:7a:79:9a:45:62:dc:
                    a6:fc:4d:b8:27:1c:f5:b3:10:c4:ab:6f:6d:64:d9:
                    06:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:D6:6C:7D:21:4D:EC:B2:77:28:67:EF:F2:E9:EC:FB:97:C2:D4:DE
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/f9ZsfSFN7LJ3KGfv8uns-5fC1N4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:63:ab:2f:67:3c:a1:58:4a:9e:43:35:dc:5c:1f:9d:43:3f:
         78:68:7a:6a:b8:81:17:59:79:c5:39:36:b7:1e:a7:71:46:9a:
         4f:6e:ad:d4:3b:9c:e2:46:83:e8:42:7b:d2:57:ee:f1:0f:fd:
         36:48:d5:af:7a:85:06:dd:ee:76:60:e4:9c:c2:9e:18:0a:19:
         7d:b7:53:68:ad:d1:28:45:c1:08:4f:10:ce:f6:07:8a:01:d5:
         85:bf:6c:61:99:de:e1:9e:df:af:6f:92:1a:d1:44:0a:5c:9d:
         23:f0:95:e5:48:91:4f:27:52:82:e9:96:23:95:f5:86:e3:b3:
         2b:4d:44:98:cd:62:2a:f9:e2:c4:88:41:4d:ec:8c:cc:61:66:
         8e:aa:20:4f:c2:2f:e0:e8:a0:e0:9d:76:d2:56:70:d1:ae:ff:
         4d:d7:0e:78:98:6a:a4:aa:c2:70:18:19:f0:99:bf:1e:45:b0:
         e4:92:dc:3a:25:4e:98:12:52:06:42:85:e5:12:9b:7b:ec:c0:
         a2:74:77:b0:f3:33:85:06:e4:ff:36:2d:70:c6:ab:73:60:5b:
         da:b3:3b:f7:bf:48:04:83:3d:5e:c0:15:13:0a:e4:e5:30:0a:
         d0:e4:cb:79:db:35:3a:ee:3d:ed:42:d6:b4:5a:3a:ad:5d:c0:
         74:35:94:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6HH3uZtjdvTvplN/FpDvLJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjYwNjAyMDY1NzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmQ2NmM3ZDIxNGRlY2IyNzcyODY3ZWZmMmU5ZWNmYjk3YzJkNGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWCZauBoglHoyg87WHPFXtSjDJeT
zWAXPJ+AQBF/PQydgQOitNV8x7GfuBoHHRE6kTtA7wCefzzqTqxwcAyeI+QouM0W
JbLWfBmF1k7bYlwJUQpkyROWhChDmkrAQRFDzCjawLbkdh3I9lzOoeV6LxZ9UaP7
uls+z/m7bxIuRcgihYAN+4RFXazpQ1wpZYWBHOJBkCzCqZcQqmMFDcZptyKR2Mff
PaOzWFBEqcwVsz9RwNAf1f6qL3+nQDAfpBorLJfkj/spdZ5RVW/iSvCgG3zLjlPU
+catC4bXemj/jWjMefV/jnCCRNR6eZpFYtym/E24Jxz1sxDEq29tZNkGGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH/WbH0hTeyydyhn7/Lp7PuXwtTeMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvZjlac2ZTRk43TEozS0dmdjh1bnMtNWZDMU40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+UXMA0G
CSqGSIb3DQEBCwUAA4IBAQA9Y6svZzyhWEqeQzXcXB+dQz94aHpquIEXWXnFOTa3
HqdxRppPbq3UO5ziRoPoQnvSV+7xD/02SNWveoUG3e52YOScwp4YChl9t1NordEo
RcEITxDO9geKAdWFv2xhmd7hnt+vb5Ia0UQKXJ0j8JXlSJFPJ1KC6ZYjlfWG47Mr
TUSYzWIq+eLEiEFN7IzMYWaOqiBPwi/g6KDgnXbSVnDRrv9N1w54mGqkqsJwGBnw
mb8eRbDkktw6JU6YElIGQoXlEpt77MCidHew8zOFBuT/Ni1wxqtzYFvaszv3v0gE
gz1ewBUTCuTlMArQ5Mt52zU67j3tQta0WjqtXcB0NZQn
-----END CERTIFICATE-----