Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/g87odO6LKbYtUQhiItIdJuDDOv0.roa
File:                     g87odO6LKbYtUQhiItIdJuDDOv0.roa (raw, json)
Hash identifier:          ablxnUHmYfcNIwf2Jd68koMELTWUoB6TggOKa1sqdjM=
Subject key identifier:   83:CE:E8:74:EE:8B:29:B6:2D:51:08:62:22:D2:1D:26:E0:C3:3A:FD
Certificate issuer:       /CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
Certificate serial:       019D006851C16BB40FA1A3C90EC5B416B9FF
Authority key identifier: 5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/g87odO6LKbYtUQhiItIdJuDDOv0.roa
Signing time:             Wed 18 Mar 2026 10:05:29 +0000
ROA not before:           Wed 18 Mar 2026 10:05:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7488
IP address blocks:        87.232.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 14:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:68:51:c1:6b:b4:0f:a1:a3:c9:0e:c5:b4:16:b9:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
        Validity
            Not Before: Mar 18 10:05:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=83cee874ee8b29b62d51086222d21d26e0c33afd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:60:55:ef:95:38:59:69:6d:c5:aa:bc:85:ea:
                    77:6a:f4:2d:3a:f9:61:33:4f:f8:0d:ad:38:af:d1:
                    fd:36:79:d8:3e:35:ee:bf:e9:41:7f:9c:01:5c:fa:
                    92:e7:3d:64:2d:67:84:a7:50:43:24:6b:00:ce:8a:
                    1f:fa:d4:c4:d4:c5:f3:51:a3:b9:b8:64:3f:82:bc:
                    f7:24:94:79:8c:a0:87:e0:5d:70:fa:95:b2:b7:ce:
                    6d:7a:8f:ed:a3:cb:94:ca:68:15:54:cb:85:56:c6:
                    71:fe:4a:65:fb:fa:50:89:36:a0:0d:9f:00:54:bd:
                    b2:71:bc:de:93:2d:10:32:fa:c0:19:1c:50:81:01:
                    bd:11:aa:e1:86:fb:8f:b1:9b:be:ea:f3:f6:0f:b4:
                    62:92:ed:c6:9f:8f:b8:aa:f7:3e:5f:e3:7e:8d:52:
                    28:42:56:ab:a9:15:21:69:14:72:28:3b:f4:df:37:
                    2e:53:53:56:cf:f1:79:47:27:c8:f0:92:c9:c7:e9:
                    97:33:ad:fe:04:38:03:40:57:9c:e9:fc:10:8f:70:
                    43:f6:ca:7e:d2:3d:34:10:77:c1:8e:ef:e1:21:e3:
                    73:e2:54:3f:0c:be:68:03:46:b9:89:5c:ad:4b:38:
                    be:47:0c:50:2e:64:8e:d7:7c:8f:ab:a5:24:00:12:
                    94:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:CE:E8:74:EE:8B:29:B6:2D:51:08:62:22:D2:1D:26:E0:C3:3A:FD
            X509v3 Authority Key Identifier:
                keyid:5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/g87odO6LKbYtUQhiItIdJuDDOv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:4f:54:b0:6a:80:5f:98:d6:fc:39:51:24:58:40:cd:d8:17:
         8c:fa:26:a5:b3:26:66:91:d8:54:67:41:db:4e:64:cc:1d:60:
         ff:e4:c0:e2:a6:85:a7:62:74:e7:e1:fa:2a:f7:d7:fc:a9:4b:
         12:38:b6:ed:8e:f2:0b:fb:f7:ef:d3:43:33:4f:3d:0f:c3:d4:
         43:4f:d7:75:ca:8d:bd:27:d5:ad:e2:2c:50:9d:b6:9e:28:80:
         79:b5:70:ed:1b:7e:53:fa:8f:e9:cc:51:b3:83:27:6e:f9:3a:
         f1:87:f3:c6:6b:03:96:0f:bf:69:9a:29:c5:71:cd:38:35:1c:
         c6:e5:dc:7a:e4:c2:da:ff:c7:29:5a:4e:7a:6b:a8:83:63:c2:
         b4:1d:65:3c:e0:91:b9:65:93:ba:22:ad:21:1b:26:ad:31:5f:
         f8:8f:6c:fb:da:95:1c:15:a4:36:23:94:91:6e:80:17:84:15:
         ad:c0:e1:70:0b:7c:f6:22:1e:bf:79:44:25:cd:77:6f:df:5a:
         04:e8:bc:b9:16:41:67:ee:de:9d:4d:47:06:98:3b:b2:b4:66:
         07:97:3d:b6:a3:c1:7f:35:4d:60:97:a5:27:2a:54:f2:7e:37:
         24:f6:3f:c0:f6:ba:6b:68:53:c0:b8:b7:e7:46:0c:d0:83:9f:
         36:fb:68:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0AaFHBa7QPoaPJDsW0Frn/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZTUzYzBiZmMzYzhmYjU2YjgxMTkxMzE3MTQ0NDQzZTBl
MjlkMjUwHhcNMjYwMzE4MTAwNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2NlZTg3NGVlOGIyOWI2MmQ1MTA4NjIyMmQyMWQyNmUwYzMzYWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGBV75U4WWltxaq8hep3avQtOvlh
M0/4Da04r9H9NnnYPjXuv+lBf5wBXPqS5z1kLWeEp1BDJGsAzoof+tTE1MXzUaO5
uGQ/grz3JJR5jKCH4F1w+pWyt85teo/to8uUymgVVMuFVsZx/kpl+/pQiTagDZ8A
VL2ycbzeky0QMvrAGRxQgQG9EarhhvuPsZu+6vP2D7Riku3Gn4+4qvc+X+N+jVIo
QlarqRUhaRRyKDv03zcuU1NWz/F5RyfI8JLJx+mXM63+BDgDQFec6fwQj3BD9sp+
0j00EHfBju/hIeNz4lQ/DL5oA0a5iVytSzi+RwxQLmSO13yPq6UkABKUzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIPO6HTuiym2LVEIYiLSHSbgwzr9MB8GA1UdIwQY
MBaAFF/lPAv8PI+1a4EZExcUREPg4p0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDct
NWNmNTZlZTQzNWIzLzEvZzg3b2RPNkxLYll0VVFoaUl0SWRKdURET3YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDctNWNmNTZlZTQzNWIz
LzEvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+heMA0G
CSqGSIb3DQEBCwUAA4IBAQB2T1SwaoBfmNb8OVEkWEDN2BeM+ialsyZmkdhUZ0Hb
TmTMHWD/5MDipoWnYnTn4foq99f8qUsSOLbtjvIL+/fv00MzTz0Pw9RDT9d1yo29
J9Wt4ixQnbaeKIB5tXDtG35T+o/pzFGzgydu+Trxh/PGawOWD79pminFcc04NRzG
5dx65MLa/8cpWk56a6iDY8K0HWU84JG5ZZO6Iq0hGyatMV/4j2z72pUcFaQ2I5SR
boAXhBWtwOFwC3z2Ih6/eUQlzXdv31oE6Ly5FkFn7t6dTUcGmDuytGYHlz22o8F/
NU1gl6UnKlTyfjck9j/A9rpraFPAuLfnRgzQg582+2hH
-----END CERTIFICATE-----