Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/1-aNw--BPBefYz9x_VqBegl9WPrY.roa
File:                     1-aNw--BPBefYz9x_VqBegl9WPrY.roa (raw, json)
Hash identifier:          p+4+iFCffhLUzIHkpWZ/pEQivYynK/7wTrVt4Mp/xw4=
Subject key identifier:   F9:A3:70:FB:E0:4F:05:E7:D8:CF:DC:7F:56:A0:5E:82:5F:56:3E:B6
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019E597D7D67EC53E7A925A7F44EEDE22688
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/1-aNw--BPBefYz9x_VqBegl9WPrY.roa
Signing time:             Sun 24 May 2026 10:17:36 +0000
ROA not before:           Sun 24 May 2026 10:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198566
IP address blocks:        87.58.200.0/24 maxlen: 24
                          87.58.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:59:7d:7d:67:ec:53:e7:a9:25:a7:f4:4e:ed:e2:26:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: May 24 10:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f9a370fbe04f05e7d8cfdc7f56a05e825f563eb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:0b:b6:81:9b:97:76:58:61:5d:fc:6e:ee:a9:
                    40:00:fb:4a:77:21:27:01:a9:5a:fb:3c:89:19:3b:
                    00:d7:da:be:a3:04:c9:3b:48:b4:20:f9:69:7f:37:
                    ad:7c:2f:07:b0:92:29:ad:3b:f5:44:fa:e6:68:cf:
                    12:32:a8:0f:ec:74:eb:35:51:4d:62:08:a8:0c:90:
                    50:f9:7e:af:2b:2a:38:f4:ac:31:b1:36:54:ef:3b:
                    cd:58:dd:a7:82:29:0c:23:84:b7:05:9d:86:da:38:
                    aa:75:e5:1f:46:1e:f2:bc:29:cb:a0:2f:7a:fb:c8:
                    bc:fa:dc:08:9a:7e:85:92:fd:05:49:56:c3:b0:ce:
                    40:10:c9:ca:17:66:d6:8b:52:64:b7:c3:d5:85:c3:
                    d6:be:2a:f2:93:3e:19:f5:c0:64:a4:35:da:fd:c5:
                    32:58:7a:0b:48:fd:ad:46:cf:17:65:07:43:99:80:
                    bf:35:3e:3a:29:77:6a:1e:ee:79:c1:0f:d8:4a:f1:
                    50:92:dd:d8:b4:69:63:4b:ba:7c:5d:62:7c:a9:09:
                    b8:4d:5a:34:30:64:a8:28:c2:03:61:d4:72:98:a4:
                    b6:36:99:a1:d8:24:13:bf:16:24:12:4c:a1:2b:67:
                    d9:af:6a:fe:86:b4:0b:a6:af:a0:6c:a2:2b:0f:97:
                    4a:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:A3:70:FB:E0:4F:05:E7:D8:CF:DC:7F:56:A0:5E:82:5F:56:3E:B6
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/1-aNw--BPBefYz9x_VqBegl9WPrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.58.200.0/24
                  87.58.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:d4:0a:5e:a0:41:02:ec:54:6a:04:52:ca:48:9c:4e:64:f1:
         ff:60:ec:b3:88:ee:bb:ed:92:8f:c9:2f:9e:1e:d8:d5:a7:74:
         6f:6b:86:13:c4:bd:0e:3d:ac:57:28:80:3b:cd:05:1d:31:3e:
         cc:fd:24:28:84:2e:c6:82:26:2e:14:ef:13:86:18:e0:d8:0a:
         43:31:7d:89:00:a9:74:b1:16:e9:f6:30:9c:59:24:ad:c9:ac:
         bf:f4:7e:64:58:0f:57:cd:cc:47:c8:54:fc:31:a1:96:2e:2e:
         75:60:dd:d7:dd:01:17:59:61:cd:8c:77:ba:e3:84:8a:dc:6c:
         5f:86:93:c1:1d:2e:ef:a1:c3:54:c2:97:41:95:b0:57:dd:ae:
         34:af:12:92:c5:5d:3b:53:f7:21:e7:7a:8f:15:36:c2:de:03:
         80:c2:d1:9a:a5:ce:2b:9c:52:06:9d:13:5a:df:13:92:cc:bb:
         c5:b4:2e:56:04:62:d4:41:9e:26:90:e5:69:66:2f:03:7f:6e:
         10:1b:40:fb:19:67:2d:2a:5a:5e:72:97:e0:e5:4d:df:30:cf:
         83:ab:dc:6d:8c:30:e3:a6:64:00:00:36:3e:d8:a4:ba:a7:cf:
         fa:54:e1:de:97:39:f6:f5:b8:d2:f7:25:45:17:f2:d2:ab:ac:
         ee:2c:94:a6
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ5ZfX1n7FPnqSWn9E7t4iaIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNTI0MTAxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWEzNzBmYmUwNGYwNWU3ZDhjZmRjN2Y1NmEwNWU4MjVmNTYzZWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkwu2gZuXdlhhXfxu7qlAAPtKdyEn
Aala+zyJGTsA19q+owTJO0i0IPlpfzetfC8HsJIprTv1RPrmaM8SMqgP7HTrNVFN
YgioDJBQ+X6vKyo49KwxsTZU7zvNWN2ngikMI4S3BZ2G2jiqdeUfRh7yvCnLoC96
+8i8+twImn6Fkv0FSVbDsM5AEMnKF2bWi1Jkt8PVhcPWvirykz4Z9cBkpDXa/cUy
WHoLSP2tRs8XZQdDmYC/NT46KXdqHu55wQ/YSvFQkt3YtGljS7p8XWJ8qQm4TVo0
MGSoKMIDYdRymKS2Npmh2CQTvxYkEkyhK2fZr2r+hrQLpq+gbKIrD5dKTQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPmjcPvgTwXn2M/cf1agXoJfVj62MB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvMS1hTnctLUJQQmVmWXo5eF9WcUJlZ2w5V1ByWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmIvNDc0ZjI3LWIyODYtNDZmMC1hZTQ1LTEzMmZmYzhiZGU0
Ni8xL0RUVllWR29zVkx2WUVxR1NLS3FZNEhqVHFtZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFc6yAME
AFc6yzANBgkqhkiG9w0BAQsFAAOCAQEAftQKXqBBAuxUagRSykicTmTx/2Dss4ju
u+2Sj8kvnh7Y1ad0b2uGE8S9Dj2sVyiAO80FHTE+zP0kKIQuxoImLhTvE4YY4NgK
QzF9iQCpdLEW6fYwnFkkrcmsv/R+ZFgPV83MR8hU/DGhli4udWDd190BF1lhzYx3
uuOEitxsX4aTwR0u76HDVMKXQZWwV92uNK8SksVdO1P3Ied6jxU2wt4DgMLRmqXO
K5xSBp0TWt8Tksy7xbQuVgRi1EGeJpDlaWYvA39uEBtA+xlnLSpaXnKX4OVN3zDP
g6vcbYww46ZkAAA2PtikuqfP+lTh3pc59vW40vclRRfy0qus7iyUpg==
-----END CERTIFICATE-----