Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/7iVWh5vmBrPXrnwziTGtttQvX1w.roa
File:                     7iVWh5vmBrPXrnwziTGtttQvX1w.roa (raw, json)
Hash identifier:          ZB+gXha4H4R2Z+n9AGpyFPHeeTZubKjIH2V6VDeWt7w=
Subject key identifier:   EE:25:56:87:9B:E6:06:B3:D7:AE:7C:33:89:31:AD:B6:D4:2F:5F:5C
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019E690CCD1A5683A4A142B7D09E14219EF8
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/7iVWh5vmBrPXrnwziTGtttQvX1w.roa
Signing time:             Wed 27 May 2026 10:48:27 +0000
ROA not before:           Wed 27 May 2026 10:48:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209378
IP address blocks:        87.58.204.0/24 maxlen: 24
                          87.58.213.0/24 maxlen: 24
                          150.251.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:69:0c:cd:1a:56:83:a4:a1:42:b7:d0:9e:14:21:9e:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: May 27 10:48:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ee2556879be606b3d7ae7c338931adb6d42f5f5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:72:b9:b2:26:3b:70:f1:d8:21:67:b6:2a:14:
                    12:1e:06:cd:47:bf:c6:23:17:90:2b:0d:0b:d2:f5:
                    5d:6d:f0:29:04:6e:0e:c4:f4:06:a1:28:9a:4e:7d:
                    fa:a0:de:93:1f:3f:9f:1d:be:f0:35:fb:e7:af:7d:
                    22:ce:2b:03:67:ea:44:95:2e:6b:61:35:34:8c:11:
                    01:a2:83:eb:be:a4:03:39:05:d7:3d:6b:95:a6:8a:
                    79:27:86:dd:35:b5:d8:f8:38:f5:da:39:bf:f3:1d:
                    a6:e2:53:c8:89:74:37:da:5a:7e:5c:99:8c:cd:1a:
                    99:ff:bd:cd:8d:d7:ec:d9:64:98:c7:55:31:34:37:
                    9d:37:4f:b7:9c:37:6c:27:5a:ac:82:66:bd:77:04:
                    81:dd:d3:22:d3:15:78:76:53:38:03:6c:a3:da:a8:
                    65:86:5f:f8:c5:48:e6:2a:11:6d:c0:a6:85:d0:86:
                    d8:c6:c7:a7:d4:41:56:26:68:6f:64:20:9b:37:13:
                    31:08:54:a4:1f:ab:2d:25:de:bd:40:29:17:b5:33:
                    4b:48:5e:68:93:6b:2e:00:9c:55:fd:ed:a2:30:b9:
                    3a:bf:7b:f3:dd:35:4b:f0:60:8f:0d:78:3a:2f:c9:
                    11:3a:2c:e3:bb:9d:fa:02:5b:b2:82:42:ce:88:ce:
                    47:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:25:56:87:9B:E6:06:B3:D7:AE:7C:33:89:31:AD:B6:D4:2F:5F:5C
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/7iVWh5vmBrPXrnwziTGtttQvX1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.58.204.0/24
                  87.58.213.0/24
                  150.251.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:a2:82:64:82:4f:56:8e:b7:53:09:38:fe:48:9c:9e:7b:50:
         18:34:32:0f:fb:9d:ba:f3:ec:12:31:a1:ff:68:3d:d1:87:30:
         8b:4e:b3:da:fd:cc:5d:b2:4d:16:91:17:a2:da:d3:34:36:11:
         2b:09:9f:b5:fb:a9:ce:aa:0d:f5:6b:66:28:c6:4a:1c:3c:e4:
         db:32:e7:bf:86:b9:b2:10:c0:52:15:74:6e:a8:86:c7:a0:40:
         5d:9d:bb:94:24:ae:cf:32:c6:3c:c0:0f:0e:5c:97:c6:c5:62:
         46:5c:18:e6:fa:57:16:1c:68:ea:c5:f5:df:f9:e8:6b:6e:6a:
         75:12:71:69:1f:f4:ae:11:e1:eb:b7:65:de:6e:ed:cb:ac:a6:
         ed:45:9a:bd:8d:2f:ea:e7:6d:57:54:02:3b:30:39:d2:4a:d8:
         6d:86:19:92:84:f2:d9:8f:7f:f6:e6:84:62:83:3f:ed:6c:92:
         22:c7:70:12:00:0f:19:fa:e7:3d:51:dc:98:c1:53:e2:7b:da:
         27:ae:b2:19:c7:1c:dc:d4:28:a1:c2:7b:ce:f4:3a:79:4e:73:
         cf:40:33:79:45:45:60:fb:72:25:3f:a0:8c:f3:3e:16:32:19:
         fb:c0:e3:12:8d:6e:33:5b:9d:76:de:df:44:4e:29:ec:43:4d:
         35:9e:53:17
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5pDM0aVoOkoUK30J4UIZ74MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNTI3MTA0ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTI1NTY4NzliZTYwNmIzZDdhZTdjMzM4OTMxYWRiNmQ0MmY1ZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXK5siY7cPHYIWe2KhQSHgbNR7/G
IxeQKw0L0vVdbfApBG4OxPQGoSiaTn36oN6THz+fHb7wNfvnr30izisDZ+pElS5r
YTU0jBEBooPrvqQDOQXXPWuVpop5J4bdNbXY+Dj12jm/8x2m4lPIiXQ32lp+XJmM
zRqZ/73Njdfs2WSYx1UxNDedN0+3nDdsJ1qsgma9dwSB3dMi0xV4dlM4A2yj2qhl
hl/4xUjmKhFtwKaF0IbYxsen1EFWJmhvZCCbNxMxCFSkH6stJd69QCkXtTNLSF5o
k2suAJxV/e2iMLk6v3vz3TVL8GCPDXg6L8kROizju536AluygkLOiM5H3QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO4lVoeb5gaz1658M4kxrbbUL19cMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvN2lWV2g1dm1CclBYcm53emlUR3R0dFF2WDF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVzrMAwQA
VzrVAwQAlvuYMA0GCSqGSIb3DQEBCwUAA4IBAQBXooJkgk9WjrdTCTj+SJyee1AY
NDIP+5268+wSMaH/aD3RhzCLTrPa/cxdsk0WkRei2tM0NhErCZ+1+6nOqg31a2Yo
xkocPOTbMue/hrmyEMBSFXRuqIbHoEBdnbuUJK7PMsY8wA8OXJfGxWJGXBjm+lcW
HGjqxfXf+ehrbmp1EnFpH/SuEeHrt2Xebu3LrKbtRZq9jS/q521XVAI7MDnSStht
hhmShPLZj3/25oRigz/tbJIix3ASAA8Z+uc9UdyYwVPie9onrrIZxxzc1CihwnvO
9Dp5TnPPQDN5RUVg+3IlP6CM8z4WMhn7wOMSjW4zW5123t9ETinsQ001nlMX
-----END CERTIFICATE-----