Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/9kC5WOY8gVEppeE_kgW9vbhM240.roa
File:                     9kC5WOY8gVEppeE_kgW9vbhM240.roa (raw, json)
Hash identifier:          eLSfhkQL1dzcorjW6043NIUfpliG0mdUK+hkZnMkCTE=
Subject key identifier:   F6:40:B9:58:E6:3C:81:51:29:A5:E1:3F:92:05:BD:BD:B8:4C:DB:8D
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019EEEEA517BE60E5B91F16998CB760DCB05
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/9kC5WOY8gVEppeE_kgW9vbhM240.roa
Signing time:             Mon 22 Jun 2026 10:39:54 +0000
ROA not before:           Mon 22 Jun 2026 10:39:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24875
IP address blocks:        87.58.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 14:31:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ee:ea:51:7b:e6:0e:5b:91:f1:69:98:cb:76:0d:cb:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Jun 22 10:39:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f640b958e63c815129a5e13f9205bdbdb84cdb8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:34:6e:3b:8a:64:17:43:b3:fd:06:ae:77:6e:
                    60:f9:ef:e7:a0:a7:c0:c7:20:a2:7c:61:a4:43:08:
                    ed:d6:e1:f0:1e:af:c4:56:a8:22:b7:e2:c8:27:2b:
                    29:39:bb:9d:ae:46:85:08:59:76:68:eb:65:b7:f8:
                    22:d1:90:8a:cd:79:ed:3d:ea:33:ad:ad:d6:c5:3f:
                    1b:18:d8:f7:c3:2d:4e:e6:b6:b7:fb:48:d3:40:df:
                    1a:bb:e4:d7:be:6e:e9:ed:7f:11:c0:bf:fd:0e:af:
                    67:c7:c0:db:1b:68:1f:0f:e4:bf:41:22:c6:91:88:
                    42:a1:46:3f:9f:f9:37:01:72:e9:06:c5:c1:a8:13:
                    24:88:88:f7:bc:b7:14:c9:f7:84:35:69:62:d5:9d:
                    52:39:1d:bf:6b:d4:e1:84:79:b7:64:32:cc:c0:ee:
                    8e:28:2b:da:4e:4a:6e:e9:ca:16:a2:31:95:26:fb:
                    a2:e9:69:b5:1b:d7:1f:ad:c6:da:94:64:99:5c:af:
                    a9:17:a0:68:24:7f:34:46:99:64:05:34:12:76:4c:
                    c1:e5:7c:93:45:95:d1:42:1f:c9:e1:7f:97:9b:54:
                    00:13:4e:8e:5f:f6:54:4f:04:0f:f3:5a:82:aa:4f:
                    d8:a0:b3:f5:34:00:e4:0f:6d:f0:b2:10:44:89:85:
                    d6:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:40:B9:58:E6:3C:81:51:29:A5:E1:3F:92:05:BD:BD:B8:4C:DB:8D
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/9kC5WOY8gVEppeE_kgW9vbhM240.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.58.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:2c:27:0c:eb:43:d0:59:2d:8b:60:05:83:42:dd:79:cc:58:
         d6:aa:60:68:29:7b:64:a9:84:21:16:e4:d6:a3:2e:52:f2:46:
         7f:2c:eb:8a:e5:4f:b8:ad:65:0a:57:38:a7:59:43:c3:0e:bd:
         a2:67:66:e2:cc:e8:2f:d5:ef:ee:91:fe:b8:d5:9b:62:47:29:
         8a:8b:87:f5:8a:a6:46:8b:b0:b2:d5:56:ce:23:0f:51:1d:49:
         a3:cc:d7:80:a0:e1:bf:63:28:39:4a:99:27:21:88:09:ea:55:
         20:af:8d:e9:49:f5:aa:82:35:fe:79:91:c2:b3:74:ee:ef:92:
         b8:f2:2f:0c:47:52:59:76:ea:79:fd:c5:83:46:eb:37:4f:97:
         56:0c:0f:a0:2c:ed:60:06:28:f2:cd:37:43:64:ea:7e:c7:8c:
         08:db:1a:99:2c:34:50:b1:92:a6:a6:18:36:e8:7c:19:f1:e4:
         43:7e:02:ee:09:5e:5e:65:15:3b:95:3e:de:cf:14:d7:18:86:
         8c:d5:89:3d:af:dd:2c:f8:cb:45:5c:84:7e:5f:27:3a:fd:08:
         08:31:5e:38:23:cd:a1:58:be:1c:0f:72:41:ad:59:36:de:6a:
         5a:59:63:9a:9d:e9:8a:d8:44:fc:7f:a1:a8:4a:5e:ac:fd:b5:
         73:5a:ea:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7u6lF75g5bkfFpmMt2DcsFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNjIyMTAzOTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjQwYjk1OGU2M2M4MTUxMjlhNWUxM2Y5MjA1YmRiZGI4NGNkYjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTRuO4pkF0Oz/Qaud25g+e/noKfA
xyCifGGkQwjt1uHwHq/EVqgit+LIJyspObudrkaFCFl2aOtlt/gi0ZCKzXntPeoz
ra3WxT8bGNj3wy1O5ra3+0jTQN8au+TXvm7p7X8RwL/9Dq9nx8DbG2gfD+S/QSLG
kYhCoUY/n/k3AXLpBsXBqBMkiIj3vLcUyfeENWli1Z1SOR2/a9ThhHm3ZDLMwO6O
KCvaTkpu6coWojGVJvui6Wm1G9cfrcbalGSZXK+pF6BoJH80RplkBTQSdkzB5XyT
RZXRQh/J4X+Xm1QAE06OX/ZUTwQP81qCqk/YoLP1NADkD23wshBEiYXWRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPZAuVjmPIFRKaXhP5IFvb24TNuNMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvOWtDNVdPWThnVkVwcGVFX2tnVzl2YmhNMjQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVzraMA0G
CSqGSIb3DQEBCwUAA4IBAQAXLCcM60PQWS2LYAWDQt15zFjWqmBoKXtkqYQhFuTW
oy5S8kZ/LOuK5U+4rWUKVzinWUPDDr2iZ2bizOgv1e/ukf641ZtiRymKi4f1iqZG
i7Cy1VbOIw9RHUmjzNeAoOG/Yyg5SpknIYgJ6lUgr43pSfWqgjX+eZHCs3Tu75K4
8i8MR1JZdup5/cWDRus3T5dWDA+gLO1gBijyzTdDZOp+x4wI2xqZLDRQsZKmphg2
6HwZ8eRDfgLuCV5eZRU7lT7ezxTXGIaM1Yk9r90s+MtFXIR+Xyc6/QgIMV44I82h
WL4cD3JBrVk23mpaWWOanemK2ET8f6GoSl6s/bVzWuos
-----END CERTIFICATE-----