Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/EH8p4p3fwg3WW9OCaQ9xT8TYNjA.roa
File:                     EH8p4p3fwg3WW9OCaQ9xT8TYNjA.roa (raw, json)
Hash identifier:          RPoCG4EsWnvY8rPBtDJkO1F4UtO/2AK4wHg8MZqKXWY=
Subject key identifier:   10:7F:29:E2:9D:DF:C2:0D:D6:5B:D3:82:69:0F:71:4F:C4:D8:36:30
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019E6A90FC133C4C4C5E4C6978C480F389B0
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/EH8p4p3fwg3WW9OCaQ9xT8TYNjA.roa
Signing time:             Wed 27 May 2026 17:52:27 +0000
ROA not before:           Wed 27 May 2026 17:52:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49581
IP address blocks:        87.58.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6a:90:fc:13:3c:4c:4c:5e:4c:69:78:c4:80:f3:89:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: May 27 17:52:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=107f29e29ddfc20dd65bd382690f714fc4d83630
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c6:2d:98:c9:c6:99:60:ba:96:6b:20:b5:45:
                    20:77:50:5a:35:c0:41:1b:6b:b4:53:03:17:5a:f4:
                    85:c6:9e:c4:94:40:5e:36:3d:b7:b6:c4:bb:a2:d4:
                    f4:d2:69:a9:cc:8a:20:0c:65:d1:69:cf:ba:94:69:
                    27:5a:98:87:8c:cc:a6:19:c3:3d:98:bb:44:5e:8b:
                    d8:4a:48:67:00:4a:2b:bc:44:b7:39:76:5f:34:e7:
                    36:84:6b:96:1f:c3:53:0f:88:f8:13:b4:8b:d5:5a:
                    d0:2e:79:c2:24:e4:ba:2c:15:ba:5a:6c:28:32:29:
                    87:67:04:ec:9e:eb:92:cb:d3:f4:54:02:74:04:22:
                    72:4d:dd:53:67:89:65:cc:ce:16:a8:1a:06:df:b4:
                    b4:b2:cb:0a:c1:a3:c5:fe:35:27:b5:6c:ec:dc:7b:
                    27:fb:fa:56:99:8c:76:13:47:d1:61:a7:37:24:ee:
                    d7:59:d6:80:23:4d:cb:2a:ec:28:06:26:eb:2a:e7:
                    ba:db:e4:7e:14:9b:98:8b:d7:7f:13:b8:60:37:4c:
                    66:e2:35:ff:e3:1f:6e:7b:c4:db:1d:5d:9c:db:1a:
                    05:ee:48:db:cb:03:69:fd:fe:cd:f4:b2:76:a3:8d:
                    63:89:39:59:80:49:c9:f7:54:52:9b:c0:c9:49:8b:
                    59:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:7F:29:E2:9D:DF:C2:0D:D6:5B:D3:82:69:0F:71:4F:C4:D8:36:30
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/EH8p4p3fwg3WW9OCaQ9xT8TYNjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.58.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:e3:f9:3e:46:c2:93:0c:f1:5e:90:6d:12:56:d8:c2:41:c4:
         2f:2d:46:a9:1b:c8:75:d6:fe:6d:7f:76:fc:13:16:40:c1:30:
         d8:8a:c0:14:91:00:04:f0:cb:92:ad:cb:4e:28:46:ff:ff:fc:
         5b:a4:fe:7d:6f:ee:aa:44:fb:82:d4:19:e6:b8:e6:1d:2f:89:
         45:a0:65:c5:c8:c4:b5:42:ba:eb:3d:72:9b:ca:7b:bb:0b:d5:
         ce:81:47:06:3e:8b:1c:46:5a:26:39:df:7f:2a:f9:bd:b2:9b:
         b8:35:3b:2d:f9:e3:41:97:4a:06:f4:d6:15:fc:30:3e:0b:15:
         5a:f2:c6:ca:12:32:aa:7a:b6:96:17:a9:6d:40:66:37:0a:c2:
         2c:66:26:2f:2c:fb:50:8f:60:85:6a:c3:9e:12:8d:ca:d5:54:
         b0:3c:9e:5e:dc:ae:03:54:cc:48:e3:5c:27:74:c9:cb:2d:1c:
         92:7d:27:ba:1b:29:e5:bc:52:92:1d:5b:40:19:44:5d:99:32:
         d2:9b:cf:29:27:74:cd:e4:94:14:14:a4:42:11:3d:64:fc:0b:
         57:04:d5:01:aa:d7:55:81:eb:f9:9e:24:d7:c2:9b:1f:35:19:
         15:64:5e:dc:b1:b3:21:dc:e9:c4:a5:e1:2e:bd:e9:1d:f3:bf:
         64:d2:9b:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5qkPwTPExMXkxpeMSA84mwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNTI3MTc1MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDdmMjllMjlkZGZjMjBkZDY1YmQzODI2OTBmNzE0ZmM0ZDgzNjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcYtmMnGmWC6lmsgtUUgd1BaNcBB
G2u0UwMXWvSFxp7ElEBeNj23tsS7otT00mmpzIogDGXRac+6lGknWpiHjMymGcM9
mLtEXovYSkhnAEorvES3OXZfNOc2hGuWH8NTD4j4E7SL1VrQLnnCJOS6LBW6Wmwo
MimHZwTsnuuSy9P0VAJ0BCJyTd1TZ4llzM4WqBoG37S0sssKwaPF/jUntWzs3Hsn
+/pWmYx2E0fRYac3JO7XWdaAI03LKuwoBibrKue62+R+FJuYi9d/E7hgN0xm4jX/
4x9ue8TbHV2c2xoF7kjbywNp/f7N9LJ2o41jiTlZgEnJ91RSm8DJSYtZrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBB/KeKd38IN1lvTgmkPcU/E2DYwMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvRUg4cDRwM2Z3ZzNXVzlPQ2FROXhUOFRZTmpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVzrNMA0G
CSqGSIb3DQEBCwUAA4IBAQCM4/k+RsKTDPFekG0SVtjCQcQvLUapG8h11v5tf3b8
ExZAwTDYisAUkQAE8MuSrctOKEb///xbpP59b+6qRPuC1BnmuOYdL4lFoGXFyMS1
QrrrPXKbynu7C9XOgUcGPoscRlomOd9/Kvm9spu4NTst+eNBl0oG9NYV/DA+CxVa
8sbKEjKqeraWF6ltQGY3CsIsZiYvLPtQj2CFasOeEo3K1VSwPJ5e3K4DVMxI41wn
dMnLLRySfSe6GynlvFKSHVtAGURdmTLSm88pJ3TN5JQUFKRCET1k/AtXBNUBqtdV
gev5niTXwpsfNRkVZF7csbMh3OnEpeEuvekd879k0puh
-----END CERTIFICATE-----