Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/FZNE6gH-Eial1vHSSnD_SEEDaM4.roa
File:                     FZNE6gH-Eial1vHSSnD_SEEDaM4.roa (raw, json)
Hash identifier:          Z30K30MFnD/ExFZnandEtl0ZwmydXu+7Ir/LijyUzNE=
Subject key identifier:   15:93:44:EA:01:FE:12:26:A5:D6:F1:D2:4A:70:FF:48:41:03:68:CE
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019ECBC7F975C6CD0D3C2F229CBF202BF762
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/FZNE6gH-Eial1vHSSnD_SEEDaM4.roa
Signing time:             Mon 15 Jun 2026 14:55:40 +0000
ROA not before:           Mon 15 Jun 2026 14:55:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219436
IP address blocks:        87.58.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 23:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cb:c7:f9:75:c6:cd:0d:3c:2f:22:9c:bf:20:2b:f7:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Jun 15 14:55:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=159344ea01fe1226a5d6f1d24a70ff48410368ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:26:e5:0e:f8:12:f5:db:57:0a:fb:fe:e2:73:
                    2a:3e:18:40:87:97:99:34:51:5b:9b:07:93:e2:11:
                    ca:91:ea:70:3e:82:54:40:6b:44:45:d6:45:ac:c8:
                    eb:56:30:59:f2:ed:88:9b:54:15:07:ee:83:b2:6f:
                    33:ae:ba:25:90:17:87:ac:06:26:ee:9a:aa:57:0f:
                    4d:a4:d6:38:78:86:f4:86:99:48:fe:fe:29:3d:ce:
                    46:72:ad:ad:f3:09:36:56:10:ad:e4:18:a7:1e:53:
                    ae:6d:0c:7b:bf:c1:41:39:1e:17:a5:1b:2b:35:c9:
                    a9:fb:0f:ec:f5:59:a9:8c:1b:fe:d7:94:41:b7:d7:
                    3f:c9:29:0d:2f:2b:ff:78:a3:95:8b:3d:52:e2:6c:
                    6a:5c:4f:3a:c8:92:9c:ca:38:0e:e3:39:bd:05:bb:
                    79:ca:e4:2f:31:eb:83:75:5e:59:70:d4:6c:e4:1c:
                    20:8c:6c:8f:bc:19:d8:17:ae:4c:20:8f:50:65:5e:
                    f0:a1:79:cd:1a:21:33:ff:bc:0b:3c:64:1d:68:02:
                    40:97:1b:64:b9:b1:92:84:9b:e0:0c:7f:ae:ae:8c:
                    01:12:9c:89:bb:c2:46:22:4f:42:24:9c:e5:2e:32:
                    7c:52:cf:48:e7:fa:4b:a1:c4:f4:ff:41:2f:4b:7b:
                    47:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:93:44:EA:01:FE:12:26:A5:D6:F1:D2:4A:70:FF:48:41:03:68:CE
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/FZNE6gH-Eial1vHSSnD_SEEDaM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.58.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:5d:98:e8:96:d4:91:28:5d:04:32:ee:42:65:0f:c1:fe:30:
         fb:0b:06:a9:f7:04:8f:ac:24:0b:04:89:cd:f4:7d:09:67:15:
         08:b3:f4:ea:95:63:40:7b:a3:96:9d:e1:8f:e9:c4:9b:8a:08:
         db:e2:10:f3:bb:2b:0b:57:40:4b:01:b1:88:f5:4a:27:1a:a5:
         b5:2d:d0:01:7e:8a:73:a6:95:cf:1b:aa:2a:17:51:d3:40:18:
         20:fc:84:76:d7:7b:57:a4:ec:bc:94:66:54:42:47:9e:ec:4d:
         83:bc:e0:6f:97:e8:6d:17:58:8f:76:39:e1:b7:fa:49:70:f3:
         67:86:5c:61:74:69:7d:02:ed:a4:34:d0:0a:a0:ae:e7:f5:45:
         73:c5:ad:6d:64:e8:1a:dd:c4:54:7b:35:63:d8:65:00:bd:54:
         4f:c6:59:76:48:70:88:1a:3a:f5:e3:91:1e:19:ab:cd:28:05:
         73:38:34:4e:42:18:0d:2d:2a:91:b7:93:27:18:ec:70:85:bc:
         ed:e3:5f:86:8c:6b:5c:6a:9c:3a:c2:5a:0e:c5:df:83:7e:50:
         26:71:d8:6a:6e:15:73:8d:d2:d0:2b:ab:c5:4f:53:fa:60:95:
         37:7d:39:f8:7f:44:be:9b:4a:44:8e:aa:be:88:ac:03:ef:a9:
         0d:73:90:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7Lx/l1xs0NPC8inL8gK/diMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNjE1MTQ1NTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTkzNDRlYTAxZmUxMjI2YTVkNmYxZDI0YTcwZmY0ODQxMDM2OGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyblDvgS9dtXCvv+4nMqPhhAh5eZ
NFFbmweT4hHKkepwPoJUQGtERdZFrMjrVjBZ8u2Im1QVB+6Dsm8zrrolkBeHrAYm
7pqqVw9NpNY4eIb0hplI/v4pPc5Gcq2t8wk2VhCt5BinHlOubQx7v8FBOR4XpRsr
Ncmp+w/s9VmpjBv+15RBt9c/ySkNLyv/eKOViz1S4mxqXE86yJKcyjgO4zm9Bbt5
yuQvMeuDdV5ZcNRs5BwgjGyPvBnYF65MII9QZV7woXnNGiEz/7wLPGQdaAJAlxtk
ubGShJvgDH+urowBEpyJu8JGIk9CJJzlLjJ8Us9I5/pLocT0/0EvS3tH7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBWTROoB/hImpdbx0kpw/0hBA2jOMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvRlpORTZnSC1FaWFsMXZIU1NuRF9TRUVEYU00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVzrAMA0G
CSqGSIb3DQEBCwUAA4IBAQBBXZjoltSRKF0EMu5CZQ/B/jD7Cwap9wSPrCQLBInN
9H0JZxUIs/TqlWNAe6OWneGP6cSbigjb4hDzuysLV0BLAbGI9UonGqW1LdABfopz
ppXPG6oqF1HTQBgg/IR213tXpOy8lGZUQkee7E2DvOBvl+htF1iPdjnht/pJcPNn
hlxhdGl9Au2kNNAKoK7n9UVzxa1tZOga3cRUezVj2GUAvVRPxll2SHCIGjr145Ee
GavNKAVzODROQhgNLSqRt5MnGOxwhbzt41+GjGtcapw6wloOxd+DflAmcdhqbhVz
jdLQK6vFT1P6YJU3fTn4f0S+m0pEjqq+iKwD76kNc5Df
-----END CERTIFICATE-----