Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/OGFZLnnBqhhA-W9oyT3UjmNPGbk.roa
File:                     OGFZLnnBqhhA-W9oyT3UjmNPGbk.roa (raw, json)
Hash identifier:          wBdtoIrvzTV/NKlVCm7+KUsSVaoeWBDCNdLJwiDIjlo=
Subject key identifier:   38:61:59:2E:79:C1:AA:18:40:F9:6F:68:C9:3D:D4:8E:63:4F:19:B9
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019E4A9767015D310EF002EADFB26A8AFF53
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/OGFZLnnBqhhA-W9oyT3UjmNPGbk.roa
Signing time:             Thu 21 May 2026 12:51:36 +0000
ROA not before:           Thu 21 May 2026 12:51:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198478
IP address blocks:        87.58.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4a:97:67:01:5d:31:0e:f0:02:ea:df:b2:6a:8a:ff:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: May 21 12:51:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3861592e79c1aa1840f96f68c93dd48e634f19b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:85:a0:9c:ed:ed:cf:40:05:41:1c:b1:36:24:
                    f6:6e:bb:ec:fd:67:cc:86:7e:2f:d8:79:96:96:70:
                    53:25:28:4e:5a:29:d7:e7:60:e1:4a:d8:54:f1:be:
                    d5:8d:3c:c6:9a:0a:ef:19:e1:f6:28:dd:74:29:df:
                    d5:b1:fa:8a:99:da:8f:8a:37:e6:b4:0d:1f:a6:92:
                    05:82:f4:bd:1d:f3:58:e1:3e:52:6b:09:d8:0e:a1:
                    74:1a:3f:00:16:7b:41:b5:d0:ce:33:31:62:6e:ea:
                    0b:f9:81:35:bb:b3:37:8c:19:f5:81:72:12:f9:a6:
                    04:e4:8b:1e:14:5e:ae:82:ad:d0:e6:22:f6:5d:0d:
                    5d:e3:cb:e1:24:95:6f:34:3b:47:b7:2e:c7:00:aa:
                    68:76:0f:b1:dd:d9:54:5d:01:03:62:76:53:ac:0e:
                    b9:6a:c3:62:e6:8e:48:2f:c1:73:4d:ad:ab:38:1c:
                    ee:83:f4:ca:38:bb:fa:ef:01:53:98:fa:81:d2:d0:
                    2b:08:5d:ca:4c:f0:48:29:92:dd:bf:cb:5a:fa:d1:
                    6b:17:4f:24:a4:0f:6a:4d:74:bb:b2:34:81:62:fb:
                    10:48:17:ea:d0:0a:96:8f:70:a6:db:2d:5c:5d:5c:
                    f7:28:89:7b:d2:4f:6c:27:7b:8d:e8:d3:07:12:b8:
                    52:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:61:59:2E:79:C1:AA:18:40:F9:6F:68:C9:3D:D4:8E:63:4F:19:B9
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/OGFZLnnBqhhA-W9oyT3UjmNPGbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.58.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:50:34:ec:5d:3a:df:d3:74:56:3f:26:8d:27:b5:d2:db:d5:
         29:d3:e6:3d:ad:25:3b:39:0e:25:2e:0d:db:cf:7d:63:ad:48:
         b9:72:e2:9f:1e:e0:3e:d1:cd:64:30:32:7a:38:d1:32:34:be:
         6d:35:a0:40:10:5c:40:3c:44:02:96:46:4e:5c:ab:c1:85:80:
         ec:69:ba:8b:4d:6f:50:38:3e:89:9b:77:1a:63:5c:f1:01:0c:
         d3:a3:09:06:ec:10:b3:80:42:75:02:ce:90:40:b0:f6:99:e1:
         32:5c:32:52:23:e9:70:74:94:66:77:c4:6b:32:80:30:6c:da:
         57:ce:fa:ed:45:35:66:e2:ae:2b:e4:a3:db:b5:78:cc:35:8a:
         28:b7:9e:a1:d8:c4:ef:7b:47:6f:f2:f4:0c:dd:66:75:1a:fa:
         16:fa:a2:5e:b3:eb:af:b7:76:fd:5e:c7:fb:46:8a:fa:4e:db:
         70:36:b1:db:96:56:5b:00:bc:70:23:ee:ac:60:5c:61:56:4f:
         16:0f:6f:a5:cd:c3:46:d9:3b:4b:5e:52:68:68:75:6e:42:86:
         2c:45:21:ec:10:54:e7:06:80:58:77:23:12:7e:2e:d2:ee:29:
         d1:b8:d7:fe:f6:ec:39:47:1d:42:6e:fc:df:d2:f9:3f:a6:c1:
         08:ee:19:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5Kl2cBXTEO8ALq37Jqiv9TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNTIxMTI1MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODYxNTkyZTc5YzFhYTE4NDBmOTZmNjhjOTNkZDQ4ZTYzNGYxOWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4WgnO3tz0AFQRyxNiT2brvs/WfM
hn4v2HmWlnBTJShOWinX52DhSthU8b7VjTzGmgrvGeH2KN10Kd/VsfqKmdqPijfm
tA0fppIFgvS9HfNY4T5SawnYDqF0Gj8AFntBtdDOMzFibuoL+YE1u7M3jBn1gXIS
+aYE5IseFF6ugq3Q5iL2XQ1d48vhJJVvNDtHty7HAKpodg+x3dlUXQEDYnZTrA65
asNi5o5IL8FzTa2rOBzug/TKOLv67wFTmPqB0tArCF3KTPBIKZLdv8ta+tFrF08k
pA9qTXS7sjSBYvsQSBfq0AqWj3Cm2y1cXVz3KIl70k9sJ3uN6NMHErhS9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhhWS55waoYQPlvaMk91I5jTxm5MB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvT0dGWkxubkJxaGhBLVc5b3lUM1VqbU5QR2JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVzrGMA0G
CSqGSIb3DQEBCwUAA4IBAQAmUDTsXTrf03RWPyaNJ7XS29Up0+Y9rSU7OQ4lLg3b
z31jrUi5cuKfHuA+0c1kMDJ6ONEyNL5tNaBAEFxAPEQClkZOXKvBhYDsabqLTW9Q
OD6Jm3caY1zxAQzTowkG7BCzgEJ1As6QQLD2meEyXDJSI+lwdJRmd8RrMoAwbNpX
zvrtRTVm4q4r5KPbtXjMNYoot56h2MTve0dv8vQM3WZ1GvoW+qJes+uvt3b9Xsf7
Ror6TttwNrHbllZbALxwI+6sYFxhVk8WD2+lzcNG2TtLXlJoaHVuQoYsRSHsEFTn
BoBYdyMSfi7S7inRuNf+9uw5Rx1Cbvzf0vk/psEI7hnb
-----END CERTIFICATE-----