Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/eN-FzWaTEfFX6szAh3r4as87wcY.roa
File:                     eN-FzWaTEfFX6szAh3r4as87wcY.roa (raw, json)
Hash identifier:          /qp1L5fhV4fx1s1XwCH7pG/Lbz/9mbJFcbn+LC/GT2I=
Subject key identifier:   78:DF:85:CD:66:93:11:F1:57:EA:CC:C0:87:7A:F8:6A:CF:3B:C1:C6
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019E69A95B1DB560402F3B24E535865C7E39
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/eN-FzWaTEfFX6szAh3r4as87wcY.roa
Signing time:             Wed 27 May 2026 13:39:27 +0000
ROA not before:           Wed 27 May 2026 13:39:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        87.58.196.0/24 maxlen: 24
                          87.58.207.0/24 maxlen: 24
                          150.251.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:69:a9:5b:1d:b5:60:40:2f:3b:24:e5:35:86:5c:7e:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: May 27 13:39:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=78df85cd669311f157eaccc0877af86acf3bc1c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:be:4b:1a:0c:9e:c6:e5:98:19:ae:7d:c3:b7:
                    1a:a5:aa:b5:34:71:92:43:63:b6:01:c0:9f:6f:fc:
                    70:3b:62:e3:33:33:8e:93:62:8f:c0:b8:64:7b:b9:
                    d4:70:79:cd:6d:52:cc:88:ea:10:37:2a:1f:e2:a1:
                    4a:5d:4b:b7:f5:eb:24:52:ec:38:35:07:b3:72:7e:
                    18:9e:5b:cb:48:6f:47:83:4e:65:78:10:5c:0f:db:
                    51:08:3c:48:b4:eb:aa:b0:02:26:30:40:ed:62:0c:
                    ee:9c:12:ec:be:cd:f3:d3:cb:d0:07:a3:e4:07:24:
                    21:10:bd:d4:13:99:15:f3:f0:fd:d7:c5:13:3d:5e:
                    41:4b:4a:66:81:90:45:8c:30:e3:50:6b:24:09:b6:
                    c3:da:47:45:52:e1:8f:79:3f:44:ce:77:5e:1f:a2:
                    b3:43:11:7c:cf:67:35:42:09:d5:dc:b9:db:76:31:
                    f6:bb:0b:be:62:62:df:fe:b5:97:3e:23:39:15:ee:
                    9d:ab:d3:23:1a:d6:84:d7:47:47:e8:07:ae:ce:f2:
                    a9:cf:0e:40:14:f9:4a:b1:d6:81:8c:07:2a:5c:c7:
                    64:12:db:d7:c3:b8:f2:e2:fc:21:a6:9e:be:bf:ed:
                    5b:f5:35:7c:1b:86:39:6a:cc:1d:82:d3:37:da:4a:
                    30:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:DF:85:CD:66:93:11:F1:57:EA:CC:C0:87:7A:F8:6A:CF:3B:C1:C6
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/eN-FzWaTEfFX6szAh3r4as87wcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.58.196.0/24
                  87.58.207.0/24
                  150.251.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:ac:d7:cb:e6:66:a7:9e:88:d8:73:17:98:b5:57:e6:c2:e4:
         f3:61:2a:61:e6:76:b4:7f:62:06:b2:82:85:29:39:90:b3:6a:
         86:e5:72:b7:cc:d8:5f:73:65:93:3d:fb:2a:24:25:19:ba:42:
         b8:0e:c6:87:05:2f:44:a2:dc:b8:29:4a:ee:5e:1e:9b:c2:e6:
         0b:ce:7d:d1:f9:de:c9:f2:b3:a6:9c:44:90:fc:aa:1e:54:d4:
         1d:eb:a0:4f:f1:2d:3e:5c:a9:64:83:96:97:c4:a3:8c:04:cf:
         a8:3f:a0:3c:eb:fa:7c:c6:d3:62:89:53:35:f3:6c:89:7e:2d:
         94:f5:7a:91:92:07:49:32:d8:bf:3c:e3:2e:8c:38:1d:32:ee:
         8f:ca:9a:00:ae:59:d4:4b:0f:37:33:81:bd:7b:20:87:d3:c8:
         a0:28:65:1b:a6:f6:a2:3c:cf:5f:06:a8:b4:db:5d:71:7b:a6:
         2b:ac:1e:51:e3:88:56:a1:d8:46:9b:e8:81:d7:a2:d6:41:5c:
         c1:30:c6:b2:84:c6:02:fd:c8:c7:12:6c:19:5c:42:ab:ce:d6:
         d3:74:8d:57:e4:36:92:4e:86:9b:0d:c9:ea:d1:2a:3a:52:af:
         cc:66:6f:41:cf:a8:58:b7:c1:72:c0:19:14:0c:61:1a:b3:71:
         de:b8:4b:54
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5pqVsdtWBALzsk5TWGXH45MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNTI3MTMzOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGRmODVjZDY2OTMxMWYxNTdlYWNjYzA4NzdhZjg2YWNmM2JjMWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzL5LGgyexuWYGa59w7capaq1NHGS
Q2O2AcCfb/xwO2LjMzOOk2KPwLhke7nUcHnNbVLMiOoQNyof4qFKXUu39eskUuw4
NQezcn4YnlvLSG9Hg05leBBcD9tRCDxItOuqsAImMEDtYgzunBLsvs3z08vQB6Pk
ByQhEL3UE5kV8/D918UTPV5BS0pmgZBFjDDjUGskCbbD2kdFUuGPeT9EzndeH6Kz
QxF8z2c1QgnV3LnbdjH2uwu+YmLf/rWXPiM5Fe6dq9MjGtaE10dH6AeuzvKpzw5A
FPlKsdaBjAcqXMdkEtvXw7jy4vwhpp6+v+1b9TV8G4Y5aswdgtM32kowLwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHjfhc1mkxHxV+rMwId6+GrPO8HGMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvZU4tRnpXYVRFZkZYNnN6QWgzcjRhczg3d2NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVzrEAwQA
VzrPAwQAlvuVMA0GCSqGSIb3DQEBCwUAA4IBAQAZrNfL5mannojYcxeYtVfmwuTz
YSph5na0f2IGsoKFKTmQs2qG5XK3zNhfc2WTPfsqJCUZukK4DsaHBS9Eoty4KUru
Xh6bwuYLzn3R+d7J8rOmnESQ/KoeVNQd66BP8S0+XKlkg5aXxKOMBM+oP6A86/p8
xtNiiVM182yJfi2U9XqRkgdJMti/POMujDgdMu6PypoArlnUSw83M4G9eyCH08ig
KGUbpvaiPM9fBqi0211xe6YrrB5R44hWodhGm+iB16LWQVzBMMayhMYC/cjHEmwZ
XEKrztbTdI1X5DaSToabDcnq0So6Uq/MZm9Bz6hYt8FywBkUDGEas3HeuEtU
-----END CERTIFICATE-----