Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/kdrB8yqA2f8pOS_Lc7XHmTHiOFw.roa
File:                     kdrB8yqA2f8pOS_Lc7XHmTHiOFw.roa (raw, json)
Hash identifier:          ZLgGrERHV7me0miy2Tw8+ncvZlYwCZ9xvGhSjVGBGFY=
Subject key identifier:   91:DA:C1:F3:2A:80:D9:FF:29:39:2F:CB:73:B5:C7:99:31:E2:38:5C
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019EB5B6BA45CFE92010F880FDA3C5E15CE7
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/kdrB8yqA2f8pOS_Lc7XHmTHiOFw.roa
Signing time:             Thu 11 Jun 2026 08:05:11 +0000
ROA not before:           Thu 11 Jun 2026 08:05:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207043
IP address blocks:        87.58.206.0/24 maxlen: 24
                          89.33.81.0/24 maxlen: 24
                          89.34.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:05:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b5:b6:ba:45:cf:e9:20:10:f8:80:fd:a3:c5:e1:5c:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Jun 11 08:05:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91dac1f32a80d9ff29392fcb73b5c79931e2385c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:4b:a3:63:cd:5c:8a:3b:f2:dc:cb:67:9f:16:
                    9e:24:b2:25:8a:98:a7:8d:3d:e7:b4:69:ac:7c:c1:
                    9c:58:27:90:36:53:c5:85:1d:17:89:04:b0:5e:f0:
                    2e:7a:30:55:f6:80:0e:ae:26:a3:19:10:d0:88:47:
                    8f:30:1d:64:75:26:46:c5:f8:f1:08:9d:da:d4:55:
                    31:08:db:44:05:af:b9:37:50:8b:66:d6:ff:b5:6e:
                    b0:db:29:92:4a:ef:73:57:1d:ee:30:69:46:63:03:
                    50:26:0f:db:92:d4:86:be:92:bb:7d:63:bd:82:d7:
                    8c:e3:d1:4e:96:48:00:38:0d:ba:ff:1a:39:0d:a0:
                    e7:9b:f2:c4:fc:3e:fe:b5:c4:d9:5b:ca:bd:94:62:
                    45:12:63:6c:1d:12:11:91:03:62:9c:5f:a8:56:53:
                    d6:ce:70:6b:38:e7:31:32:8c:94:f2:8c:25:da:64:
                    43:65:a1:c1:5a:03:8c:59:83:ad:10:11:be:2b:6d:
                    6d:4f:2e:68:95:51:54:57:76:d1:87:3b:c8:20:21:
                    af:a9:17:f4:ee:68:ba:70:50:55:69:73:3d:71:29:
                    12:bf:a8:2b:58:a5:83:6c:3f:3a:01:d5:54:39:df:
                    fe:79:4f:ae:ad:49:ab:6d:a3:7a:fb:32:29:2b:c4:
                    a9:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:DA:C1:F3:2A:80:D9:FF:29:39:2F:CB:73:B5:C7:99:31:E2:38:5C
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/kdrB8yqA2f8pOS_Lc7XHmTHiOFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.58.206.0/24
                  89.33.81.0/24
                  89.34.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:31:10:db:79:01:6e:7a:22:7c:6b:df:bb:29:03:e9:9b:e9:
         f9:c1:5d:9c:ea:8e:86:54:ee:c9:69:3d:ee:3d:ef:28:de:7a:
         4e:69:e8:f9:61:f9:62:ae:6d:4d:4f:e1:ae:b6:d9:07:b8:4c:
         70:f2:ed:71:49:ac:81:97:4e:2d:54:46:f7:69:23:94:97:c7:
         49:75:28:95:83:0f:ce:1f:7f:8c:9d:44:19:e1:f7:7b:68:cf:
         2f:1e:2c:ab:f9:2a:f2:e1:d9:f4:aa:d0:4d:bd:5d:06:34:92:
         3b:75:4d:23:13:1d:79:d0:bb:81:29:3b:5b:7c:bc:fb:5a:ae:
         3e:d7:0d:35:32:55:e1:a7:72:da:6d:90:ca:49:fe:53:8e:f0:
         9c:19:70:78:74:c5:8a:ba:af:7f:48:19:07:34:69:b2:c1:c3:
         20:78:85:34:37:b3:9d:3d:31:55:9f:0e:14:15:7d:ad:4d:be:
         b4:1a:33:b0:bb:83:24:c8:49:eb:27:b2:7e:44:ba:75:5a:c0:
         b5:c7:82:5b:7f:98:70:5b:cb:9d:ec:53:eb:a4:e9:41:b9:4f:
         0b:56:16:73:27:48:f2:e1:79:58:59:52:d1:e4:ed:b5:25:cc:
         73:f0:fe:86:70:56:14:31:99:90:a2:17:5e:fa:0c:2e:d1:fc:
         f9:39:4e:28
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ61trpFz+kgEPiA/aPF4VznMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNjExMDgwNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWRhYzFmMzJhODBkOWZmMjkzOTJmY2I3M2I1Yzc5OTMxZTIzODVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkujY81cijvy3MtnnxaeJLIlipin
jT3ntGmsfMGcWCeQNlPFhR0XiQSwXvAuejBV9oAOriajGRDQiEePMB1kdSZGxfjx
CJ3a1FUxCNtEBa+5N1CLZtb/tW6w2ymSSu9zVx3uMGlGYwNQJg/bktSGvpK7fWO9
gteM49FOlkgAOA26/xo5DaDnm/LE/D7+tcTZW8q9lGJFEmNsHRIRkQNinF+oVlPW
znBrOOcxMoyU8owl2mRDZaHBWgOMWYOtEBG+K21tTy5olVFUV3bRhzvIICGvqRf0
7mi6cFBVaXM9cSkSv6grWKWDbD86AdVUOd/+eU+urUmrbaN6+zIpK8Sp3QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJHawfMqgNn/KTkvy3O1x5kx4jhcMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEva2RyQjh5cUEyZjhwT1NfTGM3WEhtVEhpT0Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVzrOAwQA
WSFRAwQAWSJaMA0GCSqGSIb3DQEBCwUAA4IBAQBdMRDbeQFueiJ8a9+7KQPpm+n5
wV2c6o6GVO7JaT3uPe8o3npOaej5Yflirm1NT+GuttkHuExw8u1xSayBl04tVEb3
aSOUl8dJdSiVgw/OH3+MnUQZ4fd7aM8vHiyr+Sry4dn0qtBNvV0GNJI7dU0jEx15
0LuBKTtbfLz7Wq4+1w01MlXhp3LabZDKSf5TjvCcGXB4dMWKuq9/SBkHNGmywcMg
eIU0N7OdPTFVnw4UFX2tTb60GjOwu4MkyEnrJ7J+RLp1WsC1x4Jbf5hwW8ud7FPr
pOlBuU8LVhZzJ0jy4XlYWVLR5O21Jcxz8P6GcFYUMZmQohde+gwu0fz5OU4o
-----END CERTIFICATE-----