Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/22IN0rUk9JNnUQPgeXlVtc1ZpIM.roa
File:                     22IN0rUk9JNnUQPgeXlVtc1ZpIM.roa (raw, json)
Hash identifier:          P9eBWh7TDjmmjPTszbX+u0todt3/gqNgnIR1Bsc1vfA=
Subject key identifier:   DB:62:0D:D2:B5:24:F4:93:67:51:03:E0:79:79:55:B5:CD:59:A4:83
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019D91DD6A3836E4C20A55E976B110E987F8
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/22IN0rUk9JNnUQPgeXlVtc1ZpIM.roa
Signing time:             Wed 15 Apr 2026 15:58:20 +0000
ROA not before:           Wed 15 Apr 2026 15:58:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        87.232.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:dd:6a:38:36:e4:c2:0a:55:e9:76:b1:10:e9:87:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Apr 15 15:58:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db620dd2b524f493675103e0797955b5cd59a483
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ea:13:df:d5:d4:d6:ae:90:3d:ea:45:e7:1b:
                    ba:fd:ea:6e:5f:73:ca:17:f2:f3:96:8f:63:0d:f7:
                    a8:ac:c5:05:94:8e:06:f4:46:f4:58:40:6b:51:93:
                    d8:31:1f:f4:aa:fc:e7:34:44:2f:10:c9:52:80:1b:
                    8b:e2:86:0b:1d:fd:2b:fb:06:f2:f0:b7:f8:5f:ca:
                    dc:c3:36:48:6b:71:2c:7a:b9:fd:33:7a:d5:6f:6e:
                    13:51:cc:71:2a:e5:d0:44:29:69:fe:65:27:94:20:
                    fd:2a:72:11:ce:ba:4e:e9:42:26:73:77:a2:7d:ba:
                    77:35:32:03:c3:dc:66:e8:94:79:2b:5c:a2:21:22:
                    4c:88:4c:9f:12:54:df:8a:5a:09:25:95:65:8d:43:
                    f7:44:7c:01:f8:5b:42:88:07:7f:90:92:48:38:32:
                    1c:47:2f:66:d8:bf:9d:4e:d4:db:2c:6f:6b:da:58:
                    22:2b:99:54:26:7f:43:da:d6:09:2d:23:87:c3:fe:
                    81:4d:e3:b3:3e:dd:64:c5:d7:cc:66:b7:61:1c:be:
                    f1:66:f6:8b:1e:4e:b7:5c:73:4e:30:7f:8a:bc:1a:
                    d6:76:92:6c:06:95:a1:d1:45:90:92:7a:28:f5:83:
                    bd:15:84:5d:38:99:69:99:7a:90:f8:75:f1:5c:87:
                    e6:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:62:0D:D2:B5:24:F4:93:67:51:03:E0:79:79:55:B5:CD:59:A4:83
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/22IN0rUk9JNnUQPgeXlVtc1ZpIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:cb:c7:0a:a1:66:d2:24:da:4b:5d:b8:04:16:b1:7d:c6:62:
         12:c3:0d:01:36:3a:54:db:49:51:c0:fc:0c:f3:7e:a1:84:1f:
         64:9e:66:69:6d:4d:57:c9:90:f9:4f:48:e2:61:9a:65:d5:8b:
         26:c9:ea:dd:5c:0a:d6:e4:79:3b:87:d6:63:8c:9e:f9:90:9a:
         27:b2:27:22:e1:93:c0:db:47:1e:39:20:49:a9:80:20:a6:0b:
         ef:d4:a6:18:80:f9:3a:73:06:1e:37:d4:14:62:37:d3:f2:1d:
         38:9a:68:49:17:c2:d9:2e:2d:d2:a6:28:da:84:16:3d:dd:5d:
         47:12:6a:4e:95:a7:21:bf:a9:d0:e4:40:6f:e2:ab:ae:28:07:
         45:f0:93:eb:1f:2e:c8:e0:9a:75:20:06:01:8a:88:17:d0:1e:
         b7:f6:27:98:ea:f5:2b:f7:00:3d:96:d9:e1:66:6a:56:9c:eb:
         f4:d5:2e:e9:6e:72:d0:97:30:a8:cd:3b:15:f0:da:a2:3b:73:
         10:66:b7:ba:f8:db:d8:ef:3f:e1:5f:04:c5:5a:cd:fd:59:66:
         1c:61:d3:3b:75:4e:a5:5c:26:ac:47:ac:c4:2d:dd:c3:bb:a8:
         46:bc:02:a5:3b:77:98:58:ef:af:70:70:76:f6:d0:90:e3:c8:
         3a:70:b9:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2R3Wo4NuTCClXpdrEQ6Yf4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNDE1MTU1ODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjYyMGRkMmI1MjRmNDkzNjc1MTAzZTA3OTc5NTViNWNkNTlhNDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+oT39XU1q6QPepF5xu6/epuX3PK
F/Lzlo9jDfeorMUFlI4G9Eb0WEBrUZPYMR/0qvznNEQvEMlSgBuL4oYLHf0r+wby
8Lf4X8rcwzZIa3Esern9M3rVb24TUcxxKuXQRClp/mUnlCD9KnIRzrpO6UImc3ei
fbp3NTIDw9xm6JR5K1yiISJMiEyfElTfiloJJZVljUP3RHwB+FtCiAd/kJJIODIc
Ry9m2L+dTtTbLG9r2lgiK5lUJn9D2tYJLSOHw/6BTeOzPt1kxdfMZrdhHL7xZvaL
Hk63XHNOMH+KvBrWdpJsBpWh0UWQknoo9YO9FYRdOJlpmXqQ+HXxXIfmoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtiDdK1JPSTZ1ED4Hl5VbXNWaSDMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvMjJJTjByVWs5Sk5uVVFQZ2VYbFZ0YzFacElNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hhMA0G
CSqGSIb3DQEBCwUAA4IBAQAqy8cKoWbSJNpLXbgEFrF9xmISww0BNjpU20lRwPwM
836hhB9knmZpbU1XyZD5T0jiYZpl1YsmyerdXArW5Hk7h9ZjjJ75kJonsici4ZPA
20ceOSBJqYAgpgvv1KYYgPk6cwYeN9QUYjfT8h04mmhJF8LZLi3SpijahBY93V1H
EmpOlachv6nQ5EBv4quuKAdF8JPrHy7I4Jp1IAYBiogX0B639ieY6vUr9wA9ltnh
ZmpWnOv01S7pbnLQlzCozTsV8NqiO3MQZre6+NvY7z/hXwTFWs39WWYcYdM7dU6l
XCasR6zELd3Du6hGvAKlO3eYWO+vcHB29tCQ48g6cLkp
-----END CERTIFICATE-----