Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/3RnJLmhVqTxK4_TymdYitSKvzYY.roa
File:                     3RnJLmhVqTxK4_TymdYitSKvzYY.roa (raw, json)
Hash identifier:          91GPrcBnLJDyfYg8gUav+CSCWsP1B17IT+yzSfa8A64=
Subject key identifier:   DD:19:C9:2E:68:55:A9:3C:4A:E3:F4:F2:99:D6:22:B5:22:AF:CD:86
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019D9306F655E9B162CC39FC5B0C3EAC149D
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/3RnJLmhVqTxK4_TymdYitSKvzYY.roa
Signing time:             Wed 15 Apr 2026 21:23:20 +0000
ROA not before:           Wed 15 Apr 2026 21:23:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216183
IP address blocks:        87.232.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 00:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:93:06:f6:55:e9:b1:62:cc:39:fc:5b:0c:3e:ac:14:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Apr 15 21:23:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd19c92e6855a93c4ae3f4f299d622b522afcd86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:b3:f1:44:c8:e3:1a:9a:ff:9f:2b:43:9a:4a:
                    d3:9e:e2:e7:76:b2:c1:b3:af:89:0b:16:53:2a:b6:
                    bb:24:5a:ee:ee:09:69:9d:dd:8f:20:6c:54:3b:6c:
                    8c:ff:09:d8:3d:34:f7:81:f8:55:a5:40:af:9a:5e:
                    c8:e9:30:62:08:11:f6:cf:c6:63:b4:ab:ba:df:c5:
                    31:28:49:90:52:45:52:85:94:06:f3:b3:16:80:c1:
                    6b:58:c3:94:06:2d:1b:b4:ab:2e:cc:7f:0b:2d:43:
                    c1:9d:56:20:91:3c:de:06:b8:aa:97:c7:c9:8b:9c:
                    29:15:d0:18:b1:74:4b:78:19:46:fd:14:b3:7e:53:
                    3c:c9:3a:8d:35:61:50:5c:d9:95:e2:14:83:da:f0:
                    cf:19:13:0d:27:6e:63:4e:08:28:30:6e:ea:a2:43:
                    f6:8d:41:67:16:9d:c8:fa:eb:45:42:48:f3:68:34:
                    44:a1:79:db:a4:7a:0d:3e:cc:be:ac:c0:a2:37:b9:
                    bd:d5:7c:48:99:f4:4e:45:cb:bf:d2:91:ad:88:f7:
                    91:b9:ff:d6:86:fb:6d:ed:58:29:0c:18:ff:57:9c:
                    09:be:ac:05:fa:0c:dd:af:bb:88:c3:1b:60:10:ac:
                    26:8d:d2:3a:d0:47:63:ba:8b:7c:e7:bf:fb:2f:2d:
                    75:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:19:C9:2E:68:55:A9:3C:4A:E3:F4:F2:99:D6:22:B5:22:AF:CD:86
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/3RnJLmhVqTxK4_TymdYitSKvzYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:29:9a:c6:f7:b2:4d:70:8d:d6:bf:cd:91:e7:fd:a9:bd:3a:
         4d:92:d3:22:21:e0:99:b8:75:4a:23:90:89:89:99:e8:9e:a3:
         41:4f:b3:06:24:b5:e4:f7:01:9e:2f:eb:2f:b8:fb:83:e9:79:
         6f:10:89:40:8b:7e:b0:17:b0:3c:7f:9c:f5:64:7e:96:94:24:
         80:28:b9:b3:5a:87:08:26:8f:0a:ec:ca:96:a9:33:53:e7:d7:
         8a:67:05:b3:6d:22:8b:99:6c:01:cd:09:ff:4f:2e:a6:c5:f4:
         9d:ff:90:ec:4d:33:b1:08:24:89:45:c2:f4:9b:c2:32:64:99:
         7a:a0:d4:42:d2:e4:b6:7b:fb:19:9f:5a:16:ab:e7:f8:ac:cb:
         56:c4:93:25:cf:90:3b:47:30:13:34:00:19:e4:ff:a1:95:3a:
         20:b1:96:63:d9:71:69:57:9a:af:3a:e5:c2:25:46:ca:05:b8:
         31:b9:a3:d2:28:07:47:b8:e3:eb:05:72:12:e8:4b:14:20:a8:
         5b:1f:96:5d:1f:53:86:dc:08:97:4e:40:5b:62:bf:be:8e:8e:
         06:7b:3a:57:85:d3:e8:15:63:41:58:08:5c:79:dd:94:a7:03:
         5c:7c:e6:12:49:08:eb:96:f8:66:8b:4b:8b:54:6c:dd:a6:eb:
         1e:3a:56:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2TBvZV6bFizDn8Www+rBSdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNDE1MjEyMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDE5YzkyZTY4NTVhOTNjNGFlM2Y0ZjI5OWQ2MjJiNTIyYWZjZDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA47PxRMjjGpr/nytDmkrTnuLndrLB
s6+JCxZTKra7JFru7glpnd2PIGxUO2yM/wnYPTT3gfhVpUCvml7I6TBiCBH2z8Zj
tKu638UxKEmQUkVShZQG87MWgMFrWMOUBi0btKsuzH8LLUPBnVYgkTzeBriql8fJ
i5wpFdAYsXRLeBlG/RSzflM8yTqNNWFQXNmV4hSD2vDPGRMNJ25jTggoMG7qokP2
jUFnFp3I+utFQkjzaDREoXnbpHoNPsy+rMCiN7m91XxImfRORcu/0pGtiPeRuf/W
hvtt7VgpDBj/V5wJvqwF+gzdr7uIwxtgEKwmjdI60Edjuot857/7Ly110wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0ZyS5oVak8SuP08pnWIrUir82GMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvM1JuSkxtaFZxVHhLNF9UeW1kWWl0U0t2ellZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hiMA0G
CSqGSIb3DQEBCwUAA4IBAQCgKZrG97JNcI3Wv82R5/2pvTpNktMiIeCZuHVKI5CJ
iZnonqNBT7MGJLXk9wGeL+svuPuD6XlvEIlAi36wF7A8f5z1ZH6WlCSAKLmzWocI
Jo8K7MqWqTNT59eKZwWzbSKLmWwBzQn/Ty6mxfSd/5DsTTOxCCSJRcL0m8IyZJl6
oNRC0uS2e/sZn1oWq+f4rMtWxJMlz5A7RzATNAAZ5P+hlTogsZZj2XFpV5qvOuXC
JUbKBbgxuaPSKAdHuOPrBXIS6EsUIKhbH5ZdH1OG3AiXTkBbYr++jo4GezpXhdPo
FWNBWAhced2UpwNcfOYSSQjrlvhmi0uLVGzdpuseOlYJ
-----END CERTIFICATE-----