Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/TpvZowa2jw3s-G8Ba8hGmzcHbc8.roa
File:                     TpvZowa2jw3s-G8Ba8hGmzcHbc8.roa (raw, json)
Hash identifier:          BAr2wSWTMZqAB9mXXSK0slrbmwLOYY2a4ZVcqUorJDY=
Subject key identifier:   4E:9B:D9:A3:06:B6:8F:0D:EC:F8:6F:01:6B:C8:46:9B:37:07:6D:CF
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019EB57D0D94D02127419705C3C096C10C33
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/TpvZowa2jw3s-G8Ba8hGmzcHbc8.roa
Signing time:             Thu 11 Jun 2026 07:02:11 +0000
ROA not before:           Thu 11 Jun 2026 07:02:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        87.232.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b5:7d:0d:94:d0:21:27:41:97:05:c3:c0:96:c1:0c:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jun 11 07:02:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e9bd9a306b68f0decf86f016bc8469b37076dcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:3f:46:cc:b6:d4:c7:da:86:11:e4:28:c8:8e:
                    fd:fb:0e:87:2c:e1:80:60:df:63:04:57:d1:94:5e:
                    f9:32:dc:7c:fc:7d:bd:89:50:a5:76:64:62:e0:e0:
                    0c:9f:de:c1:c8:15:38:52:61:7c:23:cd:53:f8:27:
                    10:cf:ef:79:dc:60:89:89:13:62:22:db:5b:bd:ce:
                    d5:57:ed:67:c2:8a:08:03:af:79:90:2d:c2:9f:77:
                    cd:c3:30:9c:21:80:ce:4c:29:3f:85:8a:9d:a7:d9:
                    08:fa:63:6f:0f:d8:55:ac:81:ad:be:46:f5:ea:c5:
                    cc:7b:e2:f2:c6:96:e4:9a:13:c1:71:e2:18:b3:4f:
                    8f:91:76:f2:de:6b:d4:18:76:8e:6a:29:62:e8:70:
                    1e:db:bd:02:d6:3c:99:25:c4:95:99:51:02:7d:f3:
                    69:01:3b:c9:e1:8d:49:74:65:ee:04:f7:14:3a:a9:
                    5f:d3:90:d4:1d:75:2e:e7:46:d4:2c:df:f3:e6:3b:
                    48:77:8b:6b:f9:92:b0:4d:e8:cc:43:45:c0:d9:fe:
                    c1:48:11:72:83:6f:77:d1:48:1a:3a:27:4b:8e:fa:
                    ed:91:67:80:6f:5f:2c:3a:7b:bb:b8:5a:e2:ea:3e:
                    43:c1:11:7a:b5:dc:86:e0:8e:58:b0:2f:43:35:46:
                    0a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:9B:D9:A3:06:B6:8F:0D:EC:F8:6F:01:6B:C8:46:9B:37:07:6D:CF
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/TpvZowa2jw3s-G8Ba8hGmzcHbc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:65:56:e7:79:4d:e7:9c:58:53:46:da:f1:54:ae:d4:d5:51:
         d6:b8:84:69:a5:15:52:db:10:84:aa:5f:00:e5:a4:b1:e3:ea:
         38:7f:cf:1f:19:e3:00:59:07:59:d0:94:81:42:7b:7d:23:15:
         85:b6:38:4e:97:6d:f4:6c:f2:1b:93:27:22:1a:5f:9b:c6:33:
         f8:e7:9c:0d:68:97:9f:aa:82:1e:f4:fb:f3:d6:1a:f9:df:a8:
         8e:9d:a4:2d:15:fb:ef:08:49:06:8a:eb:7a:aa:5a:6a:92:45:
         cf:5a:6d:ba:7d:9a:b8:7e:62:ed:df:7c:0b:64:7c:0a:0e:da:
         29:e6:d3:19:bd:6a:2e:ea:7f:ec:81:a9:56:33:70:7a:f7:67:
         c5:94:c7:2b:1d:9b:f5:61:00:f0:6b:5b:65:1d:5a:6d:2d:c6:
         1a:ca:c4:2d:4f:35:66:64:33:9c:4b:6a:38:e3:63:e6:13:ea:
         e7:4b:f8:6c:db:12:8a:b5:c3:10:12:05:c6:e4:c9:de:d8:27:
         04:52:37:38:e0:df:be:04:5a:1f:1c:ad:a6:fb:ae:68:c5:0d:
         80:38:31:07:50:eb:95:43:23:0f:ad:38:31:2e:ad:06:07:b8:
         1c:ce:8b:f0:a9:f4:c3:27:0a:24:31:25:4a:d2:2f:21:2d:62:
         71:4c:d4:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ61fQ2U0CEnQZcFw8CWwQwzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNjExMDcwMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTliZDlhMzA2YjY4ZjBkZWNmODZmMDE2YmM4NDY5YjM3MDc2ZGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmz9GzLbUx9qGEeQoyI79+w6HLOGA
YN9jBFfRlF75Mtx8/H29iVCldmRi4OAMn97ByBU4UmF8I81T+CcQz+953GCJiRNi
Ittbvc7VV+1nwooIA695kC3Cn3fNwzCcIYDOTCk/hYqdp9kI+mNvD9hVrIGtvkb1
6sXMe+LyxpbkmhPBceIYs0+PkXby3mvUGHaOaili6HAe270C1jyZJcSVmVECffNp
ATvJ4Y1JdGXuBPcUOqlf05DUHXUu50bULN/z5jtId4tr+ZKwTejMQ0XA2f7BSBFy
g2930UgaOidLjvrtkWeAb18sOnu7uFri6j5DwRF6tdyG4I5YsC9DNUYKiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6b2aMGto8N7PhvAWvIRps3B23PMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvVHB2Wm93YTJqdzNzLUc4QmE4aEdtemNIYmM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hgMA0G
CSqGSIb3DQEBCwUAA4IBAQCxZVbneU3nnFhTRtrxVK7U1VHWuIRppRVS2xCEql8A
5aSx4+o4f88fGeMAWQdZ0JSBQnt9IxWFtjhOl230bPIbkyciGl+bxjP455wNaJef
qoIe9Pvz1hr536iOnaQtFfvvCEkGiut6qlpqkkXPWm26fZq4fmLt33wLZHwKDtop
5tMZvWou6n/sgalWM3B692fFlMcrHZv1YQDwa1tlHVptLcYaysQtTzVmZDOcS2o4
42PmE+rnS/hs2xKKtcMQEgXG5Mne2CcEUjc44N++BFofHK2m+65oxQ2AODEHUOuV
QyMPrTgxLq0GB7gczovwqfTDJwokMSVK0i8hLWJxTNRC
-----END CERTIFICATE-----