Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/VBHeQWkm3UmqCCTmdd5iRg7GSQs.roa
File:                     VBHeQWkm3UmqCCTmdd5iRg7GSQs.roa (raw, json)
Hash identifier:          dZmL9Mx7Pdt6g/t7PbV12vGJ8suhWGawtalW/YHjDvw=
Subject key identifier:   54:11:DE:41:69:26:DD:49:AA:08:24:E6:75:DE:62:46:0E:C6:49:0B
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019D58A7D05EFA7553F8F43D45F0F646A0C0
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/VBHeQWkm3UmqCCTmdd5iRg7GSQs.roa
Signing time:             Sat 04 Apr 2026 13:21:25 +0000
ROA not before:           Sat 04 Apr 2026 13:21:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        87.229.37.0/24 maxlen: 24
                          87.229.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:58:a7:d0:5e:fa:75:53:f8:f4:3d:45:f0:f6:46:a0:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Apr  4 13:21:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5411de416926dd49aa0824e675de62460ec6490b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:6a:46:2e:0a:25:c6:87:a8:f7:f4:91:e0:53:
                    b1:4d:2d:f5:d9:14:57:d4:b9:f8:07:98:40:9f:40:
                    b4:7e:3c:77:34:6b:11:6d:35:b1:ac:83:52:3b:60:
                    47:e3:30:cd:34:39:d0:a8:d1:f5:aa:81:4c:c8:6d:
                    de:84:22:3a:2f:82:f3:6c:37:07:e4:27:7f:be:4c:
                    1f:e9:42:cb:d1:ab:22:53:5d:ff:5c:c2:d8:02:43:
                    06:ea:0e:81:0a:b3:fa:4f:94:8f:50:e9:50:89:8e:
                    02:5b:5e:66:3a:17:cf:6c:27:61:3c:b3:41:ef:ba:
                    3e:b1:7d:fb:c7:7b:38:1c:32:ee:93:15:f9:39:df:
                    2d:a0:53:a1:78:c7:9c:ec:7e:63:f3:6c:8f:ee:e7:
                    d4:79:c3:f8:ce:63:6d:e6:64:b3:69:91:d1:f4:05:
                    b2:8d:fb:18:71:61:30:76:af:68:27:70:56:74:fe:
                    fe:95:9b:6e:94:5f:b7:b8:5d:7d:19:e4:f8:c0:ca:
                    ea:8c:18:e1:35:47:2d:8e:01:80:4d:e2:1c:53:93:
                    85:4b:80:ca:95:eb:47:42:89:88:c2:4f:b5:b2:2b:
                    05:4e:1a:a3:56:76:ff:78:b4:3e:58:e7:55:13:41:
                    1e:31:a9:48:ef:3d:25:cd:86:bd:f1:66:a6:1b:e9:
                    dc:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:11:DE:41:69:26:DD:49:AA:08:24:E6:75:DE:62:46:0E:C6:49:0B
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/VBHeQWkm3UmqCCTmdd5iRg7GSQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.37.0/24
                  87.229.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:9a:d6:a8:ac:f0:25:cf:b4:00:14:8f:e5:e4:78:e8:94:13:
         71:db:99:65:bd:f0:06:a0:70:50:f8:76:ed:af:c1:71:dd:e7:
         74:c8:26:b9:45:44:ce:0a:1c:05:a6:b5:f4:39:fc:95:5f:b6:
         29:48:07:34:3b:16:5a:b5:88:54:3e:0c:6e:2b:94:16:e4:73:
         ab:44:76:93:2c:88:72:0b:38:f8:e0:a6:5d:c1:c2:41:8c:8d:
         1a:46:2d:d7:cf:f2:1f:41:e3:ad:66:2b:b3:33:a0:21:e5:28:
         5a:cc:63:36:b4:a6:4a:fe:8c:0c:a3:4f:2a:63:ca:4f:84:56:
         f6:b9:79:61:4c:af:9d:1b:1d:e6:3c:74:42:fb:be:57:51:dc:
         7b:e0:d2:81:e9:8e:1b:57:25:87:68:b2:80:e8:70:b7:96:0b:
         8e:67:67:da:97:40:ec:2f:c9:09:52:82:5c:03:f8:e9:b6:70:
         d0:24:4e:aa:27:6b:28:d7:b2:f0:94:3e:0a:6b:0f:dd:d5:53:
         dc:73:f3:75:7a:1e:f1:d1:dd:e3:59:c3:e2:3a:32:78:89:ac:
         e4:ed:57:a7:bd:01:ed:d5:dd:30:4b:59:20:12:f7:5a:2b:e0:
         cf:38:58:dc:fb:d3:ce:f3:b1:cd:0c:5a:e4:7a:d2:64:c8:10:
         d9:b3:0c:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1Yp9Be+nVT+PQ9RfD2RqDAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjYwNDA0MTMyMTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDExZGU0MTY5MjZkZDQ5YWEwODI0ZTY3NWRlNjI0NjBlYzY0OTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWpGLgolxoeo9/SR4FOxTS312RRX
1Ln4B5hAn0C0fjx3NGsRbTWxrINSO2BH4zDNNDnQqNH1qoFMyG3ehCI6L4LzbDcH
5Cd/vkwf6ULL0asiU13/XMLYAkMG6g6BCrP6T5SPUOlQiY4CW15mOhfPbCdhPLNB
77o+sX37x3s4HDLukxX5Od8toFOheMec7H5j82yP7ufUecP4zmNt5mSzaZHR9AWy
jfsYcWEwdq9oJ3BWdP7+lZtulF+3uF19GeT4wMrqjBjhNUctjgGATeIcU5OFS4DK
letHQomIwk+1sisFThqjVnb/eLQ+WOdVE0EeMalI7z0lzYa98WamG+ncYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFQR3kFpJt1Jqggk5nXeYkYOxkkLMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvVkJIZVFXa20zVW1xQ0NUbWRkNWlSZzdHU1FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV+UlAwQA
V+VAMA0GCSqGSIb3DQEBCwUAA4IBAQBhmtaorPAlz7QAFI/l5HjolBNx25llvfAG
oHBQ+Hbtr8Fx3ed0yCa5RUTOChwFprX0OfyVX7YpSAc0OxZatYhUPgxuK5QW5HOr
RHaTLIhyCzj44KZdwcJBjI0aRi3Xz/IfQeOtZiuzM6Ah5ShazGM2tKZK/owMo08q
Y8pPhFb2uXlhTK+dGx3mPHRC+75XUdx74NKB6Y4bVyWHaLKA6HC3lguOZ2fal0Ds
L8kJUoJcA/jptnDQJE6qJ2so17LwlD4Kaw/d1VPcc/N1eh7x0d3jWcPiOjJ4iazk
7VenvQHt1d0wS1kgEvdaK+DPOFjc+9PO87HNDFrketJkyBDZswwo
-----END CERTIFICATE-----