Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/gnB9FcazNkCfhm-2S4LxCdJOoVA.roa
File:                     gnB9FcazNkCfhm-2S4LxCdJOoVA.roa (raw, json)
Hash identifier:          NVgYndfwxgxrGOQFYZmqNjLsD1osAx8Dlotfl2Mq2HQ=
Subject key identifier:   82:70:7D:15:C6:B3:36:40:9F:86:6F:B6:4B:82:F1:09:D2:4E:A1:50
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019E885FEB2973B52839B343B93DE9EE2582
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/gnB9FcazNkCfhm-2S4LxCdJOoVA.roa
Signing time:             Tue 02 Jun 2026 12:47:27 +0000
ROA not before:           Tue 02 Jun 2026 12:47:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206675
IP address blocks:        87.229.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:88:5f:eb:29:73:b5:28:39:b3:43:b9:3d:e9:ee:25:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jun  2 12:47:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=82707d15c6b336409f866fb64b82f109d24ea150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:4e:3c:c4:c0:2d:03:cd:e9:0a:50:94:0e:49:
                    96:5a:a3:c5:59:8e:c4:0e:e5:be:21:2f:f6:22:54:
                    0f:00:98:a4:0a:41:2a:b6:62:b5:2f:6d:cc:db:4b:
                    c5:5d:60:f1:04:16:fd:f1:e5:6e:eb:13:81:0f:be:
                    3e:a2:d7:69:74:2c:ac:12:fd:98:d1:5a:1c:6d:2e:
                    51:71:1c:6f:0a:80:dd:05:25:0d:cb:b1:a2:45:c9:
                    0b:0e:f0:b7:cc:05:ea:92:7f:f0:a8:86:26:1e:62:
                    f0:d9:a6:96:02:27:a4:2f:67:dd:da:18:ef:ac:f9:
                    3f:20:c2:e1:d1:70:14:4c:77:0a:e0:05:b8:8a:c1:
                    a1:2d:a9:c0:6b:0b:2a:d0:3d:b2:9e:1a:81:41:57:
                    86:c3:89:4e:9e:45:30:c4:13:97:ae:c5:0a:07:33:
                    1d:eb:71:c0:60:f1:fa:73:ed:bb:d4:19:63:c9:63:
                    34:66:8b:4b:83:ba:1c:37:d5:12:34:8f:e1:9e:e9:
                    16:93:6a:0d:03:ed:46:a8:8b:18:19:ef:be:71:46:
                    01:15:06:39:e2:1c:5d:b4:45:74:ed:e6:d1:ba:c5:
                    1d:e3:87:82:80:37:c0:2b:cb:99:35:ca:4b:a6:69:
                    e8:70:28:bc:f2:95:3d:c9:f3:48:23:69:a7:10:ee:
                    e3:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:70:7D:15:C6:B3:36:40:9F:86:6F:B6:4B:82:F1:09:D2:4E:A1:50
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/gnB9FcazNkCfhm-2S4LxCdJOoVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:7b:5b:fc:f5:bc:be:c8:96:cc:a9:aa:32:f8:42:f2:3e:e4:
         e1:d1:db:5c:fd:56:cf:f5:5f:79:05:f1:44:69:77:7e:02:27:
         e4:ec:cc:c7:5c:05:8b:28:0a:0c:9e:9b:40:ae:3d:b3:c5:3e:
         5d:6f:9c:4e:ec:4f:d0:5f:b6:a0:ab:90:d4:c2:c6:3a:38:02:
         5f:ac:47:40:34:38:28:fc:b4:86:2c:97:4d:2e:fa:73:24:56:
         ce:c1:41:d7:fa:b4:b7:5d:81:7a:b4:dc:3e:af:af:24:9c:0e:
         73:2e:c3:77:84:79:e1:1b:82:dd:3f:0b:f3:66:e2:69:3c:11:
         55:b7:de:e8:cc:16:6b:1d:3b:f0:d5:ee:e8:15:4a:1c:71:2c:
         3d:90:f9:78:43:9a:13:6e:00:b1:e0:f3:08:71:98:a0:a5:21:
         4d:9c:ff:07:78:86:9b:44:cb:d5:b9:7e:db:c5:f6:16:c1:57:
         b3:3a:e1:30:3d:5f:25:d2:5b:b9:ef:c3:65:a1:19:1a:76:fb:
         07:92:83:c8:1d:99:f1:ae:ac:64:da:49:53:49:7d:ac:4b:6c:
         1b:2c:c9:e9:95:17:d2:2f:77:67:9b:e3:d4:0d:53:c3:da:8a:
         c0:90:11:1e:bf:1b:d3:54:51:58:54:48:89:96:a1:f0:ec:0b:
         f1:46:5d:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6IX+spc7UoObNDuT3p7iWCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjYwNjAyMTI0NzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjcwN2QxNWM2YjMzNjQwOWY4NjZmYjY0YjgyZjEwOWQyNGVhMTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0k48xMAtA83pClCUDkmWWqPFWY7E
DuW+IS/2IlQPAJikCkEqtmK1L23M20vFXWDxBBb98eVu6xOBD74+otdpdCysEv2Y
0VocbS5RcRxvCoDdBSUNy7GiRckLDvC3zAXqkn/wqIYmHmLw2aaWAiekL2fd2hjv
rPk/IMLh0XAUTHcK4AW4isGhLanAawsq0D2ynhqBQVeGw4lOnkUwxBOXrsUKBzMd
63HAYPH6c+271BljyWM0ZotLg7ocN9USNI/hnukWk2oNA+1GqIsYGe++cUYBFQY5
4hxdtEV07ebRusUd44eCgDfAK8uZNcpLpmnocCi88pU9yfNII2mnEO7jdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJwfRXGszZAn4ZvtkuC8QnSTqFQMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvZ25COUZjYXpOa0NmaG0tMlM0THhDZEpPb1ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+VGMA0G
CSqGSIb3DQEBCwUAA4IBAQApe1v89by+yJbMqaoy+ELyPuTh0dtc/VbP9V95BfFE
aXd+Aifk7MzHXAWLKAoMnptArj2zxT5db5xO7E/QX7agq5DUwsY6OAJfrEdANDgo
/LSGLJdNLvpzJFbOwUHX+rS3XYF6tNw+r68knA5zLsN3hHnhG4LdPwvzZuJpPBFV
t97ozBZrHTvw1e7oFUoccSw9kPl4Q5oTbgCx4PMIcZigpSFNnP8HeIabRMvVuX7b
xfYWwVezOuEwPV8l0lu578NloRkadvsHkoPIHZnxrqxk2klTSX2sS2wbLMnplRfS
L3dnm+PUDVPD2orAkBEevxvTVFFYVEiJlqHw7AvxRl3+
-----END CERTIFICATE-----