Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/_prbQr6RHigsq1VF4HOf6R6FWws.roa
File:                     _prbQr6RHigsq1VF4HOf6R6FWws.roa (raw, json)
Hash identifier:          YNgtrm76nv1G2jdy22hDytNJzuZPHA809WZzFNJ+1MA=
Subject key identifier:   FE:9A:DB:42:BE:91:1E:28:2C:AB:55:45:E0:73:9F:E9:1E:85:5B:0B
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019EACF28BD3C17B42D94F036B57635E7BB9
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/_prbQr6RHigsq1VF4HOf6R6FWws.roa
Signing time:             Tue 09 Jun 2026 15:13:57 +0000
ROA not before:           Tue 09 Jun 2026 15:13:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     141445
IP address blocks:        87.83.1.0/24 maxlen: 24
                          87.86.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:f2:8b:d3:c1:7b:42:d9:4f:03:6b:57:63:5e:7b:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun  9 15:13:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fe9adb42be911e282cab5545e0739fe91e855b0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:54:5f:7f:34:dc:6e:a2:e9:e7:5f:3a:06:61:
                    8d:68:c1:33:a2:02:64:fd:fc:ab:26:86:88:31:cc:
                    e5:62:60:92:b6:94:48:b9:55:be:54:b6:0b:a1:d0:
                    31:59:6f:3c:e7:c0:38:15:ea:88:02:d5:8c:69:d0:
                    4e:03:09:3a:b5:60:c5:b6:dc:a7:3e:6a:9a:14:5f:
                    97:f2:a4:54:7f:dd:92:8d:61:80:da:c8:39:95:6c:
                    cd:95:26:0b:01:8c:54:5b:ef:38:38:5e:b2:fa:f5:
                    3e:2e:e8:6b:a6:67:38:40:86:9f:16:f9:fd:a1:f2:
                    15:ac:74:4b:79:ae:cb:8b:81:6e:4d:36:27:2d:84:
                    c9:3d:6b:38:52:7c:6e:0c:7c:9a:26:ea:96:ea:52:
                    69:0c:af:c6:5b:9c:24:b1:f8:cd:e6:65:2d:8d:31:
                    6b:38:8e:46:75:c3:90:30:44:eb:a4:2f:b4:08:69:
                    5a:56:42:c0:91:9f:22:65:7f:26:39:ec:5c:d5:3e:
                    f9:b2:ea:6e:a6:5b:64:e1:3f:a2:bb:cb:1e:29:3a:
                    5f:3a:46:ec:83:d3:70:b0:cc:86:9c:ee:01:f7:37:
                    6b:90:b1:f0:7c:77:9c:73:98:7d:74:3b:d1:d4:2a:
                    fa:27:ce:45:1b:07:cb:bc:cd:2a:05:6f:e0:c8:84:
                    6a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:9A:DB:42:BE:91:1E:28:2C:AB:55:45:E0:73:9F:E9:1E:85:5B:0B
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/_prbQr6RHigsq1VF4HOf6R6FWws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.83.1.0/24
                  87.86.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:d9:8d:6f:5e:a1:d0:f0:d3:b1:4f:d6:8b:8a:5b:28:c6:f8:
         e2:88:35:e4:a3:c9:aa:fd:5e:a5:78:80:74:b8:f5:4c:54:5f:
         62:cd:b8:c4:07:85:5c:8e:73:d9:e9:31:d7:a2:8f:f6:08:66:
         5f:a0:80:f4:a4:7f:e2:01:2f:b3:51:14:64:a7:49:d1:0b:99:
         70:bb:1c:d0:b7:b9:ee:f0:8c:41:53:54:74:ad:6f:12:ea:00:
         a7:c6:d2:7f:05:2b:31:45:21:f1:73:50:75:4d:83:b8:5d:db:
         da:82:33:9c:11:3d:1a:0d:61:b9:06:ff:22:e9:94:b6:02:5d:
         6e:04:e5:3d:a4:e3:7b:40:90:0b:cf:b5:2b:ba:ac:98:b4:03:
         7f:d4:9c:eb:c9:b5:bb:bc:c6:ee:48:96:c7:88:c1:8e:98:74:
         fd:5a:65:c2:47:0e:7b:6d:72:40:15:ae:27:5e:30:55:67:76:
         34:e8:79:f0:c1:54:86:94:c5:b7:42:6a:65:c6:a0:ab:be:b0:
         f5:a7:8f:b9:85:9e:5c:7b:ca:88:97:f3:4a:44:85:2c:3a:bf:
         9b:59:7c:3a:21:ea:9f:49:ce:ff:1b:f5:2e:24:00:a4:f4:a6:
         c2:9e:0a:fe:15:57:d8:2c:a9:7c:58:ac:f0:6a:b8:5e:94:40:
         64:95:8c:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6s8ovTwXtC2U8Da1djXnu5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjA5MTUxMzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTlhZGI0MmJlOTExZTI4MmNhYjU1NDVlMDczOWZlOTFlODU1YjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlRffzTcbqLp5186BmGNaMEzogJk
/fyrJoaIMczlYmCStpRIuVW+VLYLodAxWW8858A4FeqIAtWMadBOAwk6tWDFttyn
PmqaFF+X8qRUf92SjWGA2sg5lWzNlSYLAYxUW+84OF6y+vU+Luhrpmc4QIafFvn9
ofIVrHRLea7Li4FuTTYnLYTJPWs4UnxuDHyaJuqW6lJpDK/GW5wksfjN5mUtjTFr
OI5GdcOQMETrpC+0CGlaVkLAkZ8iZX8mOexc1T75supupltk4T+iu8seKTpfOkbs
g9NwsMyGnO4B9zdrkLHwfHecc5h9dDvR1Cr6J85FGwfLvM0qBW/gyIRqhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP6a20K+kR4oLKtVReBzn+kehVsLMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvX3ByYlFyNlJIaWdzcTFWRjRIT2Y2UjZGV3dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV1MBAwQA
V1a9MA0GCSqGSIb3DQEBCwUAA4IBAQC+2Y1vXqHQ8NOxT9aLilsoxvjiiDXko8mq
/V6leIB0uPVMVF9izbjEB4VcjnPZ6THXoo/2CGZfoID0pH/iAS+zURRkp0nRC5lw
uxzQt7nu8IxBU1R0rW8S6gCnxtJ/BSsxRSHxc1B1TYO4XdvagjOcET0aDWG5Bv8i
6ZS2Al1uBOU9pON7QJALz7UruqyYtAN/1JzrybW7vMbuSJbHiMGOmHT9WmXCRw57
bXJAFa4nXjBVZ3Y06HnwwVSGlMW3QmplxqCrvrD1p4+5hZ5ce8qIl/NKRIUsOr+b
WXw6IeqfSc7/G/UuJACk9KbCngr+FVfYLKl8WKzwarhelEBklYwC
-----END CERTIFICATE-----