Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/H0LmI3hwP5vuk6s2D4uvDcdqzVk.roa
File:                     H0LmI3hwP5vuk6s2D4uvDcdqzVk.roa (raw, json)
Hash identifier:          2sxJRLlrwU2S9zOA5ff7Badv9IoN7irocgD2LEsbLN0=
Subject key identifier:   1F:42:E6:23:78:70:3F:9B:EE:93:AB:36:0F:8B:AF:0D:C7:6A:CD:59
Certificate issuer:       /CN=e5e03354666c4cb2abfd51411eca5d524b0d5be5
Certificate serial:       019D91D9C05F3FC8493975B5FFE4D2C8481F
Authority key identifier: E5:E0:33:54:66:6C:4C:B2:AB:FD:51:41:1E:CA:5D:52:4B:0D:5B:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/H0LmI3hwP5vuk6s2D4uvDcdqzVk.roa
Signing time:             Wed 15 Apr 2026 15:54:20 +0000
ROA not before:           Wed 15 Apr 2026 15:54:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208450
IP address blocks:        87.232.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 04:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:d9:c0:5f:3f:c8:49:39:75:b5:ff:e4:d2:c8:48:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5e03354666c4cb2abfd51411eca5d524b0d5be5
        Validity
            Not Before: Apr 15 15:54:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f42e62378703f9bee93ab360f8baf0dc76acd59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:6a:fe:9a:e8:be:3f:88:78:3a:06:1d:aa:18:
                    70:71:7d:ed:56:f8:0f:c0:d5:d9:1a:d9:7d:f2:e4:
                    1e:73:d6:1a:b8:35:08:f5:fd:b1:f4:c5:57:a4:5a:
                    02:72:e4:e1:ae:f7:d7:82:40:f1:e1:7d:3f:99:4b:
                    bf:96:43:58:7a:9b:6e:36:ec:18:a9:82:52:dc:e0:
                    a7:7f:d6:3d:2b:37:13:f8:56:8a:d2:17:32:d2:bd:
                    23:2b:8d:0c:a1:d8:ff:27:77:67:0c:b3:ac:bf:f2:
                    d5:0b:b2:e6:0b:45:ce:c7:44:8f:cd:33:1b:13:10:
                    c2:1c:d8:25:65:f3:95:76:97:a6:32:31:2c:10:8d:
                    a9:8c:00:e0:e9:40:0a:da:cc:f0:dd:46:91:55:33:
                    67:29:70:e6:51:c4:9d:c2:65:01:3e:a8:04:5f:dd:
                    7d:2c:e8:ec:56:38:40:ef:b9:ee:2e:20:a0:98:26:
                    5a:fb:2f:bb:9f:54:19:18:cc:fa:fc:a4:8a:39:a6:
                    f9:3c:22:06:2e:16:88:29:aa:cf:7b:89:7c:fc:69:
                    e5:18:1d:fb:59:7c:00:ae:dc:eb:63:0e:4a:62:c7:
                    5e:3a:93:80:37:c4:aa:e3:85:9e:4e:bb:9a:ce:b4:
                    80:34:ad:6b:16:91:98:4d:c9:17:97:36:6f:c2:76:
                    98:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:42:E6:23:78:70:3F:9B:EE:93:AB:36:0F:8B:AF:0D:C7:6A:CD:59
            X509v3 Authority Key Identifier:
                keyid:E5:E0:33:54:66:6C:4C:B2:AB:FD:51:41:1E:CA:5D:52:4B:0D:5B:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/H0LmI3hwP5vuk6s2D4uvDcdqzVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:7b:17:cf:09:5b:e5:62:8c:9a:61:a8:dc:fe:d7:9f:d4:16:
         05:0d:6d:08:8b:92:ba:5d:b6:2d:c4:6e:66:9c:2d:7b:f0:cb:
         eb:4a:83:05:60:db:08:11:b8:84:35:ac:4e:12:ef:e6:69:af:
         15:e2:65:57:e6:d0:f0:74:ba:28:b5:d3:41:56:e3:19:1a:de:
         37:59:14:a1:f2:cf:07:42:a1:06:46:ca:21:00:13:69:81:ef:
         5c:c0:15:f0:6a:77:2d:8a:31:6f:50:9b:6d:87:45:c7:39:0d:
         8d:5a:be:b2:32:b9:a5:c1:d6:d7:8c:7b:a0:69:3c:7b:64:23:
         53:10:72:e3:73:b6:52:0f:0a:a5:83:07:a6:84:dc:3d:bd:01:
         fb:87:28:98:6d:13:ca:c1:9c:22:a2:d8:a2:77:71:2f:5a:6f:
         53:71:aa:bc:a7:50:82:88:8c:f6:44:71:a6:e7:44:d6:79:4d:
         ba:74:76:37:27:d2:d2:ad:ac:9d:6b:83:f5:a5:64:bb:a7:9a:
         b5:f8:8a:71:17:ad:43:98:5a:d2:20:4e:ec:ea:4e:8d:1c:96:
         38:05:1a:66:6a:3b:d1:3b:7c:64:b5:69:32:b6:b8:9d:30:4d:
         e9:9f:cf:ac:15:50:5b:a2:44:3d:f9:e1:36:e8:b8:40:0a:12:
         80:30:3a:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2R2cBfP8hJOXW1/+TSyEgfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZTAzMzU0NjY2YzRjYjJhYmZkNTE0MTFlY2E1ZDUyNGIw
ZDViZTUwHhcNMjYwNDE1MTU1NDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjQyZTYyMzc4NzAzZjliZWU5M2FiMzYwZjhiYWYwZGM3NmFjZDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGr+mui+P4h4OgYdqhhwcX3tVvgP
wNXZGtl98uQec9YauDUI9f2x9MVXpFoCcuThrvfXgkDx4X0/mUu/lkNYeptuNuwY
qYJS3OCnf9Y9KzcT+FaK0hcy0r0jK40Modj/J3dnDLOsv/LVC7LmC0XOx0SPzTMb
ExDCHNglZfOVdpemMjEsEI2pjADg6UAK2szw3UaRVTNnKXDmUcSdwmUBPqgEX919
LOjsVjhA77nuLiCgmCZa+y+7n1QZGMz6/KSKOab5PCIGLhaIKarPe4l8/GnlGB37
WXwArtzrYw5KYsdeOpOAN8Sq44WeTruazrSANK1rFpGYTckXlzZvwnaY5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB9C5iN4cD+b7pOrNg+Lrw3Has1ZMB8GA1UdIwQY
MBaAFOXgM1RmbEyyq/1RQR7KXVJLDVvlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWVBelZHWnNUTEtyX1ZGQkhzcGRVa3NOVy1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS85YjYyNWQtMGI2Mi00NWQ5LTk5ZWYt
NjBmYjBmOTE5OTdlLzEvSDBMbUkzaHdQNXZ1azZzMkQ0dXZEY2RxelZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS85YjYyNWQtMGI2Mi00NWQ5LTk5ZWYtNjBmYjBmOTE5OTdl
LzEvNWVBelZHWnNUTEtyX1ZGQkhzcGRVa3NOVy1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hMMA0G
CSqGSIb3DQEBCwUAA4IBAQBzexfPCVvlYoyaYajc/tef1BYFDW0Ii5K6XbYtxG5m
nC178MvrSoMFYNsIEbiENaxOEu/maa8V4mVX5tDwdLootdNBVuMZGt43WRSh8s8H
QqEGRsohABNpge9cwBXwanctijFvUJtth0XHOQ2NWr6yMrmlwdbXjHugaTx7ZCNT
EHLjc7ZSDwqlgwemhNw9vQH7hyiYbRPKwZwiotiid3EvWm9Tcaq8p1CCiIz2RHGm
50TWeU26dHY3J9LSrayda4P1pWS7p5q1+IpxF61DmFrSIE7s6k6NHJY4BRpmajvR
O3xktWkytridME3pn8+sFVBbokQ9+eE26LhAChKAMDq5
-----END CERTIFICATE-----