Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/K-4pys4Tbd0ga-WDNPF5z_mW6Pk.roa
File:                     K-4pys4Tbd0ga-WDNPF5z_mW6Pk.roa (raw, json)
Hash identifier:          lJ0AVekYQTTsGObmZu8v4v231m2FlHgII909OKO5EU4=
Subject key identifier:   2B:EE:29:CA:CE:13:6D:DD:20:6B:E5:83:34:F1:79:CF:F9:96:E8:F9
Certificate issuer:       /CN=e5e03354666c4cb2abfd51411eca5d524b0d5be5
Certificate serial:       019D91DF7E691081AC399FA946D6BFDA798A
Authority key identifier: E5:E0:33:54:66:6C:4C:B2:AB:FD:51:41:1E:CA:5D:52:4B:0D:5B:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/K-4pys4Tbd0ga-WDNPF5z_mW6Pk.roa
Signing time:             Wed 15 Apr 2026 16:00:36 +0000
ROA not before:           Wed 15 Apr 2026 16:00:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        87.232.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:df:7e:69:10:81:ac:39:9f:a9:46:d6:bf:da:79:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5e03354666c4cb2abfd51411eca5d524b0d5be5
        Validity
            Not Before: Apr 15 16:00:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2bee29cace136ddd206be58334f179cff996e8f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:08:b1:46:aa:f0:5c:92:ff:6d:1e:25:6c:c9:
                    0f:4f:23:3d:b9:68:69:62:44:24:a1:b4:cf:ed:98:
                    03:fa:f4:d8:d1:35:44:a8:a5:79:52:32:c7:c7:58:
                    2e:a8:7f:22:0d:c4:26:e2:17:3d:06:cc:e8:45:1e:
                    7f:7f:22:82:00:98:b4:01:3e:45:33:02:de:73:16:
                    7f:37:09:1c:c0:72:59:43:e6:e6:84:2f:13:b5:e6:
                    34:5f:16:e3:43:5e:dc:44:b5:14:f6:5a:30:5a:d6:
                    47:57:04:25:9d:b7:75:46:cc:f2:f7:33:85:66:bf:
                    c1:4c:da:21:04:ff:a3:61:8e:28:7d:e6:33:96:25:
                    3e:27:63:55:d9:54:0c:82:7b:4a:a9:79:5a:db:bf:
                    44:4e:aa:88:41:c7:05:24:9f:79:8b:d6:61:32:5a:
                    32:94:4e:21:da:4b:09:f2:a0:2d:bf:db:26:74:20:
                    4b:2b:69:1b:6c:de:93:c3:c4:55:24:2c:e1:b2:f9:
                    22:ae:e0:c6:ff:a1:3d:7d:d8:ee:a0:4f:f1:88:50:
                    7f:50:0d:a4:a3:bd:14:09:d1:9c:d8:3d:ec:6b:14:
                    bf:17:f5:94:2f:67:f2:4a:8c:be:39:48:2c:65:4f:
                    55:87:a6:e4:5d:8a:d4:1f:ad:a5:18:95:b8:9a:6c:
                    09:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:EE:29:CA:CE:13:6D:DD:20:6B:E5:83:34:F1:79:CF:F9:96:E8:F9
            X509v3 Authority Key Identifier:
                keyid:E5:E0:33:54:66:6C:4C:B2:AB:FD:51:41:1E:CA:5D:52:4B:0D:5B:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/K-4pys4Tbd0ga-WDNPF5z_mW6Pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:08:98:26:1e:6a:cb:23:53:a9:73:06:91:9f:92:85:07:9c:
         da:96:45:75:50:78:8e:44:25:c5:4a:50:1f:53:14:68:1e:2f:
         7a:46:69:12:d2:48:36:00:d8:d5:38:3c:95:2c:6d:38:a9:77:
         a7:88:bb:00:ba:2e:30:cb:c7:29:09:07:57:40:20:35:7a:02:
         66:69:ef:5f:6b:54:78:63:d4:e6:2c:cb:06:83:ab:1e:92:9e:
         de:36:5d:90:82:a8:22:0f:84:a3:bb:46:9b:09:33:93:39:e4:
         cb:37:f3:68:af:59:16:83:8e:0f:46:7b:db:88:3d:a7:f0:6b:
         c4:18:e7:ff:ea:c7:2c:27:a8:d2:98:00:45:77:d9:eb:b0:bf:
         26:18:f4:11:d8:16:c3:62:82:ad:74:83:ad:48:8e:bf:ff:94:
         0d:75:97:64:8e:c4:3d:83:fc:f7:c3:95:f7:d9:5a:0b:8c:7e:
         ef:67:1b:2e:ba:06:97:ac:c4:e8:a9:d7:0b:18:68:8c:5a:2f:
         55:07:c6:f4:b3:18:86:e2:42:ea:14:fc:94:82:ea:f8:fa:93:
         e9:40:de:e2:79:84:10:bc:69:e6:fe:6d:ae:7f:59:c6:bd:a7:
         3d:de:30:0c:50:d2:83:ae:ba:4e:7d:11:72:12:b3:98:32:84:
         32:99:7f:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2R335pEIGsOZ+pRta/2nmKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZTAzMzU0NjY2YzRjYjJhYmZkNTE0MTFlY2E1ZDUyNGIw
ZDViZTUwHhcNMjYwNDE1MTYwMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmVlMjljYWNlMTM2ZGRkMjA2YmU1ODMzNGYxNzljZmY5OTZlOGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AixRqrwXJL/bR4lbMkPTyM9uWhp
YkQkobTP7ZgD+vTY0TVEqKV5UjLHx1guqH8iDcQm4hc9BszoRR5/fyKCAJi0AT5F
MwLecxZ/NwkcwHJZQ+bmhC8TteY0XxbjQ17cRLUU9lowWtZHVwQlnbd1Rszy9zOF
Zr/BTNohBP+jYY4ofeYzliU+J2NV2VQMgntKqXla279ETqqIQccFJJ95i9ZhMloy
lE4h2ksJ8qAtv9smdCBLK2kbbN6Tw8RVJCzhsvkiruDG/6E9fdjuoE/xiFB/UA2k
o70UCdGc2D3saxS/F/WUL2fySoy+OUgsZU9Vh6bkXYrUH62lGJW4mmwJhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCvuKcrOE23dIGvlgzTxec/5luj5MB8GA1UdIwQY
MBaAFOXgM1RmbEyyq/1RQR7KXVJLDVvlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWVBelZHWnNUTEtyX1ZGQkhzcGRVa3NOVy1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS85YjYyNWQtMGI2Mi00NWQ5LTk5ZWYt
NjBmYjBmOTE5OTdlLzEvSy00cHlzNFRiZDBnYS1XRE5QRjV6X21XNlBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS85YjYyNWQtMGI2Mi00NWQ5LTk5ZWYtNjBmYjBmOTE5OTdl
LzEvNWVBelZHWnNUTEtyX1ZGQkhzcGRVa3NOVy1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hLMA0G
CSqGSIb3DQEBCwUAA4IBAQCKCJgmHmrLI1OpcwaRn5KFB5zalkV1UHiORCXFSlAf
UxRoHi96RmkS0kg2ANjVODyVLG04qXeniLsAui4wy8cpCQdXQCA1egJmae9fa1R4
Y9TmLMsGg6sekp7eNl2QgqgiD4Sju0abCTOTOeTLN/Nor1kWg44PRnvbiD2n8GvE
GOf/6scsJ6jSmABFd9nrsL8mGPQR2BbDYoKtdIOtSI6//5QNdZdkjsQ9g/z3w5X3
2VoLjH7vZxsuugaXrMToqdcLGGiMWi9VB8b0sxiG4kLqFPyUgur4+pPpQN7ieYQQ
vGnm/m2uf1nGvac93jAMUNKDrrpOfRFyErOYMoQymX9J
-----END CERTIFICATE-----