Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/_iWBCMoMrYUysOUoB0YHo3-1zM4.roa
File:                     _iWBCMoMrYUysOUoB0YHo3-1zM4.roa (raw, json)
Hash identifier:          uMuphEkT7ZbiiYJT10mSJTK04d8ITFdnR1z4DPb7mrg=
Subject key identifier:   FE:25:81:08:CA:0C:AD:85:32:B0:E5:28:07:46:07:A3:7F:B5:CC:CE
Certificate issuer:       /CN=e5e03354666c4cb2abfd51411eca5d524b0d5be5
Certificate serial:       019D91DF7DFEB4D61BAB56B1908EB4536F46
Authority key identifier: E5:E0:33:54:66:6C:4C:B2:AB:FD:51:41:1E:CA:5D:52:4B:0D:5B:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/_iWBCMoMrYUysOUoB0YHo3-1zM4.roa
Signing time:             Wed 15 Apr 2026 16:00:36 +0000
ROA not before:           Wed 15 Apr 2026 16:00:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        87.232.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:df:7d:fe:b4:d6:1b:ab:56:b1:90:8e:b4:53:6f:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5e03354666c4cb2abfd51411eca5d524b0d5be5
        Validity
            Not Before: Apr 15 16:00:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fe258108ca0cad8532b0e528074607a37fb5ccce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:63:01:76:07:ad:ab:58:ac:10:8b:1d:ee:33:
                    6d:61:f4:d4:c9:c9:a6:a5:af:d5:15:1e:01:3e:37:
                    41:5c:bf:12:9e:c8:bf:c8:76:5e:04:40:13:48:59:
                    55:f3:d4:1e:cc:52:76:3b:0f:75:a2:2d:b4:d5:db:
                    18:8d:cc:58:b8:5d:6f:48:4f:32:c3:ea:eb:de:e0:
                    d1:94:81:03:4f:e4:77:52:9a:c0:95:be:12:7b:73:
                    1b:34:c6:bb:9f:be:ff:3b:06:84:5e:5c:3a:2e:50:
                    a0:01:e4:5f:f2:0f:1e:41:58:e1:5a:c6:56:7d:d1:
                    6e:94:4f:64:2a:c0:3b:07:54:b0:51:68:c1:2c:51:
                    db:c7:0a:5e:31:34:ed:fd:30:0f:db:d0:d1:b3:31:
                    44:7b:43:5b:46:ae:6a:46:7d:10:4b:c2:db:bf:81:
                    8c:d3:73:8c:b7:57:1a:a4:74:70:33:ae:94:83:0f:
                    df:0a:9c:23:c1:98:2f:be:e7:02:08:bf:ba:da:9f:
                    43:63:e9:3c:24:3f:8d:e0:53:0b:e3:fa:e8:a7:57:
                    0c:14:7a:92:aa:29:7c:9e:fc:df:4b:19:94:19:1c:
                    14:98:69:ae:98:73:84:2e:0c:e9:48:c8:4c:e1:ba:
                    5d:98:a0:18:51:e0:31:93:d2:6e:b7:c0:22:b2:f5:
                    48:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:25:81:08:CA:0C:AD:85:32:B0:E5:28:07:46:07:A3:7F:B5:CC:CE
            X509v3 Authority Key Identifier:
                keyid:E5:E0:33:54:66:6C:4C:B2:AB:FD:51:41:1E:CA:5D:52:4B:0D:5B:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/_iWBCMoMrYUysOUoB0YHo3-1zM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:bf:b0:f1:fc:ec:b5:88:5d:0d:58:25:dc:4c:c3:f9:40:48:
         a3:d9:bb:5b:c9:35:9c:86:7c:23:5a:4d:a4:b0:b9:ff:60:1d:
         6a:90:7c:ff:22:92:cf:71:48:1d:a5:9b:bb:6c:c0:28:b5:76:
         f3:f7:ba:f6:a2:ef:1d:ad:9f:88:a9:9d:32:f2:89:e0:df:dd:
         74:91:08:d6:5c:b2:c4:73:02:08:0b:a8:54:69:cd:5b:e6:49:
         a5:57:3a:ff:76:ce:a9:b3:a1:0c:37:e8:4e:d9:4b:4f:63:6c:
         c9:e8:ac:50:aa:e0:24:cf:90:75:ce:83:1d:8b:00:1e:e5:79:
         35:21:a3:99:e7:a8:99:5b:8e:fa:22:fa:9b:fa:40:56:3a:68:
         3c:a6:ef:ba:4b:74:df:c6:c0:91:14:6a:e6:70:ca:0d:db:1a:
         f9:e0:0a:0b:cd:ca:7f:6e:8c:3d:10:43:f6:13:03:93:b4:72:
         41:e3:82:2a:a2:70:0b:8b:89:c1:fe:2d:79:28:eb:de:39:fa:
         45:31:97:7f:16:ad:c4:f7:d6:b3:43:63:2e:fa:b1:7c:47:05:
         03:2d:9f:a3:02:b8:d6:84:6d:8c:e6:4e:55:74:9e:58:25:08:
         45:25:7b:e1:df:f2:8c:02:c5:78:c9:f6:d7:6a:73:2a:d5:6d:
         1b:03:ab:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2R333+tNYbq1axkI60U29GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZTAzMzU0NjY2YzRjYjJhYmZkNTE0MTFlY2E1ZDUyNGIw
ZDViZTUwHhcNMjYwNDE1MTYwMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTI1ODEwOGNhMGNhZDg1MzJiMGU1MjgwNzQ2MDdhMzdmYjVjY2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWMBdgetq1isEIsd7jNtYfTUycmm
pa/VFR4BPjdBXL8Snsi/yHZeBEATSFlV89QezFJ2Ow91oi201dsYjcxYuF1vSE8y
w+rr3uDRlIEDT+R3UprAlb4Se3MbNMa7n77/OwaEXlw6LlCgAeRf8g8eQVjhWsZW
fdFulE9kKsA7B1SwUWjBLFHbxwpeMTTt/TAP29DRszFEe0NbRq5qRn0QS8Lbv4GM
03OMt1capHRwM66Ugw/fCpwjwZgvvucCCL+62p9DY+k8JD+N4FML4/rop1cMFHqS
qil8nvzfSxmUGRwUmGmumHOELgzpSMhM4bpdmKAYUeAxk9Jut8AisvVInQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP4lgQjKDK2FMrDlKAdGB6N/tczOMB8GA1UdIwQY
MBaAFOXgM1RmbEyyq/1RQR7KXVJLDVvlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWVBelZHWnNUTEtyX1ZGQkhzcGRVa3NOVy1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS85YjYyNWQtMGI2Mi00NWQ5LTk5ZWYt
NjBmYjBmOTE5OTdlLzEvX2lXQkNNb01yWVV5c09Vb0IwWUhvMy0xek00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS85YjYyNWQtMGI2Mi00NWQ5LTk5ZWYtNjBmYjBmOTE5OTdl
LzEvNWVBelZHWnNUTEtyX1ZGQkhzcGRVa3NOVy1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hLMA0G
CSqGSIb3DQEBCwUAA4IBAQBEv7Dx/Oy1iF0NWCXcTMP5QEij2btbyTWchnwjWk2k
sLn/YB1qkHz/IpLPcUgdpZu7bMAotXbz97r2ou8drZ+IqZ0y8ong3910kQjWXLLE
cwIIC6hUac1b5kmlVzr/ds6ps6EMN+hO2UtPY2zJ6KxQquAkz5B1zoMdiwAe5Xk1
IaOZ56iZW476Ivqb+kBWOmg8pu+6S3TfxsCRFGrmcMoN2xr54AoLzcp/bow9EEP2
EwOTtHJB44IqonALi4nB/i15KOveOfpFMZd/Fq3E99azQ2Mu+rF8RwUDLZ+jArjW
hG2M5k5VdJ5YJQhFJXvh3/KMAsV4yfbXanMq1W0bA6so
-----END CERTIFICATE-----