Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/c8eJl-3JP9AxZFULMhM6YkciJnY.roa
File:                     c8eJl-3JP9AxZFULMhM6YkciJnY.roa (raw, json)
Hash identifier:          T6HFSllAOvG1TkfBGfSjeP+EN0EobptIaOD6pvtjKUM=
Subject key identifier:   73:C7:89:97:ED:C9:3F:D0:31:64:55:0B:32:13:3A:62:47:22:26:76
Certificate issuer:       /CN=e5e03354666c4cb2abfd51411eca5d524b0d5be5
Certificate serial:       019D9C557843A2BCCF2D2DB3E900229042F4
Authority key identifier: E5:E0:33:54:66:6C:4C:B2:AB:FD:51:41:1E:CA:5D:52:4B:0D:5B:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/c8eJl-3JP9AxZFULMhM6YkciJnY.roa
Signing time:             Fri 17 Apr 2026 16:45:40 +0000
ROA not before:           Fri 17 Apr 2026 16:45:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        87.232.75.0/24 maxlen: 24
                          87.232.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9c:55:78:43:a2:bc:cf:2d:2d:b3:e9:00:22:90:42:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5e03354666c4cb2abfd51411eca5d524b0d5be5
        Validity
            Not Before: Apr 17 16:45:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=73c78997edc93fd03164550b32133a6247222676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a8:32:cb:49:1b:93:66:10:7c:5b:d4:92:a5:
                    28:d5:2d:6a:f8:70:e3:dc:dd:bb:14:f9:a9:dc:f9:
                    d8:94:63:d8:59:28:c4:49:30:55:85:6e:87:5b:d6:
                    7d:9c:13:0a:ce:a7:9d:61:49:bc:15:3a:07:6a:a9:
                    10:67:90:b8:c3:86:4c:f3:26:de:eb:58:fe:e2:76:
                    f5:48:2b:31:ba:d6:d3:02:93:cd:56:12:d2:5e:2c:
                    6c:fb:ba:a0:9a:0b:a3:fc:ac:6b:82:bd:fc:c5:66:
                    59:a8:9f:9b:a6:5c:71:77:3f:89:8a:e9:35:bd:3a:
                    1e:e9:cf:e4:6b:6b:59:a7:5a:1b:f5:d0:ab:34:25:
                    e8:7f:b9:71:7c:98:b9:86:89:5c:78:4b:12:0a:81:
                    68:6a:c9:e0:63:48:0b:65:3c:71:d7:ab:7a:35:93:
                    45:6c:70:e9:1b:86:fc:ab:5c:f8:d4:c2:1c:36:bb:
                    e6:55:fa:9f:7b:0d:66:43:68:2d:b8:fb:d6:05:0f:
                    90:93:50:d6:4e:4d:00:b2:e6:93:16:db:77:76:06:
                    c8:28:a6:63:1e:74:9c:13:45:1b:bb:b2:f5:29:4d:
                    be:9e:02:78:ab:7f:43:43:90:8f:ae:5e:e3:95:c5:
                    2e:61:9c:2f:29:9c:a8:ec:a3:5f:e5:21:66:36:13:
                    2c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:C7:89:97:ED:C9:3F:D0:31:64:55:0B:32:13:3A:62:47:22:26:76
            X509v3 Authority Key Identifier:
                keyid:E5:E0:33:54:66:6C:4C:B2:AB:FD:51:41:1E:CA:5D:52:4B:0D:5B:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/c8eJl-3JP9AxZFULMhM6YkciJnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.75.0/24
                  87.232.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:b6:49:c5:45:26:f7:94:ab:24:84:d8:83:ff:09:66:bc:71:
         9f:a5:16:71:7e:91:84:a4:ff:3a:7e:48:25:55:cd:fb:a9:4b:
         44:62:b4:b6:38:57:90:77:b4:7a:2e:8e:19:d2:e7:85:fc:07:
         24:a8:81:40:b5:f9:10:49:a0:c8:d1:a7:f9:e6:f7:27:d5:cc:
         21:97:03:ad:04:4f:10:cc:e0:37:60:48:29:22:4f:11:67:db:
         e6:c5:f8:20:78:af:c7:64:41:6f:7b:68:c9:13:4b:e9:6b:20:
         6c:e5:1b:17:2e:01:f4:37:8f:fd:32:b6:2e:17:f0:24:ed:45:
         68:cd:18:6d:3d:6e:c0:d9:ee:20:6c:8c:c4:d5:ed:60:f4:f5:
         4f:f9:4c:88:78:ce:3f:9f:80:1e:09:8a:0a:5f:b1:96:7b:7b:
         da:ef:e5:12:0c:44:9c:d2:87:37:57:b8:18:b8:19:83:08:78:
         01:c3:59:6a:cf:06:4f:64:9e:2d:ce:49:f5:39:1c:51:6b:a0:
         77:70:f1:fa:59:9c:bf:38:69:79:2c:7f:8c:d3:2f:13:19:bb:
         83:f5:10:b7:77:8d:ba:12:fe:09:e0:dd:4b:d2:48:f3:b0:5e:
         0d:3f:66:50:87:cf:c1:2b:a7:79:51:eb:5e:bc:73:75:5c:3b:
         0a:4b:58:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2cVXhDorzPLS2z6QAikEL0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZTAzMzU0NjY2YzRjYjJhYmZkNTE0MTFlY2E1ZDUyNGIw
ZDViZTUwHhcNMjYwNDE3MTY0NTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2M3ODk5N2VkYzkzZmQwMzE2NDU1MGIzMjEzM2E2MjQ3MjIyNjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6gyy0kbk2YQfFvUkqUo1S1q+HDj
3N27FPmp3PnYlGPYWSjESTBVhW6HW9Z9nBMKzqedYUm8FToHaqkQZ5C4w4ZM8ybe
61j+4nb1SCsxutbTApPNVhLSXixs+7qgmguj/Kxrgr38xWZZqJ+bplxxdz+Jiuk1
vToe6c/ka2tZp1ob9dCrNCXof7lxfJi5holceEsSCoFoasngY0gLZTxx16t6NZNF
bHDpG4b8q1z41MIcNrvmVfqfew1mQ2gtuPvWBQ+Qk1DWTk0AsuaTFtt3dgbIKKZj
HnScE0Ubu7L1KU2+ngJ4q39DQ5CPrl7jlcUuYZwvKZyo7KNf5SFmNhMsbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHPHiZftyT/QMWRVCzITOmJHIiZ2MB8GA1UdIwQY
MBaAFOXgM1RmbEyyq/1RQR7KXVJLDVvlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWVBelZHWnNUTEtyX1ZGQkhzcGRVa3NOVy1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS85YjYyNWQtMGI2Mi00NWQ5LTk5ZWYt
NjBmYjBmOTE5OTdlLzEvYzhlSmwtM0pQOUF4WkZVTE1oTTZZa2NpSm5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS85YjYyNWQtMGI2Mi00NWQ5LTk5ZWYtNjBmYjBmOTE5OTdl
LzEvNWVBelZHWnNUTEtyX1ZGQkhzcGRVa3NOVy1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV+hLAwQA
V+hOMA0GCSqGSIb3DQEBCwUAA4IBAQBNtknFRSb3lKskhNiD/wlmvHGfpRZxfpGE
pP86fkglVc37qUtEYrS2OFeQd7R6Lo4Z0ueF/AckqIFAtfkQSaDI0af55vcn1cwh
lwOtBE8QzOA3YEgpIk8RZ9vmxfggeK/HZEFve2jJE0vpayBs5RsXLgH0N4/9MrYu
F/Ak7UVozRhtPW7A2e4gbIzE1e1g9PVP+UyIeM4/n4AeCYoKX7GWe3va7+USDESc
0oc3V7gYuBmDCHgBw1lqzwZPZJ4tzkn1ORxRa6B3cPH6WZy/OGl5LH+M0y8TGbuD
9RC3d426Ev4J4N1L0kjzsF4NP2ZQh8/BK6d5UetevHN1XDsKS1iM
-----END CERTIFICATE-----