Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/yv3IV4Vlkd8eePPSX6RP7lOMXhU.roa
File:                     yv3IV4Vlkd8eePPSX6RP7lOMXhU.roa (raw, json)
Hash identifier:          IlfKdK3YlVuTxh1bRqhdGRqWCOTVftiLmI4fUhCGywY=
Subject key identifier:   CA:FD:C8:57:85:65:91:DF:1E:78:F3:D2:5F:A4:4F:EE:53:8C:5E:15
Certificate issuer:       /CN=e5e03354666c4cb2abfd51411eca5d524b0d5be5
Certificate serial:       019D3F5A550F00BB1C978E1A8B26B5D3826E
Authority key identifier: E5:E0:33:54:66:6C:4C:B2:AB:FD:51:41:1E:CA:5D:52:4B:0D:5B:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/yv3IV4Vlkd8eePPSX6RP7lOMXhU.roa
Signing time:             Mon 30 Mar 2026 15:26:17 +0000
ROA not before:           Mon 30 Mar 2026 15:26:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     151704
IP address blocks:        87.232.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 04:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3f:5a:55:0f:00:bb:1c:97:8e:1a:8b:26:b5:d3:82:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5e03354666c4cb2abfd51411eca5d524b0d5be5
        Validity
            Not Before: Mar 30 15:26:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cafdc857856591df1e78f3d25fa44fee538c5e15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:d9:d0:22:99:e0:2c:95:fa:99:fd:23:66:a0:
                    1d:24:81:3b:2f:59:c5:37:2f:1a:df:e5:5d:d7:9e:
                    88:2a:da:04:4b:b8:a4:27:fd:e8:51:a5:ee:2f:09:
                    01:83:a5:84:db:9a:e2:9f:33:71:fb:69:ff:92:6a:
                    4e:50:c3:62:35:89:53:28:4b:1f:1a:3a:c3:e8:80:
                    81:a1:e2:b8:13:c9:5a:55:99:8e:ee:3c:42:f4:85:
                    31:bc:17:da:19:ff:75:e4:78:07:74:09:2f:ee:3a:
                    37:d1:68:ef:8f:3a:c7:14:06:a6:1b:7c:b5:f4:1c:
                    d4:42:1c:5a:60:06:eb:91:98:76:cb:34:31:77:c0:
                    9b:f7:80:70:64:fc:41:4d:46:6d:f9:7f:de:3e:eb:
                    8f:3a:6a:47:30:c6:64:31:c9:5f:5f:40:b4:87:33:
                    76:9a:6f:fe:78:f9:74:10:95:35:19:98:e1:c2:eb:
                    04:86:21:31:2b:23:17:9b:ae:b9:55:34:e4:32:2d:
                    b4:ef:2d:43:8c:b2:14:9a:0b:77:93:9a:cd:09:b6:
                    24:6c:63:2a:b7:41:51:f9:c2:4b:e1:ec:e8:e2:86:
                    c6:72:b9:bb:92:72:0b:5e:dc:fa:3e:ab:20:a5:25:
                    a4:1c:d1:1b:e6:a6:fd:20:03:ce:17:e3:59:19:74:
                    3a:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:FD:C8:57:85:65:91:DF:1E:78:F3:D2:5F:A4:4F:EE:53:8C:5E:15
            X509v3 Authority Key Identifier:
                keyid:E5:E0:33:54:66:6C:4C:B2:AB:FD:51:41:1E:CA:5D:52:4B:0D:5B:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/yv3IV4Vlkd8eePPSX6RP7lOMXhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:0d:8a:71:2a:86:12:6e:f5:b5:d6:eb:4a:17:a7:8d:55:fe:
         b2:f6:e8:39:07:ff:93:6f:31:2f:4d:da:85:5a:39:17:11:f9:
         c0:b4:02:28:28:d3:2d:7e:41:f4:11:57:d3:0f:5d:c9:fa:78:
         ee:91:6e:23:d1:c9:f9:db:f2:07:ba:d9:56:69:98:f0:af:00:
         e5:92:91:0e:f9:b8:cc:8a:b9:3c:f4:5f:e0:fa:22:39:cf:f3:
         c2:98:d8:c4:6b:6a:ef:8e:eb:b5:78:7e:05:e8:d2:8f:b5:c9:
         ee:31:fb:47:bc:ee:c4:14:7f:58:56:f9:ab:1d:bf:ec:9f:92:
         dc:55:45:81:0f:f9:2e:9e:48:a6:21:ff:76:26:d4:b7:8f:7a:
         41:23:a9:02:1a:cc:46:5b:f7:2c:19:60:53:73:08:e9:64:74:
         14:34:b9:ef:60:89:48:7a:cb:3b:58:f0:c3:b8:f6:01:72:a2:
         95:d4:70:6f:05:80:53:13:71:36:29:71:7e:0d:ae:17:55:ac:
         db:2e:d0:c7:06:96:1b:fc:5a:01:cd:3e:d1:88:97:e1:07:16:
         24:14:50:4b:29:80:ca:3f:82:ca:8f:ef:d1:3a:90:d2:67:f3:
         c7:f4:53:7c:1c:e3:02:f3:04:34:6b:d9:a1:d5:00:cc:d4:c0:
         d5:96:01:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0/WlUPALscl44aiya104JuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZTAzMzU0NjY2YzRjYjJhYmZkNTE0MTFlY2E1ZDUyNGIw
ZDViZTUwHhcNMjYwMzMwMTUyNjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWZkYzg1Nzg1NjU5MWRmMWU3OGYzZDI1ZmE0NGZlZTUzOGM1ZTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4dnQIpngLJX6mf0jZqAdJIE7L1nF
Ny8a3+Vd156IKtoES7ikJ/3oUaXuLwkBg6WE25rinzNx+2n/kmpOUMNiNYlTKEsf
GjrD6ICBoeK4E8laVZmO7jxC9IUxvBfaGf915HgHdAkv7jo30WjvjzrHFAamG3y1
9BzUQhxaYAbrkZh2yzQxd8Cb94BwZPxBTUZt+X/ePuuPOmpHMMZkMclfX0C0hzN2
mm/+ePl0EJU1GZjhwusEhiExKyMXm665VTTkMi207y1DjLIUmgt3k5rNCbYkbGMq
t0FR+cJL4ezo4obGcrm7knILXtz6PqsgpSWkHNEb5qb9IAPOF+NZGXQ6UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMr9yFeFZZHfHnjz0l+kT+5TjF4VMB8GA1UdIwQY
MBaAFOXgM1RmbEyyq/1RQR7KXVJLDVvlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWVBelZHWnNUTEtyX1ZGQkhzcGRVa3NOVy1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS85YjYyNWQtMGI2Mi00NWQ5LTk5ZWYt
NjBmYjBmOTE5OTdlLzEveXYzSVY0VmxrZDhlZVBQU1g2UlA3bE9NWGhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS85YjYyNWQtMGI2Mi00NWQ5LTk5ZWYtNjBmYjBmOTE5OTdl
LzEvNWVBelZHWnNUTEtyX1ZGQkhzcGRVa3NOVy1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hIMA0G
CSqGSIb3DQEBCwUAA4IBAQCTDYpxKoYSbvW11utKF6eNVf6y9ug5B/+TbzEvTdqF
WjkXEfnAtAIoKNMtfkH0EVfTD13J+njukW4j0cn52/IHutlWaZjwrwDlkpEO+bjM
irk89F/g+iI5z/PCmNjEa2rvjuu1eH4F6NKPtcnuMftHvO7EFH9YVvmrHb/sn5Lc
VUWBD/kunkimIf92JtS3j3pBI6kCGsxGW/csGWBTcwjpZHQUNLnvYIlIess7WPDD
uPYBcqKV1HBvBYBTE3E2KXF+Da4XVazbLtDHBpYb/FoBzT7RiJfhBxYkFFBLKYDK
P4LKj+/ROpDSZ/PH9FN8HOMC8wQ0a9mh1QDM1MDVlgGR
-----END CERTIFICATE-----