Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/ea1PNMjRMSZJp8pxkX6qg7pBE14.roa
File:                     ea1PNMjRMSZJp8pxkX6qg7pBE14.roa (raw, json)
Hash identifier:          xPfJVkhfWlrwWR9LWQpxFCZAhIrsduco0ivqj+s8DIs=
Subject key identifier:   79:AD:4F:34:C8:D1:31:26:49:A7:CA:71:91:7E:AA:83:BA:41:13:5E
Certificate issuer:       /CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
Certificate serial:       019D971F3F26B5346BBA0348AB2F5AB209D0
Authority key identifier: 5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/ea1PNMjRMSZJp8pxkX6qg7pBE14.roa
Signing time:             Thu 16 Apr 2026 16:28:20 +0000
ROA not before:           Thu 16 Apr 2026 16:28:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        87.232.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:97:1f:3f:26:b5:34:6b:ba:03:48:ab:2f:5a:b2:09:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
        Validity
            Not Before: Apr 16 16:28:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=79ad4f34c8d1312649a7ca71917eaa83ba41135e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:15:eb:b8:1f:43:54:fe:11:4f:aa:8d:15:be:
                    9c:b8:a8:ba:86:bd:74:66:d4:29:30:d7:f9:c2:02:
                    bc:9a:d8:99:8d:ce:d8:e9:6f:27:58:d6:3e:0a:c9:
                    5b:ed:2b:de:e6:f6:2f:dd:d8:1e:e9:7b:57:dd:d4:
                    36:4c:09:cb:07:ad:9a:24:6d:52:2f:05:47:ae:f5:
                    b6:1c:f8:ea:ba:3d:b0:03:c8:e2:f2:0d:a5:21:68:
                    43:0f:12:fc:6f:a9:46:68:15:fb:97:4e:ad:b9:7b:
                    9f:43:f5:6e:73:09:82:f5:54:da:3f:87:4d:6e:0d:
                    93:c9:0f:22:2b:bc:51:a1:7a:99:8d:ed:05:3f:63:
                    8b:6f:a6:e3:d6:fd:97:c6:52:41:07:08:04:45:ce:
                    eb:c5:11:bf:ee:c7:db:20:bd:e4:48:34:fb:db:2e:
                    d0:70:77:fe:2c:05:d2:b5:f6:db:57:4b:11:b5:1a:
                    0c:5c:3d:72:c9:21:bf:24:ca:f4:f9:5c:28:e8:f3:
                    53:49:0c:e3:16:ac:72:08:1f:ec:f1:b5:d4:b8:f1:
                    e6:d0:55:c7:c0:6e:1f:82:4a:d4:9b:27:df:c5:54:
                    0e:1d:78:29:a7:97:69:f6:49:5e:d8:7b:72:cc:da:
                    88:e8:59:c0:9c:44:57:11:7c:0b:c6:c4:0b:b2:8a:
                    63:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:AD:4F:34:C8:D1:31:26:49:A7:CA:71:91:7E:AA:83:BA:41:13:5E
            X509v3 Authority Key Identifier:
                keyid:5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/ea1PNMjRMSZJp8pxkX6qg7pBE14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:62:3c:64:f0:65:ff:65:a8:14:6d:20:d5:c1:00:5f:a6:fc:
         7f:d6:81:e6:de:85:ab:19:cf:69:cb:7a:5d:9e:1d:e4:55:f2:
         68:e2:f3:25:3a:93:d6:d8:02:09:54:9d:79:f8:f4:ea:cf:6f:
         10:c3:d6:fe:f5:d7:b5:65:5c:40:ec:ff:f1:f7:7c:e2:d2:aa:
         22:0e:e0:4f:a8:63:0e:5f:2f:f2:82:37:84:06:12:03:c6:cf:
         f3:bd:2f:ba:d9:31:2b:e7:be:a0:72:fe:71:ed:22:ac:9c:43:
         39:34:60:1d:24:07:b7:a6:d2:f4:08:e5:07:3c:15:4d:e3:f1:
         08:01:78:21:f2:b0:86:90:78:75:77:27:ef:d8:28:92:c8:fe:
         d4:cd:92:11:d2:b0:72:30:2d:c8:79:a9:28:2f:cb:47:ad:96:
         51:2d:41:74:be:3d:f9:e2:d4:00:a6:af:66:a3:1f:89:81:f3:
         a7:38:c2:fa:ee:51:5d:93:ce:ce:b7:ad:09:1a:38:3e:e1:1a:
         50:43:29:16:b6:b4:61:58:70:25:de:47:66:b3:9a:98:9c:4b:
         d8:19:10:8f:68:36:57:7b:e4:86:15:a8:2e:d8:47:f8:1a:49:
         d3:a9:b8:3b:63:10:e4:b3:1d:b7:42:49:da:21:66:79:04:87:
         de:ed:b5:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2XHz8mtTRrugNIqy9asgnQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZTUzYzBiZmMzYzhmYjU2YjgxMTkxMzE3MTQ0NDQzZTBl
MjlkMjUwHhcNMjYwNDE2MTYyODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWFkNGYzNGM4ZDEzMTI2NDlhN2NhNzE5MTdlYWE4M2JhNDExMzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRXruB9DVP4RT6qNFb6cuKi6hr10
ZtQpMNf5wgK8mtiZjc7Y6W8nWNY+Cslb7Sve5vYv3dge6XtX3dQ2TAnLB62aJG1S
LwVHrvW2HPjquj2wA8ji8g2lIWhDDxL8b6lGaBX7l06tuXufQ/VucwmC9VTaP4dN
bg2TyQ8iK7xRoXqZje0FP2OLb6bj1v2XxlJBBwgERc7rxRG/7sfbIL3kSDT72y7Q
cHf+LAXStfbbV0sRtRoMXD1yySG/JMr0+Vwo6PNTSQzjFqxyCB/s8bXUuPHm0FXH
wG4fgkrUmyffxVQOHXgpp5dp9kle2HtyzNqI6FnAnERXEXwLxsQLsopj6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmtTzTI0TEmSafKcZF+qoO6QRNeMB8GA1UdIwQY
MBaAFF/lPAv8PI+1a4EZExcUREPg4p0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDct
NWNmNTZlZTQzNWIzLzEvZWExUE5NalJNU1pKcDhweGtYNnFnN3BCRTE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDctNWNmNTZlZTQzNWIz
LzEvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hcMA0G
CSqGSIb3DQEBCwUAA4IBAQBCYjxk8GX/ZagUbSDVwQBfpvx/1oHm3oWrGc9py3pd
nh3kVfJo4vMlOpPW2AIJVJ15+PTqz28Qw9b+9de1ZVxA7P/x93zi0qoiDuBPqGMO
Xy/ygjeEBhIDxs/zvS+62TEr576gcv5x7SKsnEM5NGAdJAe3ptL0COUHPBVN4/EI
AXgh8rCGkHh1dyfv2CiSyP7UzZIR0rByMC3IeakoL8tHrZZRLUF0vj354tQApq9m
ox+JgfOnOML67lFdk87Ot60JGjg+4RpQQykWtrRhWHAl3kdms5qYnEvYGRCPaDZX
e+SGFagu2Ef4GknTqbg7YxDksx23QknaIWZ5BIfe7bWl
-----END CERTIFICATE-----