Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/DTFBVkNmjB6PhyrTaLTWnml2VXw.roa
File:                     DTFBVkNmjB6PhyrTaLTWnml2VXw.roa (raw, json)
Hash identifier:          g4SO01LxYc8TpYd25tyes0oCoTRef/gNrpZdhyO//98=
Subject key identifier:   0D:31:41:56:43:66:8C:1E:8F:87:2A:D3:68:B4:D6:9E:69:76:55:7C
Certificate issuer:       /CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
Certificate serial:       019D7D2D1715E2EEF58F712CF6F265185E62
Authority key identifier: A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/DTFBVkNmjB6PhyrTaLTWnml2VXw.roa
Signing time:             Sat 11 Apr 2026 15:33:20 +0000
ROA not before:           Sat 11 Apr 2026 15:33:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        87.248.134.0/24 maxlen: 24
                          87.248.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 21:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:7d:2d:17:15:e2:ee:f5:8f:71:2c:f6:f2:65:18:5e:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
        Validity
            Not Before: Apr 11 15:33:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d31415643668c1e8f872ad368b4d69e6976557c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:bd:4e:bb:1c:19:00:22:b3:e7:31:c8:e7:75:
                    19:ae:28:9e:e0:8f:a5:f9:c1:cf:25:23:86:4d:18:
                    11:74:0d:c1:10:2b:ef:2e:b4:16:12:9b:bb:69:69:
                    19:70:f6:df:60:43:d7:b4:c3:2a:c5:c8:86:fa:ae:
                    06:79:cc:5e:d2:aa:e0:91:b6:9a:34:20:c0:63:71:
                    a4:1b:b3:88:83:3b:6c:5c:a4:21:4c:dd:92:c9:19:
                    08:26:8b:2b:55:6f:0e:a8:4c:b4:40:29:6c:0c:04:
                    fb:49:cc:47:e9:50:3b:62:23:87:2a:0f:4f:36:78:
                    b7:36:7a:41:2d:af:5e:b6:2d:8e:74:8f:72:8a:a7:
                    5c:d7:76:0c:d5:66:32:57:38:9c:55:f0:d3:91:92:
                    b8:71:95:af:8f:1d:90:92:50:16:ce:04:3a:a8:88:
                    5d:87:a8:cc:13:3c:0a:a9:5b:bc:6e:5f:8b:62:b5:
                    f2:3c:87:88:27:da:5f:21:49:b6:0f:0a:a6:03:13:
                    4d:a4:b6:1a:96:a6:43:80:76:5b:06:0e:6f:ef:e2:
                    44:3e:48:80:8c:a6:01:7e:e2:4d:78:56:17:76:dc:
                    c5:22:6c:1f:54:34:2a:d2:60:41:c8:d1:28:9e:11:
                    b5:8c:28:98:cd:86:ba:ce:46:62:ee:a6:48:b1:e6:
                    30:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:31:41:56:43:66:8C:1E:8F:87:2A:D3:68:B4:D6:9E:69:76:55:7C
            X509v3 Authority Key Identifier:
                keyid:A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/DTFBVkNmjB6PhyrTaLTWnml2VXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.134.0/24
                  87.248.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:ff:fd:49:00:3a:da:5a:f9:b1:33:61:4f:ba:ba:43:1a:bd:
         ef:1f:c4:b7:65:e5:67:2c:7d:d6:ee:5a:91:d5:83:a4:bd:22:
         19:60:3b:2c:67:11:ba:6b:c5:5c:36:46:ce:42:77:6d:31:b0:
         ad:a4:e1:68:e4:4a:02:91:20:52:c9:40:fa:03:61:ac:f8:02:
         8a:f9:4c:53:ab:fc:c3:64:8d:a5:83:c8:83:a4:71:19:4f:82:
         8a:ef:0f:d8:ea:64:b9:57:c3:a5:23:4b:52:58:25:4e:1c:91:
         c2:38:68:8a:25:ac:81:da:be:e7:2c:2a:b7:b7:db:e9:83:8f:
         2d:35:ef:40:93:9c:2f:27:95:c3:6e:e1:ee:04:6f:76:69:56:
         6e:6d:b6:2b:6f:19:7a:66:eb:74:ca:73:06:3a:b6:39:a1:b7:
         d9:62:5c:e4:0e:0a:59:54:a9:0e:97:e7:87:c8:f8:e3:ce:62:
         37:94:f5:ec:7e:a2:f0:be:a0:b8:d0:28:93:db:44:a1:bf:e1:
         fc:06:9b:4a:9b:8a:4b:f7:f4:3c:2e:9d:3b:fe:dc:13:54:9c:
         c6:43:6b:fc:cc:84:15:ba:fd:73:1d:d7:98:fe:87:7a:ce:28:
         d9:b9:71:de:86:b7:dd:6c:2e:83:e0:3b:34:a8:ab:47:a2:48:
         16:37:c7:27
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ19LRcV4u71j3Es9vJlGF5iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MGNlZTc1ODJlOTc1OWJlMDE2YzkzMWFiMzRkOTI4NWQy
ZmM4YjQwHhcNMjYwNDExMTUzMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDMxNDE1NjQzNjY4YzFlOGY4NzJhZDM2OGI0ZDY5ZTY5NzY1NTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp71OuxwZACKz5zHI53UZriie4I+l
+cHPJSOGTRgRdA3BECvvLrQWEpu7aWkZcPbfYEPXtMMqxciG+q4Gecxe0qrgkbaa
NCDAY3GkG7OIgztsXKQhTN2SyRkIJosrVW8OqEy0QClsDAT7ScxH6VA7YiOHKg9P
Nni3NnpBLa9eti2OdI9yiqdc13YM1WYyVzicVfDTkZK4cZWvjx2QklAWzgQ6qIhd
h6jMEzwKqVu8bl+LYrXyPIeIJ9pfIUm2DwqmAxNNpLYalqZDgHZbBg5v7+JEPkiA
jKYBfuJNeFYXdtzFImwfVDQq0mBByNEonhG1jCiYzYa6zkZi7qZIseYwjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA0xQVZDZowej4cq02i01p5pdlV8MB8GA1UdIwQY
MBaAFKYM7nWC6XWb4BbJMas02ShdL8i0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTct
ZDNiMzhjZTlkYzM0LzEvRFRGQlZrTm1qQjZQaHlyVGFMVFdubWwyVlh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTctZDNiMzhjZTlkYzM0
LzEvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV/iGAwQA
V/iPMA0GCSqGSIb3DQEBCwUAA4IBAQCR//1JADraWvmxM2FPurpDGr3vH8S3ZeVn
LH3W7lqR1YOkvSIZYDssZxG6a8VcNkbOQndtMbCtpOFo5EoCkSBSyUD6A2Gs+AKK
+UxTq/zDZI2lg8iDpHEZT4KK7w/Y6mS5V8OlI0tSWCVOHJHCOGiKJayB2r7nLCq3
t9vpg48tNe9Ak5wvJ5XDbuHuBG92aVZubbYrbxl6Zut0ynMGOrY5obfZYlzkDgpZ
VKkOl+eHyPjjzmI3lPXsfqLwvqC40CiT20Shv+H8BptKm4pL9/Q8Lp07/twTVJzG
Q2v8zIQVuv1zHdeY/od6zijZuXHehrfdbC6D4Ds0qKtHokgWN8cn
-----END CERTIFICATE-----