Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/3Kg7_xEICbZcx2TnvFlE8qZj9EQ.roa
File:                     3Kg7_xEICbZcx2TnvFlE8qZj9EQ.roa (raw, json)
Hash identifier:          2dcOsyJRymgAysv9LcqYTxz/zsw5XodGs1o98ICd97c=
Subject key identifier:   DC:A8:3B:FF:11:08:09:B6:5C:C7:64:E7:BC:59:44:F2:A6:63:F4:44
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019E89EE28B7E0B98A8AEEA0D4916FDF0D5E
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/3Kg7_xEICbZcx2TnvFlE8qZj9EQ.roa
Signing time:             Tue 02 Jun 2026 20:02:27 +0000
ROA not before:           Tue 02 Jun 2026 20:02:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198790
IP address blocks:        87.58.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:89:ee:28:b7:e0:b9:8a:8a:ee:a0:d4:91:6f:df:0d:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Jun  2 20:02:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dca83bff110809b65cc764e7bc5944f2a663f444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:8d:b1:14:bc:1a:e8:81:3f:0c:42:65:06:1c:
                    93:23:2c:b7:83:27:6d:ce:52:62:3d:c8:3e:f4:79:
                    a1:65:56:08:ea:c6:8c:4a:ac:d9:58:8c:7b:2f:35:
                    a6:93:58:3d:05:e0:cd:a7:ab:3f:b1:98:ff:02:67:
                    d5:f4:5d:fa:ca:d3:b3:91:e9:4c:67:fd:b9:58:46:
                    db:7d:1b:ca:dd:24:fb:56:3f:d6:71:60:79:82:a4:
                    79:7d:ed:e0:ad:8a:9d:90:bc:91:f4:0f:cf:3c:4e:
                    7f:2f:0e:17:66:50:98:e2:c3:5f:d0:e0:eb:84:f7:
                    29:94:ca:a0:48:f4:08:0c:33:99:c3:42:52:70:74:
                    7c:16:21:34:fc:3b:1d:f7:8d:25:8b:11:ac:27:88:
                    dd:95:e0:00:75:d5:29:4a:2e:45:cd:59:7b:10:f8:
                    0e:dd:72:5b:2e:77:44:3c:70:86:16:66:92:9e:85:
                    58:81:7f:ec:c7:29:27:44:1b:a4:95:66:bd:d5:b9:
                    94:2a:ac:d2:bb:e0:41:75:d7:22:bd:01:a5:f6:c7:
                    d4:69:f6:0a:da:8c:9c:ce:c8:9d:0c:21:a6:4d:13:
                    27:7e:a9:5e:ff:84:01:51:d1:30:e7:14:99:24:d7:
                    97:eb:fe:c3:85:7d:f3:14:ba:c6:cd:01:15:46:0a:
                    f6:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:A8:3B:FF:11:08:09:B6:5C:C7:64:E7:BC:59:44:F2:A6:63:F4:44
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/3Kg7_xEICbZcx2TnvFlE8qZj9EQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.58.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:a8:82:9f:b0:8b:30:4a:c1:64:3f:de:22:c8:76:8f:dd:fb:
         f1:4b:50:11:9e:f9:84:18:7a:37:96:af:45:e4:b0:3b:fe:e8:
         7f:12:87:66:87:a8:a4:3f:c8:83:96:16:02:87:60:7d:1e:b1:
         51:bb:fb:e0:3e:0b:e2:59:68:f2:72:a1:d3:55:0b:62:6d:84:
         7a:d7:4a:29:fd:a1:b0:a1:f4:a1:3e:c4:fc:58:d7:ba:e4:e6:
         4b:fa:f9:7a:af:07:04:a1:3f:43:86:85:d4:c9:f6:ba:22:bb:
         bd:52:ad:da:aa:d1:9d:3d:a5:cd:ce:92:e1:ce:c9:e2:f4:b7:
         fc:8b:bf:28:57:0a:db:11:d0:b9:0a:2c:12:59:0c:e2:e6:ca:
         2d:8a:4e:16:82:af:dc:b8:69:5e:65:14:d4:3d:18:9f:ca:49:
         02:85:00:93:72:bc:bf:3c:f1:39:9e:34:a7:50:72:18:10:c3:
         1a:48:a8:8d:80:bd:75:26:95:a6:85:f2:93:1d:3c:2d:5d:11:
         24:63:b9:41:a6:4c:d0:c7:b7:b3:f9:30:b6:99:38:6d:25:e9:
         fe:d9:07:18:b4:9f:fb:c8:52:b1:70:e0:38:1a:27:03:cf:fa:
         d6:91:55:97:dc:0b:35:7c:ec:4a:c7:21:a5:a1:0d:c0:dd:d0:
         44:89:10:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6J7ii34LmKiu6g1JFv3w1eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNjAyMjAwMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2E4M2JmZjExMDgwOWI2NWNjNzY0ZTdiYzU5NDRmMmE2NjNmNDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArI2xFLwa6IE/DEJlBhyTIyy3gydt
zlJiPcg+9HmhZVYI6saMSqzZWIx7LzWmk1g9BeDNp6s/sZj/AmfV9F36ytOzkelM
Z/25WEbbfRvK3ST7Vj/WcWB5gqR5fe3grYqdkLyR9A/PPE5/Lw4XZlCY4sNf0ODr
hPcplMqgSPQIDDOZw0JScHR8FiE0/Dsd940lixGsJ4jdleAAddUpSi5FzVl7EPgO
3XJbLndEPHCGFmaSnoVYgX/sxyknRBuklWa91bmUKqzSu+BBddcivQGl9sfUafYK
2oyczsidDCGmTRMnfqle/4QBUdEw5xSZJNeX6/7DhX3zFLrGzQEVRgr2lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNyoO/8RCAm2XMdk57xZRPKmY/REMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvM0tnN194RUlDYlpjeDJUbnZGbEU4cVpqOUVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVzrAMA0G
CSqGSIb3DQEBCwUAA4IBAQCRqIKfsIswSsFkP94iyHaP3fvxS1ARnvmEGHo3lq9F
5LA7/uh/Eodmh6ikP8iDlhYCh2B9HrFRu/vgPgviWWjycqHTVQtibYR610op/aGw
ofShPsT8WNe65OZL+vl6rwcEoT9DhoXUyfa6Iru9Uq3aqtGdPaXNzpLhzsni9Lf8
i78oVwrbEdC5CiwSWQzi5sotik4Wgq/cuGleZRTUPRifykkChQCTcry/PPE5njSn
UHIYEMMaSKiNgL11JpWmhfKTHTwtXREkY7lBpkzQx7ez+TC2mThtJen+2QcYtJ/7
yFKxcOA4GicDz/rWkVWX3As1fOxKxyGloQ3A3dBEiRCs
-----END CERTIFICATE-----