Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/8OpVbZ8O-oNzMJiBRePBf0tLFek.roa
File:                     8OpVbZ8O-oNzMJiBRePBf0tLFek.roa (raw, json)
Hash identifier:          MpkDkoaZC20ISMKNUonCyk9fZ2UINI18TKQJk93zWss=
Subject key identifier:   F0:EA:55:6D:9F:0E:FA:83:73:30:98:81:45:E3:C1:7F:4B:4B:15:E9
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019E5A1BE068B8FE78842B7FCE3A7ABD6D11
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/8OpVbZ8O-oNzMJiBRePBf0tLFek.roa
Signing time:             Sun 24 May 2026 13:10:36 +0000
ROA not before:           Sun 24 May 2026 13:10:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213702
IP address blocks:        87.58.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5a:1b:e0:68:b8:fe:78:84:2b:7f:ce:3a:7a:bd:6d:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: May 24 13:10:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f0ea556d9f0efa837330988145e3c17f4b4b15e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:85:41:ae:00:c6:5c:c0:74:8f:be:1b:fd:81:
                    f0:75:c9:5e:47:2a:2a:56:c4:a3:78:ec:a4:ff:42:
                    2d:a5:86:1b:ab:ee:80:0e:49:7b:de:bc:49:9d:19:
                    a1:29:58:cd:58:8c:20:3d:63:d0:07:fe:5d:14:8c:
                    48:08:7b:4c:a5:5b:d1:b5:75:b0:6b:6a:6b:b1:e3:
                    77:74:6e:b4:ef:4b:0d:2e:0d:fe:fe:50:94:2a:04:
                    ea:21:9a:26:05:64:52:a7:6e:f1:e8:8c:bb:d7:1d:
                    9e:26:1b:85:26:65:cb:ef:b1:f5:85:f5:2f:1a:6b:
                    d4:b4:0b:f0:2b:52:fd:d4:30:b8:ac:d0:1e:3b:6c:
                    5d:b9:98:80:12:75:96:37:47:f7:46:b2:45:ff:0b:
                    35:7b:fb:06:16:6a:c4:b1:93:b1:7a:94:d6:40:f7:
                    aa:ec:cb:84:ae:ac:9d:dd:a2:cf:25:e3:0d:57:b6:
                    90:10:cc:f7:be:9b:1f:73:73:50:e9:3a:47:ac:68:
                    56:f2:3a:4e:c8:02:7a:bb:8f:98:35:9a:21:77:5e:
                    38:35:fb:7d:45:76:05:32:04:bf:f4:80:ef:b9:9e:
                    4a:b1:c6:22:56:11:84:be:1e:b4:b4:94:a4:e6:79:
                    4e:64:a7:1a:3c:35:be:3f:87:9a:c2:f1:86:54:51:
                    24:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:EA:55:6D:9F:0E:FA:83:73:30:98:81:45:E3:C1:7F:4B:4B:15:E9
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/8OpVbZ8O-oNzMJiBRePBf0tLFek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.58.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:2c:10:f7:e9:36:f8:9c:e9:97:1c:ae:bd:72:47:e7:f3:bc:
         dd:08:84:ab:5b:47:38:48:80:2a:8d:6b:9f:81:eb:3c:ff:e2:
         61:f3:21:3e:d2:18:fa:36:af:0f:c1:e1:33:1b:ea:2f:39:c9:
         ad:bb:80:ef:a6:0c:63:73:f5:f1:4b:b9:25:b7:43:c1:a3:71:
         d8:41:cd:30:7c:86:5d:56:70:60:63:fd:77:98:64:3c:fd:60:
         45:42:dc:09:14:42:c1:c3:5b:2e:f0:b4:03:09:c9:eb:e4:32:
         5f:02:97:3a:2e:7c:36:75:bc:6c:dc:d1:43:4f:7a:c1:07:a3:
         8e:7d:93:f1:52:eb:ee:88:17:e5:11:f9:79:87:91:6f:2d:d4:
         be:f7:2c:7c:be:04:a7:0b:6c:a7:05:fb:b2:af:ce:1d:5f:cb:
         64:66:d6:32:e2:3b:c5:80:2f:25:c8:9b:87:44:20:e1:d7:1f:
         ec:c6:87:7a:9a:af:6a:c1:47:b3:1f:5b:b6:2f:d7:af:d9:10:
         99:03:74:6e:5d:eb:58:f3:2c:42:53:e5:6a:e5:0c:b3:90:3f:
         ba:79:6e:a4:e3:d3:fa:20:b0:52:f6:ff:e2:b9:c8:6a:5f:7c:
         1d:b9:f6:7d:c1:2d:0e:df:44:b6:c7:55:ee:4d:05:87:8a:15:
         70:89:0d:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5aG+BouP54hCt/zjp6vW0RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNTI0MTMxMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGVhNTU2ZDlmMGVmYTgzNzMzMDk4ODE0NWUzYzE3ZjRiNGIxNWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIVBrgDGXMB0j74b/YHwdcleRyoq
VsSjeOyk/0ItpYYbq+6ADkl73rxJnRmhKVjNWIwgPWPQB/5dFIxICHtMpVvRtXWw
a2prseN3dG6070sNLg3+/lCUKgTqIZomBWRSp27x6Iy71x2eJhuFJmXL77H1hfUv
GmvUtAvwK1L91DC4rNAeO2xduZiAEnWWN0f3RrJF/ws1e/sGFmrEsZOxepTWQPeq
7MuErqyd3aLPJeMNV7aQEMz3vpsfc3NQ6TpHrGhW8jpOyAJ6u4+YNZohd144Nft9
RXYFMgS/9IDvuZ5KscYiVhGEvh60tJSk5nlOZKcaPDW+P4eawvGGVFEkZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPDqVW2fDvqDczCYgUXjwX9LSxXpMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvOE9wVmJaOE8tb056TUppQlJlUEJmMHRMRmVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVzrJMA0G
CSqGSIb3DQEBCwUAA4IBAQBZLBD36Tb4nOmXHK69ckfn87zdCISrW0c4SIAqjWuf
ges8/+Jh8yE+0hj6Nq8PweEzG+ovOcmtu4Dvpgxjc/XxS7klt0PBo3HYQc0wfIZd
VnBgY/13mGQ8/WBFQtwJFELBw1su8LQDCcnr5DJfApc6Lnw2dbxs3NFDT3rBB6OO
fZPxUuvuiBflEfl5h5FvLdS+9yx8vgSnC2ynBfuyr84dX8tkZtYy4jvFgC8lyJuH
RCDh1x/sxod6mq9qwUezH1u2L9ev2RCZA3RuXetY8yxCU+Vq5QyzkD+6eW6k49P6
ILBS9v/iuchqX3wdufZ9wS0O30S2x1XuTQWHihVwiQ3F
-----END CERTIFICATE-----