Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/ITrbO45Q2_6HZzkdy9urR6p5uU0.roa
File:                     ITrbO45Q2_6HZzkdy9urR6p5uU0.roa (raw, json)
Hash identifier:          +pCndO/NX0emwWCrkaV4FNsCOoIWPIU5Mm8cVa+p6b0=
Subject key identifier:   21:3A:DB:3B:8E:50:DB:FE:87:67:39:1D:CB:DB:AB:47:AA:79:B9:4D
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019E501FB9A33A8D6EC04DA815472AA91F5F
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/ITrbO45Q2_6HZzkdy9urR6p5uU0.roa
Signing time:             Fri 22 May 2026 14:38:36 +0000
ROA not before:           Fri 22 May 2026 14:38:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        87.58.210.0/24 maxlen: 24
                          87.58.216.0/24 maxlen: 24
                          150.251.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:50:1f:b9:a3:3a:8d:6e:c0:4d:a8:15:47:2a:a9:1f:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: May 22 14:38:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=213adb3b8e50dbfe8767391dcbdbab47aa79b94d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:3b:bf:e0:05:0d:65:07:13:71:2f:0e:19:df:
                    33:46:9f:21:24:eb:6e:e1:c1:ef:f0:ca:1a:d6:de:
                    65:5b:b3:8d:23:4d:54:d4:10:01:40:26:54:03:1d:
                    a6:b0:5c:ba:a3:3e:47:53:dc:57:ab:83:27:cf:13:
                    06:d5:c3:d5:94:7c:09:bd:89:89:b4:a5:ab:a6:e4:
                    59:49:dc:fd:01:a8:b7:54:ee:9f:91:76:d1:6d:d1:
                    2f:70:94:c7:b7:af:0c:35:34:3c:d8:d1:5c:5c:c1:
                    62:b4:2c:b2:38:51:dc:08:65:5f:03:d0:95:3e:3c:
                    f6:75:7c:5c:06:b6:51:02:9c:79:e2:64:dd:f4:24:
                    89:b3:43:3e:d0:ce:c4:7c:ba:12:78:ce:fd:31:73:
                    1a:5d:cd:e8:0c:b7:ef:d3:ca:61:0d:40:22:f2:e9:
                    ac:7f:bf:f4:68:3b:54:cc:5c:bb:02:28:4d:f3:2b:
                    9d:3e:47:5e:58:4b:2d:0a:3d:96:59:12:ea:7f:10:
                    92:11:10:e8:46:3e:38:b1:38:5a:44:ab:3e:8e:23:
                    c6:13:ec:ae:53:be:59:3a:3c:7d:88:b1:56:03:7c:
                    21:aa:ca:03:d7:b7:24:ba:e0:ff:54:55:67:ab:da:
                    cb:e8:d7:e3:88:4b:1e:a8:23:aa:d4:81:4a:42:81:
                    2b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:3A:DB:3B:8E:50:DB:FE:87:67:39:1D:CB:DB:AB:47:AA:79:B9:4D
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/ITrbO45Q2_6HZzkdy9urR6p5uU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.58.210.0/24
                  87.58.216.0/24
                  150.251.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:cf:4b:85:f4:7a:ae:57:77:e0:40:eb:e9:a0:7d:06:6b:d8:
         22:16:67:c8:f3:02:77:54:a5:66:b7:ca:35:55:4a:5d:0e:71:
         14:51:a9:ca:80:37:5e:24:16:01:cb:b9:d4:dd:da:6a:62:63:
         1b:01:74:6e:1e:5f:ae:42:9d:19:e3:48:40:e6:8e:78:21:31:
         c3:2d:b7:ae:2a:4d:a4:ee:72:71:0a:a4:26:d2:10:f1:13:8b:
         d5:cc:52:1a:72:58:9f:b3:9e:35:b4:28:d9:f6:67:79:51:ce:
         f1:81:d0:2a:e7:da:79:33:b5:24:4d:ef:3c:8a:36:a5:ae:82:
         25:4c:0e:93:64:d0:af:25:41:45:d8:5b:5c:c8:a3:24:15:e3:
         0d:3f:b5:2e:da:fc:58:5f:f2:23:5c:68:03:d2:f2:e9:94:58:
         2e:e9:39:b2:db:7a:2d:d6:62:f9:a2:3a:56:02:26:33:63:d9:
         7c:d0:9d:aa:f4:c5:ed:17:87:e6:88:a8:f1:9c:e5:82:db:84:
         b5:10:7e:3e:b4:1c:5a:97:da:71:4e:40:bc:9f:13:16:bf:f9:
         a4:67:03:28:54:52:2c:e4:21:20:27:d7:d1:6d:32:43:56:62:
         c5:7d:2a:30:a0:fb:1e:53:1e:4c:ce:76:a7:37:4a:0e:dd:df:
         c8:a5:19:08
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5QH7mjOo1uwE2oFUcqqR9fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNTIyMTQzODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTNhZGIzYjhlNTBkYmZlODc2NzM5MWRjYmRiYWI0N2FhNzliOTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDu/4AUNZQcTcS8OGd8zRp8hJOtu
4cHv8Moa1t5lW7ONI01U1BABQCZUAx2msFy6oz5HU9xXq4MnzxMG1cPVlHwJvYmJ
tKWrpuRZSdz9Aai3VO6fkXbRbdEvcJTHt68MNTQ82NFcXMFitCyyOFHcCGVfA9CV
Pjz2dXxcBrZRApx54mTd9CSJs0M+0M7EfLoSeM79MXMaXc3oDLfv08phDUAi8ums
f7/0aDtUzFy7AihN8yudPkdeWEstCj2WWRLqfxCSERDoRj44sThaRKs+jiPGE+yu
U75ZOjx9iLFWA3whqsoD17ckuuD/VFVnq9rL6NfjiEseqCOq1IFKQoErTwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCE62zuOUNv+h2c5Hcvbq0eqeblNMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvSVRyYk80NVEyXzZIWnprZHk5dXJSNnA1dVUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVzrSAwQA
VzrYAwQAlvuRMA0GCSqGSIb3DQEBCwUAA4IBAQAwz0uF9HquV3fgQOvpoH0Ga9gi
FmfI8wJ3VKVmt8o1VUpdDnEUUanKgDdeJBYBy7nU3dpqYmMbAXRuHl+uQp0Z40hA
5o54ITHDLbeuKk2k7nJxCqQm0hDxE4vVzFIaclifs541tCjZ9md5Uc7xgdAq59p5
M7UkTe88ijalroIlTA6TZNCvJUFF2FtcyKMkFeMNP7Uu2vxYX/IjXGgD0vLplFgu
6Tmy23ot1mL5ojpWAiYzY9l80J2q9MXtF4fmiKjxnOWC24S1EH4+tBxal9pxTkC8
nxMWv/mkZwMoVFIs5CEgJ9fRbTJDVmLFfSowoPseUx5MznanN0oO3d/IpRkI
-----END CERTIFICATE-----