Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/PEQBb4ORw_iKvTUZYOQ2D1FbdUA.roa
File:                     PEQBb4ORw_iKvTUZYOQ2D1FbdUA.roa (raw, json)
Hash identifier:          odwueWqBLHOLwBm9tvIssM/HvdBQPpVNFbk4prD8ZWM=
Subject key identifier:   3C:44:01:6F:83:91:C3:F8:8A:BD:35:19:60:E4:36:0F:51:5B:75:40
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019E3FC7C3786EB44FF081FDAEABE1A7FF9A
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/PEQBb4ORw_iKvTUZYOQ2D1FbdUA.roa
Signing time:             Tue 19 May 2026 10:28:36 +0000
ROA not before:           Tue 19 May 2026 10:28:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24875
IP address blocks:        87.58.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3f:c7:c3:78:6e:b4:4f:f0:81:fd:ae:ab:e1:a7:ff:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: May 19 10:28:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c44016f8391c3f88abd351960e4360f515b7540
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:66:5c:75:f3:a3:c7:5e:34:e4:38:79:dd:26:
                    76:9a:6c:cb:ce:9c:86:68:38:e6:76:ae:2d:c9:82:
                    1b:e5:cb:b8:b3:ab:b2:a6:d0:c8:ba:5a:4e:55:4d:
                    3c:72:64:9a:07:d6:86:b2:8b:dc:8e:ac:86:37:a8:
                    33:ec:19:87:5a:0c:cc:29:a5:63:58:2c:bd:e3:1e:
                    76:e8:57:66:fb:be:42:02:91:e1:fc:74:8c:20:7e:
                    9c:4c:5a:9d:e1:19:f5:d7:93:f4:24:ec:18:80:50:
                    33:2c:b9:85:74:7a:45:8b:36:27:60:39:b8:b8:fc:
                    33:be:dc:9b:cc:e7:94:f5:16:90:4a:e4:af:37:4e:
                    88:0f:4e:01:0a:df:c3:34:e5:df:08:7b:24:56:29:
                    59:ff:5d:a8:5e:fe:51:62:7c:d9:62:ab:7e:3a:81:
                    19:4f:85:a1:e7:39:23:cb:0e:1b:d2:55:5b:91:2b:
                    79:7d:e8:a5:e2:b6:02:52:43:d8:c8:fb:5a:c0:89:
                    82:c8:21:87:e8:ec:74:e2:0e:5e:45:60:c9:e4:2a:
                    4d:5c:9b:52:7f:c0:7c:55:63:23:aa:8b:db:c9:7b:
                    ac:63:6d:9c:32:4b:73:35:67:c0:dc:db:c2:db:f5:
                    62:b6:9f:e8:20:c3:80:f9:dc:c6:08:e8:9f:eb:76:
                    c4:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:44:01:6F:83:91:C3:F8:8A:BD:35:19:60:E4:36:0F:51:5B:75:40
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/PEQBb4ORw_iKvTUZYOQ2D1FbdUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.58.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:58:52:36:d4:e5:2f:33:c7:97:de:e4:1f:e1:c8:68:ca:f1:
         69:73:2f:d6:0f:05:14:f0:4e:9d:f0:7d:58:16:3c:8c:f4:db:
         f0:6a:be:91:27:49:bf:dc:b7:ae:ef:53:5e:4e:59:49:76:c8:
         f2:56:c9:fa:2c:91:4a:a4:32:7e:8c:64:11:57:f9:28:a1:3c:
         af:6a:a6:03:5d:be:e5:96:a3:21:09:0e:0e:eb:ea:db:bb:f7:
         b6:b2:f8:a2:a0:c0:ae:4a:da:aa:bb:de:06:04:ad:07:53:42:
         dc:32:75:d5:23:b2:65:e9:85:c5:56:8c:13:8e:26:be:cf:c3:
         88:db:14:7d:57:35:fe:04:4a:2f:fc:06:52:6d:cd:53:cc:30:
         80:6c:0d:bc:92:cd:44:49:34:35:1e:6d:6b:cf:d6:14:96:fe:
         8f:25:20:bd:35:12:e7:04:cf:66:f1:9f:29:14:b0:95:71:24:
         ff:9d:00:d2:3c:84:36:0a:81:20:01:7a:5e:9b:97:26:c0:79:
         2e:1a:f6:05:62:70:f2:73:9d:d6:7c:6e:52:20:1f:80:7a:34:
         c3:dd:03:16:72:81:97:a9:6d:35:db:85:ba:7d:ef:f7:3b:42:
         70:2d:11:ed:d1:07:70:c3:5e:32:13:5b:15:b7:51:62:24:0e:
         9a:18:36:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4/x8N4brRP8IH9rqvhp/+aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNTE5MTAyODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzQ0MDE2ZjgzOTFjM2Y4OGFiZDM1MTk2MGU0MzYwZjUxNWI3NTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA42ZcdfOjx1405Dh53SZ2mmzLzpyG
aDjmdq4tyYIb5cu4s6uyptDIulpOVU08cmSaB9aGsovcjqyGN6gz7BmHWgzMKaVj
WCy94x526Fdm+75CApHh/HSMIH6cTFqd4Rn115P0JOwYgFAzLLmFdHpFizYnYDm4
uPwzvtybzOeU9RaQSuSvN06ID04BCt/DNOXfCHskVilZ/12oXv5RYnzZYqt+OoEZ
T4Wh5zkjyw4b0lVbkSt5feil4rYCUkPYyPtawImCyCGH6Ox04g5eRWDJ5CpNXJtS
f8B8VWMjqovbyXusY22cMktzNWfA3NvC2/Vitp/oIMOA+dzGCOif63bEBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxEAW+DkcP4ir01GWDkNg9RW3VAMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvUEVRQmI0T1J3X2lLdlRVWllPUTJEMUZiZFVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVzraMA0G
CSqGSIb3DQEBCwUAA4IBAQCDWFI21OUvM8eX3uQf4choyvFpcy/WDwUU8E6d8H1Y
FjyM9Nvwar6RJ0m/3Leu71NeTllJdsjyVsn6LJFKpDJ+jGQRV/kooTyvaqYDXb7l
lqMhCQ4O6+rbu/e2sviioMCuStqqu94GBK0HU0LcMnXVI7Jl6YXFVowTjia+z8OI
2xR9VzX+BEov/AZSbc1TzDCAbA28ks1ESTQ1Hm1rz9YUlv6PJSC9NRLnBM9m8Z8p
FLCVcST/nQDSPIQ2CoEgAXpem5cmwHkuGvYFYnDyc53WfG5SIB+AejTD3QMWcoGX
qW0124W6fe/3O0JwLRHt0Qdww14yE1sVt1FiJA6aGDYa
-----END CERTIFICATE-----