Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/kV2f0PkvpN0-OA46lCk5MM-IGts.roa
File:                     kV2f0PkvpN0-OA46lCk5MM-IGts.roa (raw, json)
Hash identifier:          Kr1EimQ2nNnhKdAf7fStvykMaB/++8+4gvOhwmXGB1I=
Subject key identifier:   91:5D:9F:D0:F9:2F:A4:DD:3E:38:0E:3A:94:29:39:30:CF:88:1A:DB
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019EA80C797B1427DB69BBEBE78A2BCFA15D
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/kV2f0PkvpN0-OA46lCk5MM-IGts.roa
Signing time:             Mon 08 Jun 2026 16:24:10 +0000
ROA not before:           Mon 08 Jun 2026 16:24:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199707
IP address blocks:        87.58.211.0/24 maxlen: 24
                          87.58.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a8:0c:79:7b:14:27:db:69:bb:eb:e7:8a:2b:cf:a1:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Jun  8 16:24:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=915d9fd0f92fa4dd3e380e3a94293930cf881adb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:3a:f6:81:92:06:88:0d:a5:1d:04:c7:4a:f2:
                    39:3d:0f:6f:96:24:77:33:ee:4a:6b:c5:1e:21:99:
                    12:43:03:78:6a:af:80:a4:2b:80:28:35:b0:a9:ef:
                    63:eb:b7:3b:53:65:78:fe:4d:cb:c0:f1:4e:df:9d:
                    75:24:f9:37:5a:d7:1a:f2:7a:f6:5a:80:21:27:93:
                    59:85:26:a4:ce:cc:df:c9:40:20:6c:f2:9a:80:f5:
                    3a:2e:76:ba:ab:c5:d2:fb:34:eb:b8:f9:5f:74:21:
                    3c:18:48:27:49:4f:10:fe:3f:5c:4a:81:0d:8d:31:
                    80:b8:e7:5f:74:54:73:bd:04:ad:d1:da:01:10:0b:
                    78:94:87:d0:c3:af:03:a2:d4:98:c3:13:30:08:52:
                    c8:46:03:95:30:29:2b:b5:1f:cd:0b:a8:b3:29:97:
                    86:45:6c:7e:91:1f:5e:ae:07:b3:51:91:7c:02:1b:
                    14:22:13:a4:9d:00:bd:4d:0f:36:52:84:50:0f:cf:
                    34:08:01:81:16:bb:ae:91:6b:b9:d1:cb:10:60:f1:
                    5e:77:97:3b:8f:5b:4d:d1:de:28:3e:80:89:eb:23:
                    d6:41:e8:6e:60:7b:79:57:f9:43:94:f9:50:0b:56:
                    f9:d5:7f:6a:36:2f:13:66:0f:ad:83:d5:67:b7:3d:
                    dc:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:5D:9F:D0:F9:2F:A4:DD:3E:38:0E:3A:94:29:39:30:CF:88:1A:DB
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/kV2f0PkvpN0-OA46lCk5MM-IGts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.58.211.0/24
                  87.58.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:69:b8:aa:e5:e8:0e:f1:61:55:21:19:0a:be:a4:b9:a6:27:
         8e:25:eb:0f:b5:ec:11:63:16:0e:92:56:be:4b:d9:83:76:80:
         dc:d1:4f:df:e1:93:59:7e:96:03:66:5e:da:0a:74:08:47:7e:
         ac:f8:6b:78:08:74:cd:7c:98:04:0a:7e:b5:ab:85:b7:92:bc:
         ac:1a:5e:79:36:33:62:d2:42:39:f2:c3:f4:01:56:e5:c7:55:
         f9:eb:44:0a:54:02:ef:57:b8:84:8f:6c:e6:dc:02:84:1c:f5:
         e9:11:2b:a5:c9:43:bc:f2:4c:f9:7d:62:60:24:a5:8b:fb:c7:
         48:a4:97:71:77:4b:cd:1a:0a:db:78:ee:46:8f:0f:a1:07:6a:
         92:a5:5e:c1:ae:91:d9:2e:f9:e0:d5:83:5c:da:54:37:ad:17:
         b1:90:c1:09:07:68:b7:e7:1f:80:5f:4a:f4:8c:9d:f7:2e:bf:
         29:75:1b:04:6c:ab:bb:fc:a5:a9:6e:3c:a4:f1:77:36:a3:1a:
         f7:fd:47:b8:83:df:f9:c5:fd:33:1f:2e:b4:3f:f0:85:89:a6:
         d2:21:e3:cb:9e:9e:67:ee:38:f5:8b:8a:e1:c1:f3:a1:2b:8b:
         be:08:35:3a:f2:6c:39:a7:41:81:f2:10:28:04:1a:cf:be:44:
         a5:0d:d5:2a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6oDHl7FCfbabvr54orz6FdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNjA4MTYyNDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTVkOWZkMGY5MmZhNGRkM2UzODBlM2E5NDI5MzkzMGNmODgxYWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jr2gZIGiA2lHQTHSvI5PQ9vliR3
M+5Ka8UeIZkSQwN4aq+ApCuAKDWwqe9j67c7U2V4/k3LwPFO3511JPk3Wtca8nr2
WoAhJ5NZhSakzszfyUAgbPKagPU6Lna6q8XS+zTruPlfdCE8GEgnSU8Q/j9cSoEN
jTGAuOdfdFRzvQSt0doBEAt4lIfQw68DotSYwxMwCFLIRgOVMCkrtR/NC6izKZeG
RWx+kR9ergezUZF8AhsUIhOknQC9TQ82UoRQD880CAGBFruukWu50csQYPFed5c7
j1tN0d4oPoCJ6yPWQehuYHt5V/lDlPlQC1b51X9qNi8TZg+tg9Vntz3ctQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJFdn9D5L6TdPjgOOpQpOTDPiBrbMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEva1YyZjBQa3ZwTjAtT0E0NmxDazVNTS1JR3RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVzrTAwQA
VzrXMA0GCSqGSIb3DQEBCwUAA4IBAQCTabiq5egO8WFVIRkKvqS5pieOJesPtewR
YxYOkla+S9mDdoDc0U/f4ZNZfpYDZl7aCnQIR36s+Gt4CHTNfJgECn61q4W3krys
Gl55NjNi0kI58sP0AVblx1X560QKVALvV7iEj2zm3AKEHPXpESulyUO88kz5fWJg
JKWL+8dIpJdxd0vNGgrbeO5Gjw+hB2qSpV7BrpHZLvng1YNc2lQ3rRexkMEJB2i3
5x+AX0r0jJ33Lr8pdRsEbKu7/KWpbjyk8Xc2oxr3/Ue4g9/5xf0zHy60P/CFiabS
IePLnp5n7jj1i4rhwfOhK4u+CDU68mw5p0GB8hAoBBrPvkSlDdUq
-----END CERTIFICATE-----