Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/37VbRVezjed4VKiP4o_eYDIBpBc.roa
File:                     37VbRVezjed4VKiP4o_eYDIBpBc.roa (raw, json)
Hash identifier:          Ucw6PLK8vU64w8rJGjvl9F/zczbbkyYuBhShm1AQzbY=
Subject key identifier:   DF:B5:5B:45:57:B3:8D:E7:78:54:A8:8F:E2:8F:DE:60:32:01:A4:17
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019E466001FAC62CE223E0A3DC80867CBD6A
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/37VbRVezjed4VKiP4o_eYDIBpBc.roa
Signing time:             Wed 20 May 2026 17:12:37 +0000
ROA not before:           Wed 20 May 2026 17:12:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203545
IP address blocks:        87.76.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:46:60:01:fa:c6:2c:e2:23:e0:a3:dc:80:86:7c:bd:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: May 20 17:12:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dfb55b4557b38de77854a88fe28fde603201a417
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:88:0f:b4:8d:91:d4:b3:14:c9:c6:d2:96:01:
                    b2:21:07:da:15:a3:72:22:9f:c1:de:a8:79:e1:dc:
                    db:71:b3:16:0f:e8:ba:1b:41:1d:44:f1:bf:3b:92:
                    9f:c4:24:5c:3d:39:7f:ef:df:48:0b:0f:97:7a:d3:
                    75:20:8f:e1:26:31:9f:29:5e:34:d3:66:e0:3e:11:
                    27:46:ac:15:0a:f4:5c:6c:91:3a:ad:b8:64:3f:b3:
                    f9:17:6d:7f:6f:48:57:03:2f:26:d7:01:8a:cf:8b:
                    a8:08:32:18:1b:0d:d5:4d:20:9b:d7:a1:ea:eb:ac:
                    5b:c8:fc:2a:69:63:a5:0f:29:fc:85:5e:4b:a5:a0:
                    60:ab:02:50:b1:86:75:fe:2a:69:0e:6e:4e:49:cd:
                    51:9f:d2:f6:45:99:a1:7e:91:45:55:bd:ef:13:ea:
                    5b:ad:5f:9c:6f:cc:95:b3:8c:02:2e:f7:6c:58:8c:
                    2e:3b:cd:1a:89:98:f1:a4:d8:6e:70:96:29:96:d0:
                    72:33:36:ed:b2:88:27:70:95:c7:4d:09:03:15:4b:
                    dd:c3:08:a4:a3:95:5b:27:f6:87:0b:4b:7d:fd:20:
                    cd:06:32:46:77:a5:39:a1:25:a5:d0:41:de:c3:d1:
                    20:b1:2c:23:fc:f8:be:40:51:f9:82:bf:60:34:7b:
                    c0:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:B5:5B:45:57:B3:8D:E7:78:54:A8:8F:E2:8F:DE:60:32:01:A4:17
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/37VbRVezjed4VKiP4o_eYDIBpBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:14:32:79:39:12:a1:54:54:8d:72:9e:c9:58:d9:65:c3:79:
         96:88:b8:88:81:59:f5:ca:d1:15:df:46:b1:02:ae:4e:c4:84:
         db:16:1a:90:27:15:f5:29:6f:1d:b9:eb:03:46:db:aa:39:08:
         30:37:67:b4:45:28:e5:9e:e5:da:7e:75:89:31:ff:39:64:77:
         5d:fe:62:c3:49:a5:70:32:f9:1d:fa:d5:bc:70:c6:70:d1:6d:
         9e:e8:27:88:ab:cc:f3:86:d3:c4:02:af:48:ca:8e:42:3a:03:
         10:b7:87:b6:c2:fb:1c:97:a8:c7:64:f7:ae:8c:3d:a3:ee:6d:
         85:16:eb:61:45:59:ef:0e:29:50:49:9d:64:b5:dc:f5:b4:80:
         cd:d5:52:a5:ee:26:de:07:48:2c:20:1d:95:ef:6a:42:63:2a:
         f5:62:18:7f:90:48:c2:4f:d9:39:a7:47:f3:94:3a:b2:7d:6d:
         e2:c6:5e:89:dc:c1:b7:d8:ad:a3:32:70:a1:94:76:79:b3:50:
         b5:d8:b8:d9:80:5e:7c:36:7c:3c:0d:78:20:a0:47:5e:ed:c3:
         ac:30:f1:0e:8f:e4:62:47:38:73:67:a4:16:af:6f:b0:5c:b5:
         31:b5:4d:30:4d:87:67:7c:52:d3:9a:11:dc:36:54:f6:2d:9e:
         d0:5d:9f:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5GYAH6xiziI+Cj3ICGfL1qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNTIwMTcxMjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmI1NWI0NTU3YjM4ZGU3Nzg1NGE4OGZlMjhmZGU2MDMyMDFhNDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYgPtI2R1LMUycbSlgGyIQfaFaNy
Ip/B3qh54dzbcbMWD+i6G0EdRPG/O5KfxCRcPTl/799ICw+XetN1II/hJjGfKV40
02bgPhEnRqwVCvRcbJE6rbhkP7P5F21/b0hXAy8m1wGKz4uoCDIYGw3VTSCb16Hq
66xbyPwqaWOlDyn8hV5LpaBgqwJQsYZ1/ippDm5OSc1Rn9L2RZmhfpFFVb3vE+pb
rV+cb8yVs4wCLvdsWIwuO80aiZjxpNhucJYpltByMzbtsogncJXHTQkDFUvdwwik
o5VbJ/aHC0t9/SDNBjJGd6U5oSWl0EHew9EgsSwj/Pi+QFH5gr9gNHvAEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+1W0VXs43neFSoj+KP3mAyAaQXMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvMzdWYlJWZXpqZWQ0VktpUDRvX2VZRElCcEJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0ymMA0G
CSqGSIb3DQEBCwUAA4IBAQBYFDJ5ORKhVFSNcp7JWNllw3mWiLiIgVn1ytEV30ax
Aq5OxITbFhqQJxX1KW8duesDRtuqOQgwN2e0RSjlnuXafnWJMf85ZHdd/mLDSaVw
Mvkd+tW8cMZw0W2e6CeIq8zzhtPEAq9Iyo5COgMQt4e2wvscl6jHZPeujD2j7m2F
FuthRVnvDilQSZ1ktdz1tIDN1VKl7ibeB0gsIB2V72pCYyr1Yhh/kEjCT9k5p0fz
lDqyfW3ixl6J3MG32K2jMnChlHZ5s1C12LjZgF58Nnw8DXggoEde7cOsMPEOj+Ri
RzhzZ6QWr2+wXLUxtU0wTYdnfFLTmhHcNlT2LZ7QXZ9+
-----END CERTIFICATE-----