Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/AozO2Ub53lV6NEQRvkO5cmyql4Q.roa
File:                     AozO2Ub53lV6NEQRvkO5cmyql4Q.roa (raw, json)
Hash identifier:          RZCbTSnnDP9YK/6t18/TtUnd/v/TBLxovnyGgksZ+Wk=
Subject key identifier:   02:8C:CE:D9:46:F9:DE:55:7A:34:44:11:BE:43:B9:72:6C:AA:97:84
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019D914E97FCC167710CBBB03051A7DC64E0
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/AozO2Ub53lV6NEQRvkO5cmyql4Q.roa
Signing time:             Wed 15 Apr 2026 13:22:20 +0000
ROA not before:           Wed 15 Apr 2026 13:22:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206766
IP address blocks:        87.76.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:4e:97:fc:c1:67:71:0c:bb:b0:30:51:a7:dc:64:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Apr 15 13:22:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=028cced946f9de557a344411be43b9726caa9784
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:34:7d:ff:23:71:2a:2a:c9:06:0f:5b:6b:6d:
                    83:4d:7b:7b:7d:3a:47:86:6e:5a:c8:77:8a:cc:4c:
                    b5:c0:b4:c9:ad:8c:36:7b:c8:81:21:c5:61:aa:ea:
                    77:83:8f:3b:b2:98:14:88:aa:97:4e:87:d0:00:8d:
                    57:b5:08:3e:93:e8:d1:a5:f7:bc:dd:68:65:86:44:
                    5d:8e:66:d7:20:2b:64:e8:bc:35:fa:74:a7:21:9b:
                    4c:e2:13:8c:cd:e3:dc:dd:9e:97:ca:62:be:5e:3b:
                    7e:c0:fe:47:bd:d3:5f:be:6d:87:27:f4:29:9e:d7:
                    5d:0c:c7:b5:81:d1:eb:da:d7:95:25:e9:43:f9:e2:
                    b5:1f:c3:b3:ab:50:fd:ca:db:95:80:17:48:ee:a9:
                    78:5d:55:5d:96:e9:a2:6f:58:11:34:50:b7:f7:78:
                    ed:d1:88:32:70:b9:0c:7d:e6:0c:c6:e7:f2:b4:55:
                    ea:c9:8d:31:06:d1:78:40:d1:0a:3f:2d:45:62:cb:
                    16:52:64:29:ec:47:71:e9:02:54:f6:32:ec:f4:f1:
                    2a:b9:ca:42:22:27:eb:ed:cd:d7:5e:c3:61:59:35:
                    a5:15:ce:8e:6f:b5:ec:98:6b:8e:c5:70:08:3d:21:
                    bf:bf:d5:38:2e:08:53:08:ff:70:ee:cc:30:2a:ce:
                    99:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:8C:CE:D9:46:F9:DE:55:7A:34:44:11:BE:43:B9:72:6C:AA:97:84
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/AozO2Ub53lV6NEQRvkO5cmyql4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:95:7b:5d:a6:b3:2b:98:e3:da:08:92:b1:ba:b2:0f:12:dd:
         f9:40:8d:64:6a:38:2a:3a:65:df:f4:97:d4:93:e4:c7:81:b7:
         ec:88:ee:65:a0:f0:c9:11:ce:24:d0:cd:96:66:c4:c7:17:26:
         78:b3:23:b6:e6:b0:b9:c9:db:19:d1:e3:89:08:14:54:79:a3:
         1b:20:3c:31:d7:35:8f:32:90:e9:e3:d6:0b:1b:fe:6f:b9:55:
         f1:59:06:bf:56:7b:95:fa:5f:29:db:2a:2b:f3:f6:1f:10:4b:
         24:b8:0a:24:5f:d6:74:9e:48:41:a3:0c:f2:85:57:85:27:8d:
         a5:40:fe:20:14:3d:9b:4a:23:e7:47:d8:e2:62:1c:b5:d0:e9:
         47:93:74:ca:b2:cd:38:f1:1f:8a:6f:b4:e4:65:d6:c5:47:b0:
         ee:5f:aa:69:2d:80:1f:5f:91:97:60:22:40:4b:77:9d:8a:0a:
         83:64:d6:bc:a5:bc:7a:58:40:15:07:f0:b9:57:5c:3f:ae:63:
         ff:9d:2b:30:5b:45:69:e2:ac:f5:84:18:85:6e:bb:eb:bf:ed:
         bc:91:4a:c3:3a:6a:ed:6b:f9:52:5d:33:71:5d:49:9a:94:05:
         19:ea:5d:d5:35:89:d6:a9:7e:e7:0a:eb:d3:33:15:34:29:91:
         84:d2:46:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2RTpf8wWdxDLuwMFGn3GTgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNDE1MTMyMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjhjY2VkOTQ2ZjlkZTU1N2EzNDQ0MTFiZTQzYjk3MjZjYWE5Nzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDR9/yNxKirJBg9ba22DTXt7fTpH
hm5ayHeKzEy1wLTJrYw2e8iBIcVhqup3g487spgUiKqXTofQAI1XtQg+k+jRpfe8
3WhlhkRdjmbXICtk6Lw1+nSnIZtM4hOMzePc3Z6XymK+Xjt+wP5HvdNfvm2HJ/Qp
ntddDMe1gdHr2teVJelD+eK1H8Ozq1D9ytuVgBdI7ql4XVVdlumib1gRNFC393jt
0YgycLkMfeYMxufytFXqyY0xBtF4QNEKPy1FYssWUmQp7Edx6QJU9jLs9PEqucpC
Iifr7c3XXsNhWTWlFc6Ob7XsmGuOxXAIPSG/v9U4LghTCP9w7swwKs6ZOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKMztlG+d5VejREEb5DuXJsqpeEMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvQW96TzJVYjUzbFY2TkVRUnZrTzVjbXlxbDRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0zJMA0G
CSqGSIb3DQEBCwUAA4IBAQAFlXtdprMrmOPaCJKxurIPEt35QI1kajgqOmXf9JfU
k+THgbfsiO5loPDJEc4k0M2WZsTHFyZ4syO25rC5ydsZ0eOJCBRUeaMbIDwx1zWP
MpDp49YLG/5vuVXxWQa/VnuV+l8p2yor8/YfEEskuAokX9Z0nkhBowzyhVeFJ42l
QP4gFD2bSiPnR9jiYhy10OlHk3TKss048R+Kb7TkZdbFR7DuX6ppLYAfX5GXYCJA
S3edigqDZNa8pbx6WEAVB/C5V1w/rmP/nSswW0Vp4qz1hBiFbrvrv+28kUrDOmrt
a/lSXTNxXUmalAUZ6l3VNYnWqX7nCuvTMxU0KZGE0kbZ
-----END CERTIFICATE-----