Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/PcfOvk8X6oTFyfMMv6jLDTMv0nQ.roa
File:                     PcfOvk8X6oTFyfMMv6jLDTMv0nQ.roa (raw, json)
Hash identifier:          94PaOjpuBv4xvFGOJXwcvhjeP5y+VQVEl5mFyNM5KyQ=
Subject key identifier:   3D:C7:CE:BE:4F:17:EA:84:C5:C9:F3:0C:BF:A8:CB:0D:33:2F:D2:74
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019EBC86CF348434FB6BEA1435EA686985F9
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/PcfOvk8X6oTFyfMMv6jLDTMv0nQ.roa
Signing time:             Fri 12 Jun 2026 15:50:11 +0000
ROA not before:           Fri 12 Jun 2026 15:50:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48260
IP address blocks:        87.76.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bc:86:cf:34:84:34:fb:6b:ea:14:35:ea:68:69:85:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Jun 12 15:50:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3dc7cebe4f17ea84c5c9f30cbfa8cb0d332fd274
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:35:6b:e4:4e:80:36:95:34:03:bf:91:c6:46:
                    30:bd:f3:8f:92:79:a0:09:3b:98:83:e4:b2:67:e6:
                    82:75:0a:e2:1a:3d:da:09:39:4c:75:51:c3:38:64:
                    ee:03:76:c7:14:38:22:7a:ab:8d:f4:ad:dc:7c:1e:
                    4a:6f:39:4e:88:7b:cb:9c:80:f3:5b:62:4b:24:6b:
                    8d:69:72:a2:9e:7a:74:c8:4d:30:8d:ae:21:5a:95:
                    58:a5:ba:37:fd:a6:76:69:1a:25:ae:b2:e8:c2:28:
                    b2:7a:48:98:cb:74:eb:bb:7b:f4:aa:04:1a:20:27:
                    26:ae:ca:90:d1:06:41:bb:26:e3:26:d1:c7:8f:6f:
                    99:40:0d:94:82:2e:90:63:dd:f0:16:35:1d:8b:4e:
                    45:5a:69:ef:25:d2:a2:30:2a:86:08:cf:d8:2f:38:
                    48:6a:8f:f8:56:b5:35:e2:03:56:64:a2:e4:7a:43:
                    c5:5e:61:ef:07:b9:55:8e:c2:27:08:05:77:16:13:
                    55:4b:56:51:8d:40:25:41:5e:1b:3a:d9:b3:1d:3f:
                    06:19:5c:3b:98:39:90:18:d6:1c:73:86:40:0f:d3:
                    47:4e:0b:9c:92:aa:4c:db:eb:a7:46:f3:6f:a5:c7:
                    d3:ef:ac:91:49:3f:de:16:5c:05:ec:6e:01:a2:77:
                    75:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:C7:CE:BE:4F:17:EA:84:C5:C9:F3:0C:BF:A8:CB:0D:33:2F:D2:74
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/PcfOvk8X6oTFyfMMv6jLDTMv0nQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:11:24:c6:17:b6:ad:16:09:38:4a:6b:0f:7f:2a:e1:3d:e7:
         4c:82:9c:09:d2:ca:24:70:1d:aa:b0:96:55:7d:64:e7:9a:28:
         07:90:55:bf:f6:39:03:40:4b:52:74:7d:98:fc:c4:0c:cc:15:
         e8:f2:96:99:12:89:8e:39:c9:e6:05:ed:73:c7:8f:fa:a1:2a:
         83:e0:e2:ea:e4:c7:1c:b4:80:ef:38:b9:33:10:2b:3e:b7:d2:
         2c:80:cf:13:24:e8:aa:72:c2:79:7e:c0:43:4c:bb:87:53:54:
         a6:80:b7:55:79:15:d8:91:eb:4e:1d:97:4c:37:a5:d7:20:8a:
         cb:7a:01:56:07:3c:ba:2d:32:a8:af:c0:08:56:fd:1a:36:d8:
         41:00:96:37:b6:1b:2c:01:65:55:e5:4e:af:cc:26:76:b6:f2:
         32:9c:06:ec:7f:51:ae:3b:b2:50:e2:63:d9:4f:38:92:cc:a2:
         ad:5e:7c:dc:a8:94:49:4a:72:55:5f:21:b1:af:8f:b4:f5:a2:
         01:f3:cc:84:05:4a:0c:b0:0c:27:1b:38:45:ba:b2:37:af:b4:
         0f:74:80:5b:cd:39:5e:12:25:0c:32:ed:37:26:33:b9:e5:24:
         5a:c6:57:93:75:df:81:27:48:05:07:6a:15:1f:ef:57:04:0f:
         5b:e6:ef:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ68hs80hDT7a+oUNepoaYX5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNjEyMTU1MDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGM3Y2ViZTRmMTdlYTg0YzVjOWYzMGNiZmE4Y2IwZDMzMmZkMjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzVr5E6ANpU0A7+RxkYwvfOPknmg
CTuYg+SyZ+aCdQriGj3aCTlMdVHDOGTuA3bHFDgiequN9K3cfB5KbzlOiHvLnIDz
W2JLJGuNaXKinnp0yE0wja4hWpVYpbo3/aZ2aRolrrLowiiyekiYy3Tru3v0qgQa
ICcmrsqQ0QZBuybjJtHHj2+ZQA2Ugi6QY93wFjUdi05FWmnvJdKiMCqGCM/YLzhI
ao/4VrU14gNWZKLkekPFXmHvB7lVjsInCAV3FhNVS1ZRjUAlQV4bOtmzHT8GGVw7
mDmQGNYcc4ZAD9NHTguckqpM2+unRvNvpcfT76yRST/eFlwF7G4Bond1gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3Hzr5PF+qExcnzDL+oyw0zL9J0MB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvUGNmT3ZrOFg2b1RGeWZNTXY2akxEVE12MG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0zBMA0G
CSqGSIb3DQEBCwUAA4IBAQAfESTGF7atFgk4SmsPfyrhPedMgpwJ0sokcB2qsJZV
fWTnmigHkFW/9jkDQEtSdH2Y/MQMzBXo8paZEomOOcnmBe1zx4/6oSqD4OLq5Mcc
tIDvOLkzECs+t9IsgM8TJOiqcsJ5fsBDTLuHU1SmgLdVeRXYketOHZdMN6XXIIrL
egFWBzy6LTKor8AIVv0aNthBAJY3thssAWVV5U6vzCZ2tvIynAbsf1GuO7JQ4mPZ
TziSzKKtXnzcqJRJSnJVXyGxr4+09aIB88yEBUoMsAwnGzhFurI3r7QPdIBbzTle
EiUMMu03JjO55SRaxleTdd+BJ0gFB2oVH+9XBA9b5u+3
-----END CERTIFICATE-----