Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/QEfCumaTgXWaUkO-g8T9swSARF8.roa
File:                     QEfCumaTgXWaUkO-g8T9swSARF8.roa (raw, json)
Hash identifier:          3dEg/618pUge6m2U/fXAJFk7PdK5O84iQVDgQmHhNno=
Subject key identifier:   40:47:C2:BA:66:93:81:75:9A:52:43:BE:83:C4:FD:B3:04:80:44:5F
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019D9BD4FFB158BD9FF103A397D78A59907E
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/QEfCumaTgXWaUkO-g8T9swSARF8.roa
Signing time:             Fri 17 Apr 2026 14:25:20 +0000
ROA not before:           Fri 17 Apr 2026 14:25:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154408
IP address blocks:        87.76.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:25:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9b:d4:ff:b1:58:bd:9f:f1:03:a3:97:d7:8a:59:90:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Apr 17 14:25:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4047c2ba669381759a5243be83c4fdb30480445f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:0c:6e:a0:ae:b7:0c:a0:f4:b7:3d:70:31:ec:
                    a2:ac:f5:7d:e7:f4:92:3d:4f:92:7a:5d:45:dd:2b:
                    ec:59:8e:4e:36:ef:3c:56:2f:15:14:73:5a:b1:6f:
                    14:b7:17:d7:5e:30:49:c0:58:76:b8:6a:4f:95:be:
                    dc:b7:96:fe:93:21:b9:9c:55:41:ca:82:15:d5:7b:
                    7b:40:e1:30:a5:47:da:ec:5a:88:03:a9:2d:19:6b:
                    09:96:be:18:8e:13:6a:f8:d9:98:51:b0:68:9c:f3:
                    9c:49:cc:f6:bc:8a:b6:6d:f4:f9:f5:d1:49:32:61:
                    96:87:b4:ec:45:71:16:a7:5a:e9:13:3f:32:3e:54:
                    e9:dd:f8:fc:37:97:ad:09:f1:3f:06:3c:43:20:9a:
                    82:44:f7:64:b4:74:eb:d1:03:00:ca:35:b2:8e:ee:
                    9e:5a:7b:aa:4d:a4:3e:bf:08:62:1d:b3:66:03:1d:
                    1b:b6:6b:5c:b4:00:98:48:97:51:ce:d0:9b:8e:15:
                    df:97:9e:ed:a8:8c:c4:3a:5e:4a:d6:ac:0b:c4:b5:
                    eb:df:6e:95:5e:64:80:fb:ec:18:07:c3:8a:d3:44:
                    2d:35:d4:99:39:d6:1e:3b:8b:01:4a:f3:b7:b7:c5:
                    49:22:b0:3a:dc:e3:40:59:dd:38:3d:91:c8:4d:ce:
                    54:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:47:C2:BA:66:93:81:75:9A:52:43:BE:83:C4:FD:B3:04:80:44:5F
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/QEfCumaTgXWaUkO-g8T9swSARF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:f8:39:5f:f5:79:8c:28:bb:08:f8:fb:30:42:54:68:7f:44:
         98:91:7d:9c:1d:0d:b6:05:9e:10:bc:d1:22:51:5e:f4:ac:51:
         27:df:67:5c:fe:4c:2c:13:35:7f:98:42:38:9e:b5:88:7f:22:
         64:9f:d8:09:91:6e:8c:a4:19:db:c8:af:ad:d0:af:56:c8:bc:
         af:01:b6:19:e9:40:22:74:38:c8:5a:20:56:66:91:ce:8e:bd:
         21:99:32:54:73:3b:46:a6:c8:b4:d1:eb:6c:85:5c:ae:71:f4:
         10:f0:cc:e5:5a:eb:9a:ee:56:a3:e7:3e:cf:62:a6:b7:9c:6a:
         34:c8:dc:84:66:48:70:06:fb:3a:18:55:44:08:b5:96:0c:23:
         f9:02:59:98:1c:d8:b1:0a:92:f0:a3:61:25:b5:30:6d:e0:b8:
         f5:a0:50:9b:a2:1b:ee:19:bd:d5:ce:ad:1c:1d:d9:0e:99:04:
         1a:0f:f9:0a:71:51:8d:22:e1:24:e9:b0:30:d7:72:75:49:47:
         bd:6c:d8:fb:6f:70:db:03:d9:8e:7f:0a:64:ae:b3:2e:43:9c:
         62:01:4d:3e:b7:31:b9:4e:51:11:8e:c8:7a:20:d3:19:63:28:
         90:51:f8:2f:2f:0a:f8:d7:fb:49:39:4e:a7:ed:2a:2e:7a:65:
         66:23:51:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2b1P+xWL2f8QOjl9eKWZB+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNDE3MTQyNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDQ3YzJiYTY2OTM4MTc1OWE1MjQzYmU4M2M0ZmRiMzA0ODA0NDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQxuoK63DKD0tz1wMeyirPV95/SS
PU+Sel1F3SvsWY5ONu88Vi8VFHNasW8UtxfXXjBJwFh2uGpPlb7ct5b+kyG5nFVB
yoIV1Xt7QOEwpUfa7FqIA6ktGWsJlr4YjhNq+NmYUbBonPOcScz2vIq2bfT59dFJ
MmGWh7TsRXEWp1rpEz8yPlTp3fj8N5etCfE/BjxDIJqCRPdktHTr0QMAyjWyju6e
WnuqTaQ+vwhiHbNmAx0btmtctACYSJdRztCbjhXfl57tqIzEOl5K1qwLxLXr326V
XmSA++wYB8OK00QtNdSZOdYeO4sBSvO3t8VJIrA63ONAWd04PZHITc5UNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEBHwrpmk4F1mlJDvoPE/bMEgERfMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvUUVmQ3VtYVRnWFdhVWtPLWc4VDlzd1NBUkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0ypMA0G
CSqGSIb3DQEBCwUAA4IBAQBo+Dlf9XmMKLsI+PswQlRof0SYkX2cHQ22BZ4QvNEi
UV70rFEn32dc/kwsEzV/mEI4nrWIfyJkn9gJkW6MpBnbyK+t0K9WyLyvAbYZ6UAi
dDjIWiBWZpHOjr0hmTJUcztGpsi00etshVyucfQQ8MzlWuua7laj5z7PYqa3nGo0
yNyEZkhwBvs6GFVECLWWDCP5AlmYHNixCpLwo2EltTBt4Lj1oFCbohvuGb3Vzq0c
HdkOmQQaD/kKcVGNIuEk6bAw13J1SUe9bNj7b3DbA9mOfwpkrrMuQ5xiAU0+tzG5
TlERjsh6INMZYyiQUfgvLwr41/tJOU6n7SouemVmI1GS
-----END CERTIFICATE-----