Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/QmhsDLVBmQiPY9x8rnO8tnthhH8.roa
File:                     QmhsDLVBmQiPY9x8rnO8tnthhH8.roa (raw, json)
Hash identifier:          /VXc1hJxO83UEQlvcc+2YA3Ta3dAnlOXwZ0TNMXpS3M=
Subject key identifier:   42:68:6C:0C:B5:41:99:08:8F:63:DC:7C:AE:73:BC:B6:7B:61:84:7F
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019D9C5578875B9409E7A3B4E43F2718AF74
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/QmhsDLVBmQiPY9x8rnO8tnthhH8.roa
Signing time:             Fri 17 Apr 2026 16:45:40 +0000
ROA not before:           Fri 17 Apr 2026 16:45:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198741
IP address blocks:        87.76.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9c:55:78:87:5b:94:09:e7:a3:b4:e4:3f:27:18:af:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Apr 17 16:45:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=42686c0cb54199088f63dc7cae73bcb67b61847f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:f4:8e:0e:3d:c4:f6:81:7c:59:a0:c2:a5:b9:
                    08:96:19:b8:f4:54:1f:8f:01:b2:68:23:cf:d9:e2:
                    8d:e0:fa:8b:e1:84:5e:74:68:6f:51:5d:fc:a2:36:
                    d1:de:ab:3a:bd:c3:43:f5:9a:fa:ad:37:0f:07:80:
                    1a:b3:86:d0:62:7e:0d:0c:f2:7a:67:84:91:f3:8b:
                    df:b5:ef:04:bf:83:8a:16:ea:d2:2a:c0:6c:62:19:
                    97:7c:16:a9:71:3a:83:08:dd:ae:21:63:e4:97:81:
                    2b:41:77:e0:03:5a:aa:65:79:30:42:4b:62:2e:06:
                    8f:c2:fc:70:cf:20:81:24:f9:15:1b:29:c0:87:46:
                    b6:26:69:7d:71:e0:13:91:3d:87:03:cb:0e:53:dc:
                    90:90:a2:82:e6:3b:37:ba:ca:9c:f9:a3:22:fe:9e:
                    f6:ae:cb:7c:38:95:36:c6:13:4b:26:1e:36:0a:b2:
                    cd:04:e9:d1:5b:79:58:df:a6:85:26:d2:b3:be:d7:
                    88:60:81:0e:43:6b:bf:75:59:83:91:f8:df:5f:ab:
                    1f:12:db:55:87:55:49:9f:73:1f:71:6c:4d:5e:46:
                    44:5b:45:8e:de:c1:ee:f3:68:72:1f:2b:47:81:7d:
                    11:60:50:ab:7e:9e:40:e2:89:16:06:dd:61:53:dc:
                    56:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:68:6C:0C:B5:41:99:08:8F:63:DC:7C:AE:73:BC:B6:7B:61:84:7F
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/QmhsDLVBmQiPY9x8rnO8tnthhH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:e7:2e:64:b6:83:12:7d:a4:96:db:16:46:06:78:f9:9e:38:
         e8:be:6e:3f:c7:8c:a9:60:b6:4a:42:75:3c:63:23:55:03:3f:
         e8:c3:91:25:82:45:90:09:23:45:5e:b0:9d:f0:06:1a:c5:08:
         d9:ee:ac:44:82:65:00:10:d2:ed:3a:e2:c4:6d:98:76:78:d3:
         8a:a8:8a:05:30:93:ea:1a:b2:00:0e:bd:c1:e0:95:92:f4:20:
         95:a3:af:87:c6:6a:e5:c9:39:ee:35:be:4a:56:02:54:6c:f9:
         55:cd:bd:63:94:b7:dc:ed:bd:e2:25:47:09:86:b0:19:1c:55:
         18:7f:3f:7e:82:0f:2d:90:01:2a:2f:d0:bf:ae:54:84:c7:9e:
         79:87:1f:cc:ac:c9:ad:94:4f:64:3f:c1:b4:c2:52:6e:ba:d0:
         16:20:cc:a1:fb:75:69:90:9f:55:68:d1:95:2b:31:be:5f:06:
         99:57:e2:23:b1:7e:e1:74:de:27:41:86:c8:76:04:72:40:9a:
         64:97:a6:8f:fc:7b:f0:e1:73:68:7d:8a:5c:27:88:91:d3:28:
         81:1f:d8:33:1c:00:05:b3:49:91:79:a4:ff:ab:73:1d:52:cb:
         e1:37:d5:3e:8d:17:9b:18:62:00:4a:dd:46:ae:6f:7c:48:33:
         8a:a6:4b:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2cVXiHW5QJ56O05D8nGK90MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNDE3MTY0NTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjY4NmMwY2I1NDE5OTA4OGY2M2RjN2NhZTczYmNiNjdiNjE4NDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3/SODj3E9oF8WaDCpbkIlhm49FQf
jwGyaCPP2eKN4PqL4YRedGhvUV38ojbR3qs6vcND9Zr6rTcPB4Aas4bQYn4NDPJ6
Z4SR84vfte8Ev4OKFurSKsBsYhmXfBapcTqDCN2uIWPkl4ErQXfgA1qqZXkwQkti
LgaPwvxwzyCBJPkVGynAh0a2Jml9ceATkT2HA8sOU9yQkKKC5js3usqc+aMi/p72
rst8OJU2xhNLJh42CrLNBOnRW3lY36aFJtKzvteIYIEOQ2u/dVmDkfjfX6sfEttV
h1VJn3MfcWxNXkZEW0WO3sHu82hyHytHgX0RYFCrfp5A4okWBt1hU9xWAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEJobAy1QZkIj2PcfK5zvLZ7YYR/MB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvUW1oc0RMVkJtUWlQWTl4OHJuTzh0bnRoaEg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0ykMA0G
CSqGSIb3DQEBCwUAA4IBAQCK5y5ktoMSfaSW2xZGBnj5njjovm4/x4ypYLZKQnU8
YyNVAz/ow5ElgkWQCSNFXrCd8AYaxQjZ7qxEgmUAENLtOuLEbZh2eNOKqIoFMJPq
GrIADr3B4JWS9CCVo6+HxmrlyTnuNb5KVgJUbPlVzb1jlLfc7b3iJUcJhrAZHFUY
fz9+gg8tkAEqL9C/rlSEx555hx/MrMmtlE9kP8G0wlJuutAWIMyh+3VpkJ9VaNGV
KzG+XwaZV+IjsX7hdN4nQYbIdgRyQJpkl6aP/Hvw4XNofYpcJ4iR0yiBH9gzHAAF
s0mReaT/q3MdUsvhN9U+jRebGGIASt1Grm98SDOKpkuK
-----END CERTIFICATE-----