Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/WP6592f4GO4EWtJUhGCXGbXkvPc.roa
File:                     WP6592f4GO4EWtJUhGCXGbXkvPc.roa (raw, json)
Hash identifier:          vM74kSiZSRdGRFpvvb3hucSsgdMSt9lw2mhz1rca2X0=
Subject key identifier:   58:FE:B9:F7:67:F8:18:EE:04:5A:D2:54:84:60:97:19:B5:E4:BC:F7
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019ECD4110F273F72B88B5913830FFC6D9FE
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/WP6592f4GO4EWtJUhGCXGbXkvPc.roa
Signing time:             Mon 15 Jun 2026 21:47:33 +0000
ROA not before:           Mon 15 Jun 2026 21:47:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209741
IP address blocks:        87.76.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 04:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cd:41:10:f2:73:f7:2b:88:b5:91:38:30:ff:c6:d9:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Jun 15 21:47:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=58feb9f767f818ee045ad25484609719b5e4bcf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c0:b4:ef:0a:60:08:7f:a7:66:32:b4:65:b9:
                    3d:1d:27:e3:b3:c2:64:08:ac:22:ef:f8:f9:e1:2f:
                    f4:f1:5a:b8:23:d2:43:a1:7f:26:dc:7b:0d:f8:6d:
                    01:d7:34:e7:87:2f:03:c6:75:5a:50:03:df:fb:fd:
                    fa:d8:2f:4c:13:84:56:7c:8f:11:ef:46:cb:8d:c9:
                    3b:14:8b:bf:3c:2a:e4:ec:4f:a0:00:ca:3b:c1:db:
                    ea:ae:11:ef:cb:ec:41:19:92:fa:89:9f:40:19:d1:
                    26:f2:46:ef:75:48:81:fa:69:3f:92:4c:bb:f7:5f:
                    02:2a:53:48:08:08:18:2a:3e:3c:0d:75:bc:76:77:
                    62:96:10:9f:38:49:f3:27:4b:09:4b:c0:10:a2:fd:
                    6b:2c:b7:96:68:a8:8c:1d:88:df:52:2c:0e:4c:96:
                    79:ae:44:24:f3:23:8b:00:d4:87:36:6f:58:0f:34:
                    6a:bc:87:ad:39:c0:6f:2b:ed:1d:47:eb:26:23:6a:
                    ea:9e:f4:31:43:6a:4a:77:b3:da:52:53:cc:74:48:
                    b3:e6:e5:3f:28:43:04:a9:e5:2a:08:4b:81:3f:4e:
                    96:e6:85:e4:a3:e0:95:c2:22:9b:38:7a:7c:a3:b5:
                    b1:60:fc:d2:95:5f:61:0e:7d:89:cd:06:7a:20:ce:
                    b3:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:FE:B9:F7:67:F8:18:EE:04:5A:D2:54:84:60:97:19:B5:E4:BC:F7
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/WP6592f4GO4EWtJUhGCXGbXkvPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:bb:72:29:f3:34:9e:9c:d1:76:42:b7:2a:29:4f:9f:50:a3:
         5c:41:76:63:62:7c:de:cf:62:cb:9f:a2:7c:78:49:be:ca:f5:
         85:fa:2a:36:81:24:d5:18:88:bf:02:40:58:db:da:79:39:ea:
         91:8d:37:05:5c:4f:86:f6:9a:bc:c7:22:72:7f:87:59:15:1d:
         4d:fb:88:e7:f1:51:f7:b7:fb:df:bb:68:e8:81:92:f2:02:76:
         90:9c:1e:33:e0:d3:30:ba:ae:a8:bd:6f:0f:6d:ce:02:c7:d6:
         45:23:72:be:df:b6:a7:7d:09:a9:11:35:ae:a7:fc:ed:11:ad:
         53:b7:5b:2e:ce:3c:85:01:f1:f2:86:cd:48:d0:40:b3:af:b9:
         f5:0d:48:75:55:b7:fd:55:54:40:f5:b1:12:ce:ae:a1:2c:c7:
         6f:30:d0:1f:1b:76:46:c0:ea:60:b2:87:7b:f4:4d:1c:dd:d3:
         ac:0a:0e:20:7f:e2:eb:d9:ad:56:27:1e:4e:e8:63:21:5b:b9:
         07:88:f0:df:5d:e0:b9:de:b8:b9:3a:57:f3:ab:48:ac:fc:97:
         22:95:67:7f:52:c7:f7:a6:4a:fd:43:e2:75:8c:1e:e1:e7:82:
         59:06:3f:11:d9:97:da:84:00:8d:4e:91:9c:36:24:29:c1:a2:
         cd:ae:50:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7NQRDyc/criLWRODD/xtn+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNjE1MjE0NzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGZlYjlmNzY3ZjgxOGVlMDQ1YWQyNTQ4NDYwOTcxOWI1ZTRiY2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMC07wpgCH+nZjK0Zbk9HSfjs8Jk
CKwi7/j54S/08Vq4I9JDoX8m3HsN+G0B1zTnhy8DxnVaUAPf+/362C9ME4RWfI8R
70bLjck7FIu/PCrk7E+gAMo7wdvqrhHvy+xBGZL6iZ9AGdEm8kbvdUiB+mk/kky7
918CKlNICAgYKj48DXW8dndilhCfOEnzJ0sJS8AQov1rLLeWaKiMHYjfUiwOTJZ5
rkQk8yOLANSHNm9YDzRqvIetOcBvK+0dR+smI2rqnvQxQ2pKd7PaUlPMdEiz5uU/
KEMEqeUqCEuBP06W5oXko+CVwiKbOHp8o7WxYPzSlV9hDn2JzQZ6IM6zVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFj+ufdn+BjuBFrSVIRglxm15Lz3MB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvV1A2NTkyZjRHTzRFV3RKVWhHQ1hHYlhrdlBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0yKMA0G
CSqGSIb3DQEBCwUAA4IBAQA/u3Ip8zSenNF2QrcqKU+fUKNcQXZjYnzez2LLn6J8
eEm+yvWF+io2gSTVGIi/AkBY29p5OeqRjTcFXE+G9pq8xyJyf4dZFR1N+4jn8VH3
t/vfu2jogZLyAnaQnB4z4NMwuq6ovW8Pbc4Cx9ZFI3K+37anfQmpETWup/ztEa1T
t1suzjyFAfHyhs1I0ECzr7n1DUh1Vbf9VVRA9bESzq6hLMdvMNAfG3ZGwOpgsod7
9E0c3dOsCg4gf+Lr2a1WJx5O6GMhW7kHiPDfXeC53ri5Olfzq0is/JcilWd/Usf3
pkr9Q+J1jB7h54JZBj8R2ZfahACNTpGcNiQpwaLNrlAG
-----END CERTIFICATE-----