Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/aH8dMB7MlIuj-MkKaHTn6y3ISgw.roa
File:                     aH8dMB7MlIuj-MkKaHTn6y3ISgw.roa (raw, json)
Hash identifier:          qOfgnRYRNOHOXjwzvyCfULOylQf1CyoLvLWEYZgybJI=
Subject key identifier:   68:7F:1D:30:1E:CC:94:8B:A3:F8:C9:0A:68:74:E7:EB:2D:C8:4A:0C
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019EABC67AA24C548D8CDE830B421BD03759
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/aH8dMB7MlIuj-MkKaHTn6y3ISgw.roa
Signing time:             Tue 09 Jun 2026 09:46:11 +0000
ROA not before:           Tue 09 Jun 2026 09:46:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209990
IP address blocks:        87.76.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ab:c6:7a:a2:4c:54:8d:8c:de:83:0b:42:1b:d0:37:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Jun  9 09:46:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=687f1d301ecc948ba3f8c90a6874e7eb2dc84a0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:30:4c:81:61:4e:77:ed:e7:17:26:64:30:f8:
                    39:2d:14:e2:7f:59:d4:5d:62:2e:4a:6e:de:61:12:
                    cc:99:45:60:aa:f4:0a:99:ba:86:b9:1c:e5:57:db:
                    f1:8a:15:fa:fb:e9:d4:18:bf:6c:bc:96:c2:37:63:
                    aa:f9:3f:74:db:ad:1b:6c:fb:06:8e:27:c2:1e:68:
                    ac:e4:11:bd:ed:79:30:c0:ad:7b:24:86:27:36:2f:
                    e8:62:05:73:26:ba:34:46:8c:02:8c:29:34:ef:24:
                    85:f6:96:98:f4:42:dc:85:fc:68:d2:9c:af:45:fc:
                    87:7b:e0:e9:7d:42:d5:96:6b:47:2b:b3:61:f4:96:
                    bf:ba:6f:3b:23:8f:60:12:68:89:de:26:f8:ac:e1:
                    2b:a0:c1:9f:fc:e1:f2:8e:3f:07:b5:4d:e7:b5:f4:
                    4a:0d:13:7f:5e:60:99:ff:4d:1e:a5:9d:8c:34:38:
                    0c:38:72:6e:fa:42:7a:4d:94:e8:b7:8f:e8:c8:03:
                    5f:66:9e:e0:1f:bc:ad:e2:76:d6:6c:26:ae:31:9d:
                    5b:bf:3c:80:4e:91:58:05:e4:83:7d:47:64:69:a4:
                    de:29:5f:b7:dc:59:b6:bf:43:53:2d:af:3f:a8:32:
                    2b:b0:6b:9f:e0:7c:8f:e7:ab:79:5c:a0:d5:f6:df:
                    d1:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:7F:1D:30:1E:CC:94:8B:A3:F8:C9:0A:68:74:E7:EB:2D:C8:4A:0C
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/aH8dMB7MlIuj-MkKaHTn6y3ISgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:03:0c:61:02:72:13:43:c2:4f:07:de:30:5f:17:61:63:6b:
         ad:64:6a:c0:b5:61:5f:85:a8:9c:e9:bb:2b:bb:43:8f:2d:8e:
         15:6a:9b:8b:ba:dd:f1:93:a2:0a:58:49:89:50:68:b9:01:a3:
         92:dc:21:36:7a:96:25:fe:8d:af:42:4c:ce:e3:01:59:d4:21:
         5d:70:4e:b6:33:32:48:0f:44:74:33:30:e4:0f:38:4c:84:fd:
         52:47:46:5c:a8:40:fb:e5:f8:ba:aa:7d:7d:76:fa:1f:7b:dd:
         7d:14:34:eb:81:48:bc:77:cf:b3:18:e8:f5:68:db:6b:4e:d5:
         87:3d:39:e0:92:08:49:cb:c6:26:ee:ad:6b:56:49:36:0a:2f:
         38:ee:18:d3:d4:27:87:49:65:ae:df:7d:ea:bd:90:1e:26:1a:
         30:30:72:89:c7:23:8a:29:83:db:3e:90:72:e5:76:99:7a:9b:
         3b:23:e2:70:21:98:4e:df:d4:cd:a3:b9:db:aa:b2:10:40:da:
         dd:f3:01:cc:99:b3:c9:4d:6b:77:6d:71:a2:95:62:61:03:35:
         5c:f0:55:ca:6a:3a:21:32:60:48:b1:94:1f:c5:87:91:b4:d8:
         52:1c:eb:5b:b6:fc:35:01:ca:55:4a:a0:b9:f8:af:de:cb:a5:
         87:cd:d9:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6rxnqiTFSNjN6DC0Ib0DdZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNjA5MDk0NjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODdmMWQzMDFlY2M5NDhiYTNmOGM5MGE2ODc0ZTdlYjJkYzg0YTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8DBMgWFOd+3nFyZkMPg5LRTif1nU
XWIuSm7eYRLMmUVgqvQKmbqGuRzlV9vxihX6++nUGL9svJbCN2Oq+T90260bbPsG
jifCHmis5BG97XkwwK17JIYnNi/oYgVzJro0RowCjCk07ySF9paY9ELchfxo0pyv
RfyHe+DpfULVlmtHK7Nh9Ja/um87I49gEmiJ3ib4rOEroMGf/OHyjj8HtU3ntfRK
DRN/XmCZ/00epZ2MNDgMOHJu+kJ6TZTot4/oyANfZp7gH7yt4nbWbCauMZ1bvzyA
TpFYBeSDfUdkaaTeKV+33Fm2v0NTLa8/qDIrsGuf4HyP56t5XKDV9t/RzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGh/HTAezJSLo/jJCmh05+styEoMMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvYUg4ZE1CN01sSXVqLU1rS2FIVG42eTNJU2d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0yEMA0G
CSqGSIb3DQEBCwUAA4IBAQCKAwxhAnITQ8JPB94wXxdhY2utZGrAtWFfhaic6bsr
u0OPLY4VapuLut3xk6IKWEmJUGi5AaOS3CE2epYl/o2vQkzO4wFZ1CFdcE62MzJI
D0R0MzDkDzhMhP1SR0ZcqED75fi6qn19dvofe919FDTrgUi8d8+zGOj1aNtrTtWH
PTngkghJy8Ym7q1rVkk2Ci847hjT1CeHSWWu333qvZAeJhowMHKJxyOKKYPbPpBy
5XaZeps7I+JwIZhO39TNo7nbqrIQQNrd8wHMmbPJTWt3bXGilWJhAzVc8FXKajoh
MmBIsZQfxYeRtNhSHOtbtvw1AcpVSqC5+K/ey6WHzdlc
-----END CERTIFICATE-----