Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/gGKT4Qg0ta2g0lhKhCfLJMchHAw.roa
File:                     gGKT4Qg0ta2g0lhKhCfLJMchHAw.roa (raw, json)
Hash identifier:          wk2IKEeSuXGTHQr8ZpBeodO72y54pUNpZ5OfKT73Wzc=
Subject key identifier:   80:62:93:E1:08:34:B5:AD:A0:D2:58:4A:84:27:CB:24:C7:21:1C:0C
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019E5660114E53EE5821B105758684BF9730
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/gGKT4Qg0ta2g0lhKhCfLJMchHAw.roa
Signing time:             Sat 23 May 2026 19:46:36 +0000
ROA not before:           Sat 23 May 2026 19:46:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207805
IP address blocks:        87.76.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:56:60:11:4e:53:ee:58:21:b1:05:75:86:84:bf:97:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: May 23 19:46:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=806293e10834b5ada0d2584a8427cb24c7211c0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:52:05:b3:b6:6f:90:45:ad:f3:91:f4:be:d4:
                    a7:94:3d:93:09:27:2d:12:6d:9a:6b:d6:e4:98:7d:
                    60:c2:6f:aa:68:26:72:2f:ae:8d:77:01:d1:3b:62:
                    b3:89:fc:51:04:37:82:dc:ea:1c:c0:9e:02:79:9a:
                    d1:87:21:e4:e6:64:49:69:4a:04:bc:ee:99:8d:c1:
                    90:e7:c9:21:70:ea:1c:c9:f8:86:7c:41:64:ff:78:
                    a2:d2:2e:c7:0e:37:99:49:52:e7:37:ed:24:7e:b3:
                    41:48:4e:2d:94:b9:5d:3f:71:bb:13:d5:81:ab:a1:
                    31:af:fe:d0:4b:25:24:e9:d4:1c:b3:6b:27:91:20:
                    29:2c:a6:70:73:f5:14:6f:6c:5f:9b:c4:6c:57:c8:
                    b7:97:98:2f:f8:ac:d6:a3:6a:40:b7:0e:37:ef:80:
                    de:54:65:4d:ea:99:bf:ce:cb:70:3e:f2:b5:2c:2e:
                    48:ac:46:a2:52:f4:d6:68:bf:fd:3a:06:10:90:76:
                    25:9b:1d:05:a3:43:1d:be:3c:89:e9:1a:c8:d5:ef:
                    e7:9f:8e:68:e2:64:3b:17:05:fc:77:f2:6f:58:df:
                    9e:9e:98:d0:8f:6b:14:bd:3c:2a:de:37:bb:83:5e:
                    15:be:76:19:6e:85:3b:5a:c5:32:97:35:11:e1:d9:
                    1e:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:62:93:E1:08:34:B5:AD:A0:D2:58:4A:84:27:CB:24:C7:21:1C:0C
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/gGKT4Qg0ta2g0lhKhCfLJMchHAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:ec:ea:e4:66:a5:c1:52:7d:ae:3b:6f:c4:3e:58:fd:29:c4:
         8d:fb:da:15:3b:a3:20:db:b3:f3:57:e5:97:b2:b6:76:d3:0d:
         72:a2:97:e4:f0:2b:31:73:5d:1a:bc:ad:6d:a9:82:7d:3f:11:
         b4:5d:8d:9d:cf:a4:c2:9a:49:a9:f9:46:c3:9b:48:d8:dd:25:
         f2:c1:05:d2:76:7a:82:a8:73:10:df:f3:8f:97:38:af:39:8b:
         ed:de:bb:9e:e9:2f:62:31:77:63:a5:be:e6:29:b5:c9:0a:a3:
         1d:b1:6b:51:94:d0:50:45:cf:fd:c2:b6:b5:21:fa:ca:d6:21:
         39:29:92:e2:d9:9a:02:92:40:e7:06:e6:fa:40:4d:01:ea:df:
         94:e1:22:ca:3b:96:ab:a2:1e:a3:4d:76:e2:75:59:ae:1c:17:
         f9:92:00:ce:d5:40:5c:19:63:eb:48:c5:58:88:b0:c9:44:c8:
         d6:74:5f:c3:48:ae:1d:5e:dd:2e:f2:6d:04:78:29:ab:ec:00:
         af:b4:fe:6f:30:79:60:f4:a0:ff:46:b7:14:30:7f:4e:20:2a:
         e7:f2:c3:b8:09:66:8f:14:68:4c:69:e6:73:28:cc:ff:94:5e:
         48:f1:16:f1:32:ae:d6:c5:ac:4b:12:4c:cc:18:6c:45:91:0f:
         3b:c5:40:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5WYBFOU+5YIbEFdYaEv5cwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNTIzMTk0NjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDYyOTNlMTA4MzRiNWFkYTBkMjU4NGE4NDI3Y2IyNGM3MjExYzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2FIFs7ZvkEWt85H0vtSnlD2TCSct
Em2aa9bkmH1gwm+qaCZyL66NdwHRO2KzifxRBDeC3OocwJ4CeZrRhyHk5mRJaUoE
vO6ZjcGQ58khcOocyfiGfEFk/3ii0i7HDjeZSVLnN+0kfrNBSE4tlLldP3G7E9WB
q6Exr/7QSyUk6dQcs2snkSApLKZwc/UUb2xfm8RsV8i3l5gv+KzWo2pAtw4374De
VGVN6pm/zstwPvK1LC5IrEaiUvTWaL/9OgYQkHYlmx0Fo0MdvjyJ6RrI1e/nn45o
4mQ7FwX8d/JvWN+enpjQj2sUvTwq3je7g14VvnYZboU7WsUylzUR4dkeZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBik+EINLWtoNJYSoQnyyTHIRwMMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvZ0dLVDRRZzB0YTJnMGxoS2hDZkxKTWNoSEF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0yDMA0G
CSqGSIb3DQEBCwUAA4IBAQAG7OrkZqXBUn2uO2/EPlj9KcSN+9oVO6Mg27PzV+WX
srZ20w1yopfk8Csxc10avK1tqYJ9PxG0XY2dz6TCmkmp+UbDm0jY3SXywQXSdnqC
qHMQ3/OPlzivOYvt3rue6S9iMXdjpb7mKbXJCqMdsWtRlNBQRc/9wra1IfrK1iE5
KZLi2ZoCkkDnBub6QE0B6t+U4SLKO5aroh6jTXbidVmuHBf5kgDO1UBcGWPrSMVY
iLDJRMjWdF/DSK4dXt0u8m0EeCmr7ACvtP5vMHlg9KD/RrcUMH9OICrn8sO4CWaP
FGhMaeZzKMz/lF5I8RbxMq7WxaxLEkzMGGxFkQ87xUBb
-----END CERTIFICATE-----