Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/hVdm2KGKVqf_SI-IwcDfZqd-v4g.roa
File:                     hVdm2KGKVqf_SI-IwcDfZqd-v4g.roa (raw, json)
Hash identifier:          kPGU+qb9av035jNIcYAsFqURw+s9vp+RwLrCvtoKSvM=
Subject key identifier:   85:57:66:D8:A1:8A:56:A7:FF:48:8F:88:C1:C0:DF:66:A7:7E:BF:88
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019EC0C75F92C080C2264E6352CE52A027AC
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/hVdm2KGKVqf_SI-IwcDfZqd-v4g.roa
Signing time:             Sat 13 Jun 2026 11:39:12 +0000
ROA not before:           Sat 13 Jun 2026 11:39:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210699
IP address blocks:        87.76.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 04:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c0:c7:5f:92:c0:80:c2:26:4e:63:52:ce:52:a0:27:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Jun 13 11:39:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=855766d8a18a56a7ff488f88c1c0df66a77ebf88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ee:2c:40:c2:29:84:d5:a2:9b:09:4e:f9:b4:
                    eb:2a:83:44:d9:10:aa:f0:81:60:c1:31:ba:6c:7c:
                    63:20:dc:22:48:18:0d:e4:96:58:60:1e:7c:c6:55:
                    6a:4d:3d:2a:d3:79:09:37:08:89:01:46:94:90:bc:
                    ab:ff:ed:82:e6:77:39:85:9a:b0:47:ee:70:da:07:
                    4a:58:51:9b:23:83:2a:7c:fd:05:dd:80:13:21:a8:
                    b7:4f:50:01:74:51:45:48:fa:15:98:64:83:0d:be:
                    d0:b0:21:45:02:e7:52:5f:54:1b:16:ca:47:20:10:
                    34:df:d8:b0:95:78:d3:e7:b7:91:f0:99:6d:e2:82:
                    81:34:37:ef:61:23:d0:30:40:0d:60:6d:6b:76:f3:
                    26:86:58:39:1a:38:77:45:ac:0c:39:62:0c:eb:b7:
                    d2:3f:a3:e4:1f:d2:79:3c:96:60:62:f1:ef:a8:1e:
                    3e:94:a0:4c:1b:73:a9:a2:a1:fe:02:76:f7:1e:d8:
                    bb:17:7d:aa:f2:07:f8:a9:e9:46:f3:07:e6:6c:2a:
                    7a:a4:7f:7f:8a:27:94:9d:b1:2e:58:7e:47:01:a1:
                    21:f8:4e:26:0e:4d:e5:5e:64:02:a9:8c:44:75:f1:
                    49:c1:cd:00:e9:b5:a0:bf:6d:7a:30:c6:50:5a:a0:
                    bf:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:57:66:D8:A1:8A:56:A7:FF:48:8F:88:C1:C0:DF:66:A7:7E:BF:88
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/hVdm2KGKVqf_SI-IwcDfZqd-v4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:e3:2c:d6:56:87:d1:67:92:88:b8:42:2f:d9:7a:9a:96:ff:
         61:83:fc:7a:a7:c2:c4:bf:2c:05:b0:68:4c:ef:ad:99:f1:47:
         3b:88:61:91:3c:ea:0d:46:ad:e0:07:6e:78:a0:cc:91:d8:5a:
         0b:0a:6c:19:07:62:d8:e6:01:00:8d:49:7f:d0:c0:71:f3:73:
         19:a3:63:83:5c:fe:5a:fc:7d:2d:a5:cd:6b:73:cf:00:c6:50:
         70:81:fb:a6:99:10:70:3b:8f:6a:b0:c2:f1:c2:aa:bb:b9:e3:
         d7:40:fa:14:62:d5:87:f9:18:b7:ab:c9:06:84:f8:d4:0a:ba:
         dc:10:1f:96:7a:7d:dd:53:3b:98:3f:e3:b8:71:ef:a9:1f:30:
         dd:75:ea:4a:ad:3f:d7:7f:c9:06:9e:64:38:03:cf:69:fc:22:
         12:af:a6:1b:05:62:50:20:ba:4b:1e:1f:a6:77:8d:79:8a:ae:
         26:8a:fe:98:b8:32:9b:e9:63:a5:3b:f1:16:14:52:57:74:3b:
         88:5a:bc:49:48:72:70:fb:45:91:96:83:11:99:2b:a4:c6:25:
         d9:e7:bb:e2:39:0f:14:1a:3f:dd:ae:df:36:c7:57:2a:5e:c1:
         8a:28:d1:3f:d7:46:43:82:43:d9:42:e2:10:0e:73:91:27:47:
         89:68:1f:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7Ax1+SwIDCJk5jUs5SoCesMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNjEzMTEzOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTU3NjZkOGExOGE1NmE3ZmY0ODhmODhjMWMwZGY2NmE3N2ViZjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqe4sQMIphNWimwlO+bTrKoNE2RCq
8IFgwTG6bHxjINwiSBgN5JZYYB58xlVqTT0q03kJNwiJAUaUkLyr/+2C5nc5hZqw
R+5w2gdKWFGbI4MqfP0F3YATIai3T1ABdFFFSPoVmGSDDb7QsCFFAudSX1QbFspH
IBA039iwlXjT57eR8Jlt4oKBNDfvYSPQMEANYG1rdvMmhlg5Gjh3RawMOWIM67fS
P6PkH9J5PJZgYvHvqB4+lKBMG3OpoqH+Anb3Hti7F32q8gf4qelG8wfmbCp6pH9/
iieUnbEuWH5HAaEh+E4mDk3lXmQCqYxEdfFJwc0A6bWgv216MMZQWqC/JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVXZtihilan/0iPiMHA32anfr+IMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvaFZkbTJLR0tWcWZfU0ktSXdjRGZacWQtdjRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0zTMA0G
CSqGSIb3DQEBCwUAA4IBAQB14yzWVofRZ5KIuEIv2Xqalv9hg/x6p8LEvywFsGhM
762Z8Uc7iGGRPOoNRq3gB254oMyR2FoLCmwZB2LY5gEAjUl/0MBx83MZo2ODXP5a
/H0tpc1rc88AxlBwgfummRBwO49qsMLxwqq7uePXQPoUYtWH+Ri3q8kGhPjUCrrc
EB+Wen3dUzuYP+O4ce+pHzDddepKrT/Xf8kGnmQ4A89p/CISr6YbBWJQILpLHh+m
d415iq4miv6YuDKb6WOlO/EWFFJXdDuIWrxJSHJw+0WRloMRmSukxiXZ57viOQ8U
Gj/drt82x1cqXsGKKNE/10ZDgkPZQuIQDnORJ0eJaB9A
-----END CERTIFICATE-----