Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/iE1f2mxAkYXkSBV9S0S_vHLYZKM.roa
File:                     iE1f2mxAkYXkSBV9S0S_vHLYZKM.roa (raw, json)
Hash identifier:          FsUd6oHMSGjYKFC0g3yt8ilD/VkBrYY+3NBdWcpXyEA=
Subject key identifier:   88:4D:5F:DA:6C:40:91:85:E4:48:15:7D:4B:44:BF:BC:72:D8:64:A3
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019E82A27F0FDA9949B9DBA6906BBB6B5C8D
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/iE1f2mxAkYXkSBV9S0S_vHLYZKM.roa
Signing time:             Mon 01 Jun 2026 10:02:27 +0000
ROA not before:           Mon 01 Jun 2026 10:02:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40352
IP address blocks:        87.76.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:82:a2:7f:0f:da:99:49:b9:db:a6:90:6b:bb:6b:5c:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Jun  1 10:02:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=884d5fda6c409185e448157d4b44bfbc72d864a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ed:a3:86:68:43:39:cf:70:e2:75:42:af:76:
                    23:fa:69:c3:31:c1:11:5a:b8:93:95:da:6b:95:ab:
                    81:56:c9:80:bc:00:a9:d0:85:a6:22:c8:fd:ea:47:
                    b6:c0:82:67:b7:fb:03:17:a7:68:8e:0a:01:81:a7:
                    be:ab:38:d4:04:2f:50:48:3d:ed:e2:b5:05:1e:6e:
                    74:f4:d3:2c:37:26:0c:09:60:72:e0:1f:a5:7b:04:
                    53:ad:da:aa:15:18:cf:fe:bb:95:1b:ab:c2:86:09:
                    06:cb:fe:e4:df:68:89:16:c4:e3:53:00:5d:47:88:
                    26:fc:e4:30:03:27:35:29:a7:eb:d3:54:d6:84:71:
                    7a:83:17:5a:28:72:f5:4a:56:fe:63:63:88:b1:a1:
                    9c:8b:8e:9b:52:45:bd:17:01:1e:b1:fd:0d:49:73:
                    56:b0:c0:39:bb:8a:c9:d1:1e:9a:30:cf:08:aa:e9:
                    62:6c:37:97:04:66:55:a4:39:ac:65:6b:46:c4:49:
                    f2:a3:41:03:94:3b:5d:20:62:c5:02:9b:fa:0f:76:
                    7d:d1:a0:09:56:bd:81:28:b0:e4:fe:f9:d8:26:b4:
                    d1:05:c9:66:ba:c8:9b:19:84:db:0e:10:76:35:c2:
                    9e:54:24:97:99:77:44:68:40:5c:67:6a:2a:9a:89:
                    bf:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:4D:5F:DA:6C:40:91:85:E4:48:15:7D:4B:44:BF:BC:72:D8:64:A3
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/iE1f2mxAkYXkSBV9S0S_vHLYZKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:08:80:76:47:9c:a7:ff:9f:ba:9a:ff:1e:dc:6f:1c:c4:f7:
         65:d3:c6:33:7e:71:6e:34:32:c7:8d:22:2f:8a:7b:94:09:e4:
         eb:19:7d:0c:c0:05:0f:f2:a0:8c:ca:44:41:05:f9:58:6c:b6:
         c5:33:04:69:7d:7f:3d:39:2f:69:74:61:a2:b2:e8:f7:8a:45:
         e1:a9:67:43:7c:37:29:6b:66:75:91:37:ab:58:cd:37:72:c5:
         99:da:78:ba:22:79:8d:4a:16:56:64:f8:cb:e9:37:36:77:32:
         f1:27:b1:fa:cb:38:db:f1:b7:1e:36:f1:99:44:26:56:94:2a:
         86:0e:ab:52:16:ca:7e:bf:5f:6e:2a:98:ff:78:c3:9d:90:82:
         38:49:aa:89:a6:7a:48:7d:75:ce:19:7e:1a:df:9e:0a:00:50:
         4e:30:fe:51:d5:01:e4:e8:d7:78:0b:11:11:1b:b0:7c:38:3f:
         eb:de:99:c4:c5:40:ce:9e:2e:cd:20:e2:f5:f1:33:8c:d3:eb:
         6d:08:5f:f0:64:b9:9c:73:62:a9:e3:03:d4:3b:99:43:71:d0:
         90:4e:db:0b:4e:8e:61:43:36:90:b1:64:3c:ea:6f:5e:23:e7:
         08:79:a7:b9:7d:44:4c:4c:bc:83:c6:1f:2d:31:ce:e0:20:c7:
         fd:0c:d3:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6Con8P2plJudumkGu7a1yNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNjAxMTAwMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODRkNWZkYTZjNDA5MTg1ZTQ0ODE1N2Q0YjQ0YmZiYzcyZDg2NGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzO2jhmhDOc9w4nVCr3Yj+mnDMcER
WriTldprlauBVsmAvACp0IWmIsj96ke2wIJnt/sDF6dojgoBgae+qzjUBC9QSD3t
4rUFHm509NMsNyYMCWBy4B+lewRTrdqqFRjP/ruVG6vChgkGy/7k32iJFsTjUwBd
R4gm/OQwAyc1Kafr01TWhHF6gxdaKHL1Slb+Y2OIsaGci46bUkW9FwEesf0NSXNW
sMA5u4rJ0R6aMM8IqulibDeXBGZVpDmsZWtGxEnyo0EDlDtdIGLFApv6D3Z90aAJ
Vr2BKLDk/vnYJrTRBclmusibGYTbDhB2NcKeVCSXmXdEaEBcZ2oqmom/fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIhNX9psQJGF5EgVfUtEv7xy2GSjMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvaUUxZjJteEFrWVhrU0JWOVMwU192SExZWktNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0y+MA0G
CSqGSIb3DQEBCwUAA4IBAQAYCIB2R5yn/5+6mv8e3G8cxPdl08YzfnFuNDLHjSIv
inuUCeTrGX0MwAUP8qCMykRBBflYbLbFMwRpfX89OS9pdGGisuj3ikXhqWdDfDcp
a2Z1kTerWM03csWZ2ni6InmNShZWZPjL6Tc2dzLxJ7H6yzjb8bceNvGZRCZWlCqG
DqtSFsp+v19uKpj/eMOdkII4SaqJpnpIfXXOGX4a354KAFBOMP5R1QHk6Nd4CxER
G7B8OD/r3pnExUDOni7NIOL18TOM0+ttCF/wZLmcc2Kp4wPUO5lDcdCQTtsLTo5h
QzaQsWQ86m9eI+cIeae5fURMTLyDxh8tMc7gIMf9DNNv
-----END CERTIFICATE-----