Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/ipxvjm_3lO-AQmwJDLg2Vpdmkao.roa
File:                     ipxvjm_3lO-AQmwJDLg2Vpdmkao.roa (raw, json)
Hash identifier:          0zubIVTsvKJAbtOge98jOOQ8FQ54I29QDwpNKCqHWAc=
Subject key identifier:   8A:9C:6F:8E:6F:F7:94:EF:80:42:6C:09:0C:B8:36:56:97:66:91:AA
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019EA8378194C65E61A59321870B35E80A89
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/ipxvjm_3lO-AQmwJDLg2Vpdmkao.roa
Signing time:             Mon 08 Jun 2026 17:11:10 +0000
ROA not before:           Mon 08 Jun 2026 17:11:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        87.76.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a8:37:81:94:c6:5e:61:a5:93:21:87:0b:35:e8:0a:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Jun  8 17:11:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a9c6f8e6ff794ef80426c090cb83656976691aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:63:7e:b9:a7:17:69:f2:dc:3e:dd:ce:5b:62:
                    19:23:74:b1:01:0b:a6:ae:84:ed:d3:28:75:28:2c:
                    f3:fb:bf:14:28:11:3b:fd:72:91:57:c8:04:8f:d4:
                    2e:85:e9:1b:05:25:94:ee:5b:57:07:e8:72:72:37:
                    32:1f:39:24:d9:9b:75:4f:92:d1:31:e1:e0:40:06:
                    ad:6c:24:7b:23:68:d6:4e:40:ac:95:26:f5:fa:16:
                    5b:10:ef:a7:92:22:91:49:eb:62:f1:81:1d:37:bc:
                    aa:5f:8a:5f:09:ab:61:6b:72:64:ed:1b:57:13:d4:
                    d6:5d:4b:c3:51:68:ab:ef:71:57:de:71:32:35:98:
                    d1:75:58:d9:80:f4:b5:01:41:a9:67:65:49:09:e0:
                    c3:05:6c:26:7d:f4:20:3d:ac:2c:7c:94:fb:5b:83:
                    dc:70:09:93:a3:2e:3e:6f:0b:c6:33:49:c5:dd:28:
                    09:36:d8:43:55:03:b7:15:b6:30:88:81:9b:50:20:
                    a7:8b:dc:97:94:51:3a:d4:b9:cf:ee:63:9c:25:0c:
                    7d:31:f1:a1:4e:f2:1f:67:dc:d0:09:f7:05:b3:8f:
                    40:39:0f:61:1a:13:11:2b:7d:af:79:be:b4:d8:ce:
                    7e:64:e6:92:96:70:35:68:3e:c0:ad:ac:8b:aa:9b:
                    1e:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:9C:6F:8E:6F:F7:94:EF:80:42:6C:09:0C:B8:36:56:97:66:91:AA
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/ipxvjm_3lO-AQmwJDLg2Vpdmkao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:3b:2a:f5:84:41:cf:73:e2:ee:e8:65:0b:84:72:0f:36:9d:
         09:d2:71:b9:f6:b3:66:2e:86:e1:f2:c7:20:8a:17:16:38:06:
         c6:87:96:31:d2:4a:7c:bc:c0:cf:8b:d4:7e:e7:49:37:a1:29:
         6b:03:ba:92:2e:56:31:e6:fb:3f:c7:ff:58:fd:3c:09:bb:2f:
         e8:03:b5:0b:da:2c:ab:ed:ab:bc:ed:e7:30:bf:2b:00:3b:f6:
         5d:a6:9a:73:04:e9:40:9c:6d:11:62:8e:d2:c9:f6:32:a8:35:
         13:5c:8d:43:dc:5e:21:80:73:0b:b3:06:02:91:a5:36:f8:10:
         c2:0a:30:f7:0d:37:a5:18:1a:44:48:db:c8:7d:10:9e:e3:08:
         ce:ae:b9:cb:6d:34:db:79:0d:fc:dd:a6:20:f2:6c:e0:9b:25:
         7f:b5:7d:18:ae:06:51:79:de:8d:7b:1a:8c:2c:a4:0d:b4:21:
         85:06:0b:f7:56:20:64:0f:ed:37:e3:9d:e4:2e:49:00:6a:66:
         dd:36:b8:c8:8d:11:71:55:cb:9f:d6:ba:09:85:99:fa:56:21:
         ed:0d:08:75:87:d3:21:00:53:9e:ef:b3:28:69:9a:65:54:f0:
         0d:c9:78:1c:44:f2:e7:30:ff:1a:09:1c:44:d5:d4:df:0e:6c:
         30:dc:72:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6oN4GUxl5hpZMhhws16AqJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNjA4MTcxMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTljNmY4ZTZmZjc5NGVmODA0MjZjMDkwY2I4MzY1Njk3NjY5MWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGN+uacXafLcPt3OW2IZI3SxAQum
roTt0yh1KCzz+78UKBE7/XKRV8gEj9QuhekbBSWU7ltXB+hycjcyHzkk2Zt1T5LR
MeHgQAatbCR7I2jWTkCslSb1+hZbEO+nkiKRSeti8YEdN7yqX4pfCatha3Jk7RtX
E9TWXUvDUWir73FX3nEyNZjRdVjZgPS1AUGpZ2VJCeDDBWwmffQgPawsfJT7W4Pc
cAmToy4+bwvGM0nF3SgJNthDVQO3FbYwiIGbUCCni9yXlFE61LnP7mOcJQx9MfGh
TvIfZ9zQCfcFs49AOQ9hGhMRK32veb602M5+ZOaSlnA1aD7ArayLqpseFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIqcb45v95TvgEJsCQy4NlaXZpGqMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvaXB4dmptXzNsTy1BUW13SkRMZzJWcGRta2FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0zTMA0G
CSqGSIb3DQEBCwUAA4IBAQBAOyr1hEHPc+Lu6GULhHIPNp0J0nG59rNmLobh8scg
ihcWOAbGh5Yx0kp8vMDPi9R+50k3oSlrA7qSLlYx5vs/x/9Y/TwJuy/oA7UL2iyr
7au87ecwvysAO/ZdpppzBOlAnG0RYo7SyfYyqDUTXI1D3F4hgHMLswYCkaU2+BDC
CjD3DTelGBpESNvIfRCe4wjOrrnLbTTbeQ383aYg8mzgmyV/tX0YrgZRed6NexqM
LKQNtCGFBgv3ViBkD+03453kLkkAambdNrjIjRFxVcuf1roJhZn6ViHtDQh1h9Mh
AFOe77MoaZplVPANyXgcRPLnMP8aCRxE1dTfDmww3HJh
-----END CERTIFICATE-----