Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/tuARz5nVMdQOrvw36LZxxwIlfQ4.roa
File:                     tuARz5nVMdQOrvw36LZxxwIlfQ4.roa (raw, json)
Hash identifier:          omrOEdOHK89Cl6vP0ijJLCMNRwMW16mFo/t1CPWMYNc=
Subject key identifier:   B6:E0:11:CF:99:D5:31:D4:0E:AE:FC:37:E8:B6:71:C7:02:25:7D:0E
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019E44BD22513191883EB69B94977C9F91D2
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/tuARz5nVMdQOrvw36LZxxwIlfQ4.roa
Signing time:             Wed 20 May 2026 09:35:06 +0000
ROA not before:           Wed 20 May 2026 09:35:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401322
IP address blocks:        87.76.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:44:bd:22:51:31:91:88:3e:b6:9b:94:97:7c:9f:91:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: May 20 09:35:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b6e011cf99d531d40eaefc37e8b671c702257d0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b7:2d:2a:a5:72:fa:b7:6f:32:c7:2b:52:cd:
                    16:4f:48:f4:fc:8d:59:ee:cb:e9:93:bd:a9:aa:c6:
                    c1:5d:4f:ba:13:93:07:4b:d5:a5:10:a8:e5:8c:8f:
                    5e:18:f0:b6:ac:f8:87:93:b0:7b:df:38:a8:5e:27:
                    70:7a:8c:90:58:a1:66:9b:f1:cd:88:9a:bc:3b:96:
                    71:fb:1f:b8:75:c1:c6:c3:de:70:d3:61:0b:68:26:
                    b4:46:d3:b9:40:bb:8d:20:c4:4c:fe:74:2d:9f:21:
                    a0:9e:40:b1:37:6f:70:58:a9:51:aa:a7:8f:0b:84:
                    d5:ec:e4:7f:13:62:57:8f:15:02:26:bc:a2:9b:9b:
                    55:25:67:90:ac:57:06:41:c5:4e:ec:32:38:b1:88:
                    68:66:f0:21:98:28:41:c7:bb:98:f2:35:42:1f:74:
                    7a:c9:1f:1a:0f:c3:b9:c0:38:7c:07:7b:5f:67:31:
                    16:e3:3d:ae:06:9a:7b:23:74:a3:19:f5:7d:a5:c4:
                    80:46:7c:f1:48:75:d9:ff:36:13:6d:7d:99:97:57:
                    3d:d2:4c:8a:04:94:e5:72:bc:b9:31:33:32:30:5b:
                    a5:01:16:ce:30:72:0e:9a:ce:ec:fc:6b:25:50:b0:
                    52:f9:52:bf:3a:2d:32:07:00:bb:0c:7a:e3:35:32:
                    63:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:E0:11:CF:99:D5:31:D4:0E:AE:FC:37:E8:B6:71:C7:02:25:7D:0E
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/tuARz5nVMdQOrvw36LZxxwIlfQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:cc:d9:b7:c0:a9:4f:12:2c:13:14:ba:b7:0b:4c:cb:a8:db:
         f2:31:28:07:8a:c5:bc:b6:61:c9:cf:c6:4b:7a:07:e1:fb:93:
         00:61:a9:56:62:1b:38:12:12:5a:f3:d5:bf:c0:60:c0:3e:5f:
         d6:0b:75:f0:a4:2e:10:da:00:06:26:32:e6:40:57:09:65:5b:
         63:65:61:4a:c2:29:b6:ba:cb:c1:90:10:a9:52:d6:8f:7c:b2:
         ea:b2:9e:5a:88:bb:81:a3:53:13:fd:cd:a0:3f:f2:9f:b6:be:
         23:6f:87:ae:35:7f:bd:cc:a6:ee:75:3d:58:7e:5f:93:34:b0:
         c9:e5:bf:ed:23:54:2c:a1:19:b9:23:a7:5a:6c:14:10:cf:37:
         8c:c5:0d:aa:f1:67:e9:86:81:48:b4:bd:9a:7c:26:69:fb:7f:
         bb:51:4f:a1:2f:bf:e7:c4:8a:d1:a9:2c:3c:aa:75:f0:00:3b:
         8c:40:2f:df:17:53:da:81:0b:70:9b:3e:f8:5c:42:9e:3f:9a:
         48:2d:be:0a:5c:54:9c:cd:9a:dd:10:90:32:08:63:55:82:68:
         f4:d4:5f:25:54:7c:d3:0c:82:7a:07:5d:34:80:c2:00:e4:97:
         63:15:4d:10:2a:b5:a6:0b:ee:ed:9f:4d:c5:a7:c8:cd:19:4a:
         1a:1d:c6:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5EvSJRMZGIPrablJd8n5HSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNTIwMDkzNTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmUwMTFjZjk5ZDUzMWQ0MGVhZWZjMzdlOGI2NzFjNzAyMjU3ZDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7ctKqVy+rdvMscrUs0WT0j0/I1Z
7svpk72pqsbBXU+6E5MHS9WlEKjljI9eGPC2rPiHk7B73zioXidweoyQWKFmm/HN
iJq8O5Zx+x+4dcHGw95w02ELaCa0RtO5QLuNIMRM/nQtnyGgnkCxN29wWKlRqqeP
C4TV7OR/E2JXjxUCJryim5tVJWeQrFcGQcVO7DI4sYhoZvAhmChBx7uY8jVCH3R6
yR8aD8O5wDh8B3tfZzEW4z2uBpp7I3SjGfV9pcSARnzxSHXZ/zYTbX2Zl1c90kyK
BJTlcry5MTMyMFulARbOMHIOms7s/GslULBS+VK/Oi0yBwC7DHrjNTJjxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLbgEc+Z1THUDq78N+i2cccCJX0OMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvdHVBUno1blZNZFFPcnZ3MzZMWnh4d0lsZlE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0zEMA0G
CSqGSIb3DQEBCwUAA4IBAQCUzNm3wKlPEiwTFLq3C0zLqNvyMSgHisW8tmHJz8ZL
egfh+5MAYalWYhs4EhJa89W/wGDAPl/WC3XwpC4Q2gAGJjLmQFcJZVtjZWFKwim2
usvBkBCpUtaPfLLqsp5aiLuBo1MT/c2gP/Kftr4jb4euNX+9zKbudT1Yfl+TNLDJ
5b/tI1QsoRm5I6dabBQQzzeMxQ2q8WfphoFItL2afCZp+3+7UU+hL7/nxIrRqSw8
qnXwADuMQC/fF1PagQtwmz74XEKeP5pILb4KXFSczZrdEJAyCGNVgmj01F8lVHzT
DIJ6B100gMIA5JdjFU0QKrWmC+7tn03Fp8jNGUoaHca1
-----END CERTIFICATE-----