Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/vD1KsobTZ8VUlqK09kzLqUeKqxY.roa
File:                     vD1KsobTZ8VUlqK09kzLqUeKqxY.roa (raw, json)
Hash identifier:          jRA6Wy27yQ+FgsZ69+jjWJ48RxNapsx8Ga3Eu0spzIM=
Subject key identifier:   BC:3D:4A:B2:86:D3:67:C5:54:96:A2:B4:F6:4C:CB:A9:47:8A:AB:16
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019E35BFB564D5D71D1420D71422D4372B1D
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/vD1KsobTZ8VUlqK09kzLqUeKqxY.roa
Signing time:             Sun 17 May 2026 11:43:36 +0000
ROA not before:           Sun 17 May 2026 11:43:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201028
IP address blocks:        87.76.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:35:bf:b5:64:d5:d7:1d:14:20:d7:14:22:d4:37:2b:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: May 17 11:43:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc3d4ab286d367c55496a2b4f64ccba9478aab16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:2a:db:52:df:a0:91:f5:92:c7:3f:33:66:18:
                    1b:cb:fe:75:49:fa:78:10:a4:c8:ae:a0:d0:41:9a:
                    55:b4:40:47:67:51:75:2a:b5:b1:6e:3e:ad:1f:fd:
                    19:3c:c2:6c:fd:15:a9:00:eb:6b:b2:f0:4e:ea:a4:
                    df:6b:67:a1:43:2c:17:44:40:f7:9b:69:e4:7d:bf:
                    06:10:ba:92:aa:1a:59:83:53:99:5e:4f:6a:e1:4d:
                    83:eb:91:7e:95:f4:f1:23:e7:02:33:ad:ff:b6:42:
                    10:08:a7:e3:bf:e3:d1:b5:88:56:f2:45:aa:22:e1:
                    cf:35:ce:d0:83:67:3f:95:80:94:ef:44:c8:3b:c7:
                    ed:5b:17:e6:5b:3e:07:6e:db:ec:64:c5:36:66:6a:
                    6e:1f:77:ce:33:da:69:4b:9a:f8:6e:c6:9d:33:f6:
                    fa:03:52:cd:5b:ae:24:19:13:f6:d1:60:e6:d3:78:
                    d4:2d:77:c9:31:89:9f:2b:79:56:57:d9:3f:6c:ae:
                    96:8c:9e:fa:26:69:de:c5:76:69:f3:af:ea:45:b4:
                    56:10:07:48:a4:1f:4d:88:c7:30:1d:3c:b6:32:0c:
                    13:86:7d:f0:e9:43:23:1f:8a:fa:54:5d:a8:08:ad:
                    ab:0a:59:1a:20:7d:46:f7:ba:d5:27:1b:ee:18:8d:
                    ff:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:3D:4A:B2:86:D3:67:C5:54:96:A2:B4:F6:4C:CB:A9:47:8A:AB:16
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/vD1KsobTZ8VUlqK09kzLqUeKqxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:a5:b7:59:fb:1d:d5:cc:3d:a0:cc:af:e2:e8:4c:d4:6b:89:
         08:d0:9c:52:7e:4c:70:3c:2c:a8:56:b6:fe:87:ec:e7:be:98:
         58:f5:8c:f6:7e:7d:1f:b7:92:d9:ff:cc:47:34:32:83:3b:84:
         b1:cb:fa:5a:64:68:75:54:27:d5:64:ed:10:85:44:bb:f1:7c:
         49:d7:22:e2:76:ac:9a:ac:a4:64:ac:0f:02:08:16:ab:57:5c:
         a9:d1:43:7f:05:9f:ee:95:9b:43:0c:8c:99:f9:3e:6c:7d:e4:
         3e:0e:1a:27:6e:07:cc:85:31:95:53:0b:8f:e8:47:dc:1a:20:
         82:af:e1:2d:2b:b8:c7:ba:70:b2:21:cd:e5:30:c2:1f:c9:d9:
         50:6f:54:5f:b4:c2:db:ef:b0:40:77:e9:2d:55:c7:b0:1d:83:
         db:b4:d7:d3:89:89:e1:20:da:f1:28:d7:bd:5e:d9:f8:f2:2e:
         83:2c:59:c0:1d:68:4d:4a:96:43:6f:79:e6:07:c8:0a:14:ee:
         da:7c:24:7a:e9:9b:63:a1:c4:a3:b3:b0:1f:de:09:72:a2:b3:
         e4:bf:62:cd:4c:85:50:ca:af:44:9e:25:58:05:20:9d:b8:87:
         f5:0f:7b:dd:bb:cc:03:a9:48:4e:c1:5a:94:29:4f:70:b3:c1:
         34:03:dc:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ41v7Vk1dcdFCDXFCLUNysdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNTE3MTE0MzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzNkNGFiMjg2ZDM2N2M1NTQ5NmEyYjRmNjRjY2JhOTQ3OGFhYjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3SrbUt+gkfWSxz8zZhgby/51Sfp4
EKTIrqDQQZpVtEBHZ1F1KrWxbj6tH/0ZPMJs/RWpAOtrsvBO6qTfa2ehQywXRED3
m2nkfb8GELqSqhpZg1OZXk9q4U2D65F+lfTxI+cCM63/tkIQCKfjv+PRtYhW8kWq
IuHPNc7Qg2c/lYCU70TIO8ftWxfmWz4HbtvsZMU2ZmpuH3fOM9ppS5r4bsadM/b6
A1LNW64kGRP20WDm03jULXfJMYmfK3lWV9k/bK6WjJ76JmnexXZp86/qRbRWEAdI
pB9NiMcwHTy2MgwThn3w6UMjH4r6VF2oCK2rClkaIH1G97rVJxvuGI3/OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLw9SrKG02fFVJaitPZMy6lHiqsWMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvdkQxS3NvYlRaOFZVbHFLMDlrekxxVWVLcXhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0yMMA0G
CSqGSIb3DQEBCwUAA4IBAQAmpbdZ+x3VzD2gzK/i6EzUa4kI0JxSfkxwPCyoVrb+
h+znvphY9Yz2fn0ft5LZ/8xHNDKDO4Sxy/paZGh1VCfVZO0QhUS78XxJ1yLidqya
rKRkrA8CCBarV1yp0UN/BZ/ulZtDDIyZ+T5sfeQ+DhonbgfMhTGVUwuP6EfcGiCC
r+EtK7jHunCyIc3lMMIfydlQb1RftMLb77BAd+ktVcewHYPbtNfTiYnhINrxKNe9
Xtn48i6DLFnAHWhNSpZDb3nmB8gKFO7afCR66ZtjocSjs7Af3glyorPkv2LNTIVQ
yq9EniVYBSCduIf1D3vdu8wDqUhOwVqUKU9ws8E0A9x+
-----END CERTIFICATE-----