Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/zocALgimkWCVbzszBR2uphEiBtI.roa
File:                     zocALgimkWCVbzszBR2uphEiBtI.roa (raw, json)
Hash identifier:          4ANr/Owql6aOh54xvEE6sr/jfbMHNepGi5TVeFJshk8=
Subject key identifier:   CE:87:00:2E:08:A6:91:60:95:6F:3B:33:05:1D:AE:A6:11:22:06:D2
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019C7A953DEA1CD2F33DF5109EB3683C2C22
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/zocALgimkWCVbzszBR2uphEiBtI.roa
Signing time:             Fri 20 Feb 2026 10:25:26 +0000
ROA not before:           Fri 20 Feb 2026 10:25:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9205
IP address blocks:        87.76.224.0/19 maxlen: 19
                          87.76.254.0/23 maxlen: 23
                          193.110.112.0/22 maxlen: 22
                          193.110.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7a:95:3d:ea:1c:d2:f3:3d:f5:10:9e:b3:68:3c:2c:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Feb 20 10:25:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce87002e08a69160956f3b33051daea6112206d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:cd:7c:41:14:a6:32:34:a5:02:b1:24:02:10:
                    70:4d:d1:2c:7e:a9:94:ec:d1:d1:ca:8a:5d:29:d4:
                    d9:d2:34:df:34:4c:ce:48:88:dd:db:a4:02:8e:f3:
                    0f:2b:f2:ca:0e:67:5c:db:1d:f3:f3:ba:ed:c0:39:
                    7b:a3:e3:f8:8e:7c:74:76:2d:cd:ff:53:f8:4c:39:
                    95:97:3f:bf:7b:7b:13:ad:bb:82:a5:3c:67:5d:eb:
                    3a:ca:26:36:ee:87:f5:2e:68:fa:f8:f3:1e:0b:bf:
                    48:39:b9:ac:0f:6c:58:3d:87:0b:b5:41:a8:3e:1f:
                    a6:61:36:7f:d3:80:38:a4:c9:d9:c7:8e:40:ce:71:
                    ee:09:05:f7:fe:f6:06:60:53:82:08:37:f1:49:ae:
                    66:2a:a3:49:a6:69:6d:08:19:64:9d:6d:7f:56:b3:
                    b3:bd:a8:14:d0:b6:9f:7a:3c:17:7d:9a:66:cd:72:
                    9d:14:3c:26:55:f2:28:20:4e:35:e1:79:e4:13:36:
                    f7:46:10:ce:98:fb:fd:89:36:ca:78:5a:64:c3:0c:
                    4d:56:e2:4e:b7:19:8c:a4:78:9b:5d:d8:27:9c:42:
                    de:f0:51:8e:7c:fb:8e:d2:81:ad:92:06:23:f3:62:
                    7e:89:dc:af:33:00:f8:70:2a:b1:2e:62:4a:3d:21:
                    a0:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:87:00:2E:08:A6:91:60:95:6F:3B:33:05:1D:AE:A6:11:22:06:D2
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/zocALgimkWCVbzszBR2uphEiBtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.224.0/19
                  193.110.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:6d:bf:42:06:09:49:46:97:90:ed:cb:41:cf:c1:75:0c:0d:
         a6:61:03:bc:70:5c:75:5f:db:13:03:c4:b8:15:b9:aa:37:24:
         5f:ea:d1:03:f5:4d:67:4f:fa:97:e1:b8:ea:64:a3:7d:1d:e3:
         c8:44:2d:c6:73:58:be:94:3d:12:87:87:1e:8d:4d:0b:49:80:
         dc:04:8c:45:82:25:53:04:20:48:fb:46:76:5a:17:e8:39:2f:
         92:93:5b:64:da:d8:e0:0f:9e:bf:c2:c6:c5:d0:ea:0c:b6:a3:
         da:5a:a6:6d:e3:d9:ff:d4:08:82:15:bf:12:83:93:b4:2d:30:
         73:3d:32:7f:f5:79:19:e3:73:fa:fd:f4:c6:b8:83:06:62:2f:
         df:26:16:0f:e6:a0:26:e5:3d:5a:8e:e1:49:ff:68:a8:cf:f7:
         7e:c4:65:fd:40:3d:41:42:a0:0d:66:d9:e1:a0:3f:54:ca:36:
         21:c1:63:a3:1a:20:7f:0d:91:22:a9:dd:ac:3b:ac:78:60:b3:
         61:32:5d:a0:b2:04:82:28:98:ac:5c:33:32:62:45:0f:17:d8:
         1c:6c:ef:68:cb:c2:1f:2c:b4:58:ac:62:27:76:80:9f:46:46:
         13:e6:28:72:1b:e0:24:61:50:e9:59:05:35:eb:19:44:7a:65:
         41:50:d5:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZx6lT3qHNLzPfUQnrNoPCwiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwMjIwMTAyNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTg3MDAyZTA4YTY5MTYwOTU2ZjNiMzMwNTFkYWVhNjExMjIwNmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr818QRSmMjSlArEkAhBwTdEsfqmU
7NHRyopdKdTZ0jTfNEzOSIjd26QCjvMPK/LKDmdc2x3z87rtwDl7o+P4jnx0di3N
/1P4TDmVlz+/e3sTrbuCpTxnXes6yiY27of1Lmj6+PMeC79IObmsD2xYPYcLtUGo
Ph+mYTZ/04A4pMnZx45AznHuCQX3/vYGYFOCCDfxSa5mKqNJpmltCBlknW1/VrOz
vagU0LafejwXfZpmzXKdFDwmVfIoIE414XnkEzb3RhDOmPv9iTbKeFpkwwxNVuJO
txmMpHibXdgnnELe8FGOfPuO0oGtkgYj82J+idyvMwD4cCqxLmJKPSGgzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM6HAC4IppFglW87MwUdrqYRIgbSMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvem9jQUxnaW1rV0NWYnpzekJSMnVwaEVpQnRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFV0zgAwQC
wW5wMA0GCSqGSIb3DQEBCwUAA4IBAQCFbb9CBglJRpeQ7ctBz8F1DA2mYQO8cFx1
X9sTA8S4FbmqNyRf6tED9U1nT/qX4bjqZKN9HePIRC3Gc1i+lD0Sh4cejU0LSYDc
BIxFgiVTBCBI+0Z2WhfoOS+Sk1tk2tjgD56/wsbF0OoMtqPaWqZt49n/1AiCFb8S
g5O0LTBzPTJ/9XkZ43P6/fTGuIMGYi/fJhYP5qAm5T1ajuFJ/2ioz/d+xGX9QD1B
QqANZtnhoD9UyjYhwWOjGiB/DZEiqd2sO6x4YLNhMl2gsgSCKJisXDMyYkUPF9gc
bO9oy8IfLLRYrGIndoCfRkYT5ihyG+AkYVDpWQU16xlEemVBUNXf
-----END CERTIFICATE-----