Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/7bUBJxfta8YWGQeRb5fl37Yaaxo.roa
File:                     7bUBJxfta8YWGQeRb5fl37Yaaxo.roa (raw, json)
Hash identifier:          XQf9kxSl4sRFbthfZQdIsbNBSDsU9+N1iQ8oM1kavXM=
Subject key identifier:   ED:B5:01:27:17:ED:6B:C6:16:19:07:91:6F:97:E5:DF:B6:1A:6B:1A
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019D2A09C9D7D46E03B19FC35DCF6DDF1513
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/7bUBJxfta8YWGQeRb5fl37Yaaxo.roa
Signing time:             Thu 26 Mar 2026 12:06:17 +0000
ROA not before:           Thu 26 Mar 2026 12:06:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     151704
IP address blocks:        87.76.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Mar 2026 06:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:09:c9:d7:d4:6e:03:b1:9f:c3:5d:cf:6d:df:15:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Mar 26 12:06:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=edb5012717ed6bc6161907916f97e5dfb61a6b1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f5:17:1b:2b:47:be:a7:70:62:c4:43:ea:d7:
                    88:ff:40:ae:07:d3:97:45:7a:bf:c0:d6:89:7f:d2:
                    3d:5c:64:5a:72:66:af:9b:bc:b6:1a:8e:04:e6:ad:
                    9d:5c:76:de:13:5c:ff:0b:a9:4f:00:a6:a1:82:d6:
                    9e:56:eb:48:6d:74:9e:8c:cf:18:b0:c1:a2:e1:d6:
                    65:64:d8:81:fa:fe:bc:49:2d:87:74:a5:2b:15:d2:
                    c7:82:a5:ac:68:8a:60:bd:fa:0e:40:78:d4:ba:68:
                    02:3a:a0:58:cc:14:7e:48:07:84:fe:55:05:78:51:
                    33:15:8b:5e:2f:c3:dd:e7:c8:69:f6:01:9c:04:cb:
                    f9:fe:ba:df:6c:39:16:77:e4:97:38:cb:e8:9c:d8:
                    0f:1f:d0:3e:5f:bf:89:b6:10:19:ed:7e:85:de:50:
                    7d:87:20:cf:2e:6a:78:3e:f1:a5:80:14:4d:37:5d:
                    0a:86:52:b2:a8:18:c5:7c:7b:85:23:09:4f:3d:58:
                    f7:64:95:0f:81:2f:44:41:9c:1b:1e:c5:4b:59:79:
                    80:df:52:b0:43:53:6f:b0:9f:29:55:7f:5a:dd:3f:
                    9b:cd:c7:3c:b1:e5:73:77:9d:fe:18:11:42:fb:a6:
                    01:0c:33:2d:6f:84:08:c3:b8:57:2f:a6:69:85:7d:
                    2f:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:B5:01:27:17:ED:6B:C6:16:19:07:91:6F:97:E5:DF:B6:1A:6B:1A
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/7bUBJxfta8YWGQeRb5fl37Yaaxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:b6:c9:d2:24:bf:d6:0d:d9:62:ce:7a:d3:c0:ed:41:58:c7:
         d9:a5:6b:c6:34:a1:79:49:6c:8d:77:37:90:e6:cd:d0:df:0b:
         4b:ad:86:79:3b:16:dd:13:04:67:e9:58:88:16:35:20:81:27:
         cc:98:28:cd:d2:ce:92:d7:7b:d7:55:c6:b8:93:b1:d2:1d:ad:
         39:e8:ac:c0:c8:67:ca:30:57:43:2b:b3:1d:dd:c0:72:c3:58:
         a1:51:6d:91:33:05:34:6d:fc:c0:31:43:53:aa:9f:22:c8:9d:
         c1:38:c0:5e:c9:20:7e:2b:3b:2f:2e:51:b8:4e:a7:23:97:a0:
         4a:12:51:c4:d5:8f:f8:d5:19:85:3f:e8:04:d4:0d:86:c5:7b:
         03:3b:61:68:31:21:a4:e3:1e:36:b5:fb:8d:6e:25:1b:84:8d:
         aa:7e:bf:6e:68:f3:97:40:96:79:55:12:93:7a:13:68:8f:50:
         a9:fe:76:dd:5c:1b:26:e3:0e:69:44:fe:e3:93:51:fd:90:a0:
         e7:87:ab:e6:56:e2:be:eb:11:ff:a8:58:82:3f:71:64:44:40:
         6b:0f:56:e2:5f:d0:f3:6f:66:f2:9d:0e:32:2e:d3:9f:06:e7:
         a0:ab:87:4e:40:3a:04:70:54:47:45:67:b3:45:0f:57:f0:a4:
         12:92:2b:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0qCcnX1G4DsZ/DXc9t3xUTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwMzI2MTIwNjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGI1MDEyNzE3ZWQ2YmM2MTYxOTA3OTE2Zjk3ZTVkZmI2MWE2YjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPUXGytHvqdwYsRD6teI/0CuB9OX
RXq/wNaJf9I9XGRacmavm7y2Go4E5q2dXHbeE1z/C6lPAKahgtaeVutIbXSejM8Y
sMGi4dZlZNiB+v68SS2HdKUrFdLHgqWsaIpgvfoOQHjUumgCOqBYzBR+SAeE/lUF
eFEzFYteL8Pd58hp9gGcBMv5/rrfbDkWd+SXOMvonNgPH9A+X7+JthAZ7X6F3lB9
hyDPLmp4PvGlgBRNN10KhlKyqBjFfHuFIwlPPVj3ZJUPgS9EQZwbHsVLWXmA31Kw
Q1NvsJ8pVX9a3T+bzcc8seVzd53+GBFC+6YBDDMtb4QIw7hXL6ZphX0v3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO21AScX7WvGFhkHkW+X5d+2GmsaMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvN2JVQkp4ZnRhOFlXR1FlUmI1ZmwzN1lhYXhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0y8MA0G
CSqGSIb3DQEBCwUAA4IBAQBKtsnSJL/WDdliznrTwO1BWMfZpWvGNKF5SWyNdzeQ
5s3Q3wtLrYZ5OxbdEwRn6ViIFjUggSfMmCjN0s6S13vXVca4k7HSHa056KzAyGfK
MFdDK7Md3cByw1ihUW2RMwU0bfzAMUNTqp8iyJ3BOMBeySB+KzsvLlG4Tqcjl6BK
ElHE1Y/41RmFP+gE1A2GxXsDO2FoMSGk4x42tfuNbiUbhI2qfr9uaPOXQJZ5VRKT
ehNoj1Cp/nbdXBsm4w5pRP7jk1H9kKDnh6vmVuK+6xH/qFiCP3FkREBrD1biX9Dz
b2bynQ4yLtOfBuegq4dOQDoEcFRHRWezRQ9X8KQSkisz
-----END CERTIFICATE-----