Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/9BPj3J2DA-EQOZNxNY-heQx5FR4.roa
File:                     9BPj3J2DA-EQOZNxNY-heQx5FR4.roa (raw, json)
Hash identifier:          LkmHjbJUb46tH5bC0Jmab9IfAzZPQZ78ajH9HHjdXTQ=
Subject key identifier:   F4:13:E3:DC:9D:83:03:E1:10:39:93:71:35:8F:A1:79:0C:79:15:1E
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019DDEF40E28056B77F2035FE521FAC05894
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/9BPj3J2DA-EQOZNxNY-heQx5FR4.roa
Signing time:             Thu 30 Apr 2026 15:13:49 +0000
ROA not before:           Thu 30 Apr 2026 15:13:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214083
IP address blocks:        87.76.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 May 2026 10:38:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:de:f4:0e:28:05:6b:77:f2:03:5f:e5:21:fa:c0:58:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Apr 30 15:13:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f413e3dc9d8303e110399371358fa1790c79151e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:86:e1:bd:f1:b6:ba:b5:43:92:9e:b0:bb:90:
                    ac:f5:63:6e:fd:b5:2f:63:47:1f:ac:b1:52:10:6c:
                    ba:63:89:31:c8:e2:4e:5a:19:ec:bb:10:17:d3:9a:
                    ce:b8:2d:b8:37:3e:38:f3:8d:93:7e:25:16:3e:2a:
                    6f:4d:68:c9:fb:95:e5:bf:9f:f6:94:64:fc:64:08:
                    13:b1:28:ad:f0:ad:8c:83:1d:9d:2e:af:f8:b3:e8:
                    86:6b:1c:00:5b:02:cd:68:6e:25:09:66:ea:a6:d0:
                    b1:6c:c9:97:95:5d:2e:ce:42:2a:50:d7:78:fa:bb:
                    20:1a:65:55:5a:52:7c:ea:41:af:81:d6:9f:44:f9:
                    dd:5c:60:64:1d:a4:62:3d:8d:bf:62:c9:c3:55:74:
                    a3:84:a2:7a:c0:c7:8f:e1:2a:7a:e7:45:4a:b0:1b:
                    1f:01:ec:be:e0:1d:5f:85:78:00:08:80:01:2d:ef:
                    79:c6:c3:1c:36:37:25:54:5b:75:6d:db:63:ea:1e:
                    62:65:59:55:55:e6:57:b3:04:29:9a:ac:a4:2c:84:
                    49:2f:4a:ac:e2:dd:ca:00:10:7d:3c:77:b8:e0:ab:
                    65:b0:34:bc:f6:d9:3c:8c:e0:cc:99:7a:b4:ce:89:
                    80:f7:af:95:4c:0f:21:33:93:1f:8c:99:70:6f:99:
                    d2:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:13:E3:DC:9D:83:03:E1:10:39:93:71:35:8F:A1:79:0C:79:15:1E
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/9BPj3J2DA-EQOZNxNY-heQx5FR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:99:a3:1b:f4:89:92:4b:17:06:19:8d:c6:be:ea:b3:b3:11:
         e8:68:95:79:1c:9f:f5:d8:8d:cc:f4:45:3e:30:44:cd:d8:92:
         29:50:a5:97:27:f2:bc:61:f2:fc:93:13:25:26:a4:c6:00:2f:
         17:49:d5:16:e0:7a:29:de:db:86:c1:ab:a6:84:bc:3d:3b:74:
         c0:9e:2c:09:ab:0d:20:30:8a:0a:ce:fc:d4:4d:6f:c7:8d:5e:
         36:77:95:f5:9a:e8:86:cf:01:3e:1b:ad:78:b8:24:66:9d:8f:
         45:a4:0a:ed:c7:c3:69:59:10:aa:e9:0e:57:7b:41:d1:b9:6e:
         81:c2:03:48:c1:00:bd:1e:d0:fb:b2:6c:5b:31:b6:c8:f5:51:
         dd:c5:26:06:86:c2:72:33:2a:4f:bd:5a:4a:da:2e:e3:10:49:
         f9:2e:d4:d3:bc:a6:18:95:28:69:30:31:1c:11:f6:03:95:96:
         17:22:47:c6:19:0d:d2:d9:83:66:ee:5e:b0:e2:ea:90:60:95:
         86:f1:7f:bc:f0:37:12:7e:c6:ad:be:a0:c5:d7:98:5d:07:a3:
         fa:ab:be:bf:0a:20:76:29:75:c2:ef:16:72:6d:ce:c8:ae:09:
         77:45:90:63:0a:cd:44:8f:65:74:a5:d0:32:09:74:60:d8:62:
         3f:b0:f5:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3e9A4oBWt38gNf5SH6wFiUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNDMwMTUxMzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDEzZTNkYzlkODMwM2UxMTAzOTkzNzEzNThmYTE3OTBjNzkxNTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyobhvfG2urVDkp6wu5Cs9WNu/bUv
Y0cfrLFSEGy6Y4kxyOJOWhnsuxAX05rOuC24Nz44842TfiUWPipvTWjJ+5Xlv5/2
lGT8ZAgTsSit8K2Mgx2dLq/4s+iGaxwAWwLNaG4lCWbqptCxbMmXlV0uzkIqUNd4
+rsgGmVVWlJ86kGvgdafRPndXGBkHaRiPY2/YsnDVXSjhKJ6wMeP4Sp650VKsBsf
Aey+4B1fhXgACIABLe95xsMcNjclVFt1bdtj6h5iZVlVVeZXswQpmqykLIRJL0qs
4t3KABB9PHe44KtlsDS89tk8jODMmXq0zomA96+VTA8hM5MfjJlwb5nSQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQT49ydgwPhEDmTcTWPoXkMeRUeMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvOUJQajNKMkRBLUVRT1pOeE5ZLWhlUXg1RlI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0yTMA0G
CSqGSIb3DQEBCwUAA4IBAQATmaMb9ImSSxcGGY3GvuqzsxHoaJV5HJ/12I3M9EU+
METN2JIpUKWXJ/K8YfL8kxMlJqTGAC8XSdUW4Hop3tuGwaumhLw9O3TAniwJqw0g
MIoKzvzUTW/HjV42d5X1muiGzwE+G614uCRmnY9FpArtx8NpWRCq6Q5Xe0HRuW6B
wgNIwQC9HtD7smxbMbbI9VHdxSYGhsJyMypPvVpK2i7jEEn5LtTTvKYYlShpMDEc
EfYDlZYXIkfGGQ3S2YNm7l6w4uqQYJWG8X+88DcSfsatvqDF15hdB6P6q76/CiB2
KXXC7xZybc7Irgl3RZBjCs1Ej2V0pdAyCXRg2GI/sPU5
-----END CERTIFICATE-----