Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/9W3cM1HhCnrFyhiii2__I8acL1o.roa
File:                     9W3cM1HhCnrFyhiii2__I8acL1o.roa (raw, json)
Hash identifier:          XmTH/A1JHqPkjuJ3cCZ133ga9SC0NUcaoC8Cz7WH/BI=
Subject key identifier:   F5:6D:DC:33:51:E1:0A:7A:C5:CA:18:A2:8B:6F:FF:23:C6:9C:2F:5A
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019E01798A1DA972AE69D5A16C0AF241EA35
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/9W3cM1HhCnrFyhiii2__I8acL1o.roa
Signing time:             Thu 07 May 2026 08:06:42 +0000
ROA not before:           Thu 07 May 2026 08:06:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402215
IP address blocks:        87.76.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:01:79:8a:1d:a9:72:ae:69:d5:a1:6c:0a:f2:41:ea:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: May  7 08:06:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f56ddc3351e10a7ac5ca18a28b6fff23c69c2f5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e7:b4:10:24:ac:54:35:57:bd:59:df:29:61:
                    d7:53:e1:a4:88:b4:af:fe:97:01:60:aa:4c:eb:c9:
                    04:d6:03:45:ab:61:c3:98:bb:be:ee:f6:31:d1:10:
                    eb:05:4f:ca:35:90:2f:6e:dc:ac:32:8b:9c:a1:4c:
                    95:db:9a:55:8d:90:f5:cf:48:65:e8:e0:eb:17:72:
                    3c:01:02:9e:d5:fb:97:c2:6a:44:b1:4e:dc:91:67:
                    5b:5e:69:ed:26:fd:8c:7f:a8:bc:5a:cd:a6:47:9b:
                    74:f9:3d:c9:b6:c5:3f:61:d4:b6:67:8b:ce:c7:8f:
                    92:a6:87:46:42:f9:c2:64:92:b1:9e:97:67:b9:c6:
                    31:26:7d:b0:00:ac:f4:a2:1a:41:5e:96:76:af:ac:
                    f9:76:c3:4f:ce:8b:34:5e:dd:c2:17:74:95:6c:58:
                    62:b0:48:e6:c4:62:42:40:a3:37:bd:ac:73:20:a6:
                    a1:79:2d:05:e2:81:a0:4d:70:7f:84:88:cb:0a:45:
                    7c:77:af:37:d7:ce:20:a7:b3:b2:2b:68:f5:09:7c:
                    26:2e:1e:74:68:7a:b7:09:66:b7:19:d0:6f:1d:2f:
                    53:62:ed:c4:f2:0f:9e:47:e8:c3:3c:c8:5f:c2:0e:
                    dc:bc:78:d3:cb:41:a0:6d:47:73:01:ee:9b:dd:38:
                    16:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:6D:DC:33:51:E1:0A:7A:C5:CA:18:A2:8B:6F:FF:23:C6:9C:2F:5A
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/9W3cM1HhCnrFyhiii2__I8acL1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:c3:b8:c0:01:18:2f:f8:4f:b0:96:af:d9:c4:a8:f0:64:fa:
         0a:d2:b1:c3:ba:6f:cb:cd:9e:1d:31:03:64:c0:5c:e8:cf:29:
         14:e2:9c:b6:a2:29:de:a2:aa:85:0a:04:b7:c6:37:05:71:46:
         ad:9e:75:63:8f:4b:91:f1:5a:bb:0b:dd:f4:43:72:19:11:0f:
         36:91:90:03:ba:3a:1b:5a:b0:59:5b:54:2a:2f:79:e5:75:da:
         5c:56:41:94:39:6f:15:97:a6:e9:24:d8:4c:e3:f9:ee:85:73:
         2d:84:1d:f5:d7:fd:cf:eb:b6:07:be:85:9a:fd:74:86:31:50:
         59:56:d9:41:d2:57:3d:d6:af:ac:59:bd:2c:6b:db:5b:e1:c2:
         3c:5b:2e:c0:15:57:8f:a8:11:27:a3:ae:6f:d4:46:f7:f6:8b:
         bb:f7:e6:60:10:df:86:61:f0:fe:37:30:ba:6e:2c:38:be:41:
         f2:2b:e1:f4:31:d8:cf:fd:09:3a:bd:73:ce:db:56:60:b8:a4:
         50:a8:74:aa:fb:9b:b4:44:e3:1e:0f:46:3b:a1:ec:f9:7f:a5:
         0d:c2:d3:4c:ac:df:77:a9:cf:24:00:e7:1c:93:79:91:f5:fd:
         33:e0:6e:d8:f8:c0:90:b9:7e:9b:d6:fc:9d:85:1c:5e:3d:5a:
         a8:6f:46:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4BeYodqXKuadWhbAryQeo1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNTA3MDgwNjQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTZkZGMzMzUxZTEwYTdhYzVjYTE4YTI4YjZmZmYyM2M2OWMyZjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+e0ECSsVDVXvVnfKWHXU+GkiLSv
/pcBYKpM68kE1gNFq2HDmLu+7vYx0RDrBU/KNZAvbtysMoucoUyV25pVjZD1z0hl
6ODrF3I8AQKe1fuXwmpEsU7ckWdbXmntJv2Mf6i8Ws2mR5t0+T3JtsU/YdS2Z4vO
x4+SpodGQvnCZJKxnpdnucYxJn2wAKz0ohpBXpZ2r6z5dsNPzos0Xt3CF3SVbFhi
sEjmxGJCQKM3vaxzIKaheS0F4oGgTXB/hIjLCkV8d683184gp7OyK2j1CXwmLh50
aHq3CWa3GdBvHS9TYu3E8g+eR+jDPMhfwg7cvHjTy0GgbUdzAe6b3TgWYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVt3DNR4Qp6xcoYootv/yPGnC9aMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvOVczY00xSGhDbnJGeWhpaWkyX19JOGFjTDFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0ytMA0G
CSqGSIb3DQEBCwUAA4IBAQBSw7jAARgv+E+wlq/ZxKjwZPoK0rHDum/LzZ4dMQNk
wFzozykU4py2oineoqqFCgS3xjcFcUatnnVjj0uR8Vq7C930Q3IZEQ82kZADujob
WrBZW1QqL3nlddpcVkGUOW8Vl6bpJNhM4/nuhXMthB311/3P67YHvoWa/XSGMVBZ
VtlB0lc91q+sWb0sa9tb4cI8Wy7AFVePqBEno65v1Eb39ou79+ZgEN+GYfD+NzC6
biw4vkHyK+H0MdjP/Qk6vXPO21ZguKRQqHSq+5u0ROMeD0Y7oez5f6UNwtNMrN93
qc8kAOcck3mR9f0z4G7Y+MCQuX6b1vydhRxePVqob0bl
-----END CERTIFICATE-----