Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Ctpq-brYD5WifHSHG7naWbhdUNs.roa
File:                     Ctpq-brYD5WifHSHG7naWbhdUNs.roa (raw, json)
Hash identifier:          F9golnT0OCFnCu4W6jUxD8VUwjvfjtgA+dIMmpKsrTg=
Subject key identifier:   0A:DA:6A:F9:BA:D8:0F:95:A2:7C:74:87:1B:B9:DA:59:B8:5D:50:DB
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019E35BB21B85D42F1C1B95A29AE287FE038
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Ctpq-brYD5WifHSHG7naWbhdUNs.roa
Signing time:             Sun 17 May 2026 11:38:36 +0000
ROA not before:           Sun 17 May 2026 11:38:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214556
IP address blocks:        87.76.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jun 2026 04:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:35:bb:21:b8:5d:42:f1:c1:b9:5a:29:ae:28:7f:e0:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: May 17 11:38:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ada6af9bad80f95a27c74871bb9da59b85d50db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6a:53:f5:31:23:96:dc:52:16:f5:dd:40:fa:
                    3f:76:7a:c0:ff:a1:0d:64:f0:5d:b1:fa:4c:e2:84:
                    58:ee:56:e6:05:bd:96:a1:82:4b:aa:fa:9f:bb:fb:
                    09:42:e0:31:8d:65:bd:79:5e:3d:c0:4b:af:e0:cb:
                    4f:b7:ca:bc:47:60:df:e3:ea:d8:56:21:8c:07:80:
                    3b:6d:2b:17:e5:12:04:6c:58:36:43:3e:00:07:53:
                    0a:5d:27:f7:75:18:b2:b2:e3:09:7b:22:f6:a0:2c:
                    c0:07:dd:bf:f4:ea:15:20:34:4f:c6:1b:f8:34:71:
                    dd:86:d2:8d:d8:41:d2:92:4c:f8:c9:e8:52:19:e3:
                    c0:b5:0a:ef:a1:b8:ad:2e:cf:a5:8d:49:9e:bb:ad:
                    af:9f:f8:49:b3:2c:8e:d1:c9:b2:c3:35:fd:a1:54:
                    30:25:0c:bc:73:c1:f5:b6:a8:c8:85:34:b8:14:cb:
                    98:e5:62:b2:2c:30:8e:2b:46:04:ae:aa:7f:8c:59:
                    cb:46:5f:01:87:d0:f1:95:42:4b:30:5d:2c:75:64:
                    80:91:e6:5c:d5:83:57:4d:17:93:0c:ae:e0:ec:c7:
                    c9:46:db:1a:b1:a9:44:61:86:a2:e7:c4:f8:36:06:
                    3f:c1:f8:4b:e8:cb:75:f7:5c:5a:dd:47:e2:f9:f1:
                    34:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:DA:6A:F9:BA:D8:0F:95:A2:7C:74:87:1B:B9:DA:59:B8:5D:50:DB
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Ctpq-brYD5WifHSHG7naWbhdUNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:83:d1:3b:08:13:e0:80:2e:b5:82:d4:5c:0d:cd:e2:1e:9c:
         a6:fe:33:b5:cd:58:f6:1f:57:fa:a8:fc:aa:ca:fd:cd:30:52:
         47:ad:ef:06:50:17:5f:76:5e:2c:42:c6:09:d1:98:a1:a9:b8:
         5a:b7:c0:83:19:ff:97:9c:c6:80:1f:4e:d3:2a:82:90:7b:e0:
         d0:c8:6a:d8:25:99:2a:98:b9:9c:49:40:3b:03:e9:f7:9e:97:
         0e:d3:1a:a4:ee:1a:9b:e8:72:0c:11:11:23:1f:da:8b:dc:53:
         25:d8:17:f6:d4:ae:96:9f:ee:d1:bb:df:7c:80:ca:84:42:26:
         cc:8d:e1:3b:78:f8:07:d2:37:aa:da:57:87:87:76:6c:f0:5e:
         f1:a5:84:26:f4:71:6a:88:e3:43:4e:94:29:02:dd:e5:11:fe:
         50:a6:30:a6:08:35:33:e5:aa:b4:5f:97:7b:96:29:d1:5a:31:
         fc:40:ba:55:22:37:54:c6:fe:ee:ff:cd:0c:92:7f:80:36:3d:
         30:02:63:3d:20:dc:ed:5c:33:64:83:91:09:05:8c:b0:83:77:
         1f:cb:77:58:b1:e8:2b:4e:8a:ce:0b:d1:76:49:93:67:2e:30:
         c2:72:94:f2:32:11:35:d5:21:a7:c4:53:39:06:26:d8:85:c5:
         7c:7d:a7:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ41uyG4XULxwblaKa4of+A4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNTE3MTEzODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWRhNmFmOWJhZDgwZjk1YTI3Yzc0ODcxYmI5ZGE1OWI4NWQ1MGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2pT9TEjltxSFvXdQPo/dnrA/6EN
ZPBdsfpM4oRY7lbmBb2WoYJLqvqfu/sJQuAxjWW9eV49wEuv4MtPt8q8R2Df4+rY
ViGMB4A7bSsX5RIEbFg2Qz4AB1MKXSf3dRiysuMJeyL2oCzAB92/9OoVIDRPxhv4
NHHdhtKN2EHSkkz4yehSGePAtQrvobitLs+ljUmeu62vn/hJsyyO0cmywzX9oVQw
JQy8c8H1tqjIhTS4FMuY5WKyLDCOK0YErqp/jFnLRl8Bh9DxlUJLMF0sdWSAkeZc
1YNXTReTDK7g7MfJRtsasalEYYai58T4NgY/wfhL6Mt191xa3Ufi+fE0lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAraavm62A+Vonx0hxu52lm4XVDbMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvQ3RwcS1icllENVdpZkhTSEc3bmFXYmhkVU5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0yMMA0G
CSqGSIb3DQEBCwUAA4IBAQCTg9E7CBPggC61gtRcDc3iHpym/jO1zVj2H1f6qPyq
yv3NMFJHre8GUBdfdl4sQsYJ0Zihqbhat8CDGf+XnMaAH07TKoKQe+DQyGrYJZkq
mLmcSUA7A+n3npcO0xqk7hqb6HIMEREjH9qL3FMl2Bf21K6Wn+7Ru998gMqEQibM
jeE7ePgH0jeq2leHh3Zs8F7xpYQm9HFqiONDTpQpAt3lEf5QpjCmCDUz5aq0X5d7
linRWjH8QLpVIjdUxv7u/80Mkn+ANj0wAmM9INztXDNkg5EJBYywg3cfy3dYsegr
TorOC9F2SZNnLjDCcpTyMhE11SGnxFM5BibYhcV8faf4
-----END CERTIFICATE-----