Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/MvtJK7G1-szULGXkcGMUKLvVL5Q.roa
File:                     MvtJK7G1-szULGXkcGMUKLvVL5Q.roa (raw, json)
Hash identifier:          mrbi0p+pZ/m2rO+gs/idT0stNxDTkld6jsHkot1Sn1w=
Subject key identifier:   32:FB:49:2B:B1:B5:FA:CC:D4:2C:65:E4:70:63:14:28:BB:D5:2F:94
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019DB026A526D5FEEAB7453F5FFD9045FC2D
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/MvtJK7G1-szULGXkcGMUKLvVL5Q.roa
Signing time:             Tue 21 Apr 2026 13:06:55 +0000
ROA not before:           Tue 21 Apr 2026 13:06:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44620
IP address blocks:        87.76.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 May 2026 19:37:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:26:a5:26:d5:fe:ea:b7:45:3f:5f:fd:90:45:fc:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Apr 21 13:06:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=32fb492bb1b5faccd42c65e470631428bbd52f94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a8:b4:94:a3:51:21:db:b9:29:2a:e1:f3:1b:
                    cb:63:81:64:4f:b0:c8:b0:6c:f2:4b:f3:e2:9a:b5:
                    13:1b:4f:24:8f:51:0f:21:10:92:88:d3:73:c3:09:
                    17:24:07:f2:78:42:2e:4f:28:ea:16:3c:26:77:a2:
                    61:b9:06:4c:d2:53:f2:21:69:db:55:ff:46:6d:fe:
                    db:c3:0f:17:ad:cb:0d:6a:7b:f2:c0:46:a0:12:ab:
                    6a:99:b6:61:ee:71:77:15:e3:05:c1:32:9c:82:a5:
                    9c:a3:1f:85:8f:57:9b:1e:8a:50:a2:b0:b4:4f:86:
                    8d:32:ad:e3:48:8c:cf:83:5c:6b:42:c3:67:a7:bd:
                    ad:6e:39:e5:e2:9f:76:5d:38:2f:51:bd:0a:c1:f1:
                    84:0d:5b:f8:60:e4:a7:f7:c0:f7:83:dc:af:96:09:
                    4d:b1:4e:3c:c2:8b:c8:59:bb:53:43:67:10:f7:a7:
                    6b:ba:b5:5a:fc:06:36:11:74:24:49:77:0f:4a:fd:
                    de:19:4f:d3:80:b8:1e:eb:cf:ac:bd:30:e0:0f:bb:
                    44:89:04:c4:c5:a2:cd:2f:5d:90:1c:c3:2d:89:be:
                    5b:91:4b:46:02:02:8c:1b:b7:c6:39:17:df:48:37:
                    2d:1c:47:e5:55:b1:91:b1:0f:21:33:c2:33:64:1a:
                    ad:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:FB:49:2B:B1:B5:FA:CC:D4:2C:65:E4:70:63:14:28:BB:D5:2F:94
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/MvtJK7G1-szULGXkcGMUKLvVL5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:b7:a6:5b:c5:8d:a4:15:ce:f9:66:d8:52:22:83:16:24:ea:
         f4:08:c5:44:de:09:1c:ad:85:5a:33:a8:63:27:fa:02:e5:82:
         76:80:e2:33:4d:bd:ca:8a:23:b1:3e:3e:23:b0:f3:e0:34:4d:
         c0:6a:ed:16:d9:90:47:03:2a:f7:e1:75:63:11:76:c5:b3:18:
         c9:b3:fb:54:90:de:8e:3f:2c:6b:74:dd:77:4a:7c:59:56:55:
         34:06:1a:87:bc:00:c0:d4:30:4c:31:33:f5:77:af:b7:af:7c:
         21:2d:79:1e:24:76:80:65:85:84:de:61:37:14:70:56:c2:ae:
         92:8f:04:08:75:1a:2c:20:a8:89:99:8d:12:66:1c:a4:ee:b7:
         c9:e6:00:13:ce:6f:d7:6d:bc:ef:63:ad:de:1c:dc:2e:35:d1:
         bd:a1:c3:eb:a8:fb:cb:66:fe:26:f7:66:f1:20:23:e0:6b:1a:
         c8:dd:11:cd:e8:ac:d9:d2:b4:37:ab:f7:3b:94:e4:48:46:0d:
         76:3b:6d:c3:90:10:7b:d7:36:79:c2:5e:64:c3:1a:b2:4e:c9:
         8c:5f:f4:af:56:33:25:4c:7a:3b:f9:f1:25:af:fd:c6:0e:cf:
         b1:a1:4e:f3:75:d7:00:d5:9a:b3:ab:ed:de:d8:b5:a0:a7:74:
         cf:28:19:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2wJqUm1f7qt0U/X/2QRfwtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNDIxMTMwNjU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmZiNDkyYmIxYjVmYWNjZDQyYzY1ZTQ3MDYzMTQyOGJiZDUyZjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqi0lKNRIdu5KSrh8xvLY4FkT7DI
sGzyS/PimrUTG08kj1EPIRCSiNNzwwkXJAfyeEIuTyjqFjwmd6JhuQZM0lPyIWnb
Vf9Gbf7bww8XrcsNanvywEagEqtqmbZh7nF3FeMFwTKcgqWcox+Fj1ebHopQorC0
T4aNMq3jSIzPg1xrQsNnp72tbjnl4p92XTgvUb0KwfGEDVv4YOSn98D3g9yvlglN
sU48wovIWbtTQ2cQ96drurVa/AY2EXQkSXcPSv3eGU/TgLge68+svTDgD7tEiQTE
xaLNL12QHMMtib5bkUtGAgKMG7fGORffSDctHEflVbGRsQ8hM8IzZBqtdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDL7SSuxtfrM1Cxl5HBjFCi71S+UMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvTXZ0Sks3RzEtc3pVTEdYa2NHTVVLTHZWTDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0ymMA0G
CSqGSIb3DQEBCwUAA4IBAQCKt6ZbxY2kFc75ZthSIoMWJOr0CMVE3gkcrYVaM6hj
J/oC5YJ2gOIzTb3KiiOxPj4jsPPgNE3Aau0W2ZBHAyr34XVjEXbFsxjJs/tUkN6O
PyxrdN13SnxZVlU0BhqHvADA1DBMMTP1d6+3r3whLXkeJHaAZYWE3mE3FHBWwq6S
jwQIdRosIKiJmY0SZhyk7rfJ5gATzm/XbbzvY63eHNwuNdG9ocPrqPvLZv4m92bx
ICPgaxrI3RHN6KzZ0rQ3q/c7lORIRg12O23DkBB71zZ5wl5kwxqyTsmMX/SvVjMl
THo7+fElr/3GDs+xoU7zddcA1Zqzq+3e2LWgp3TPKBnO
-----END CERTIFICATE-----