Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/OgvLWwat67jlQ6Yr3KFb4XEU2Qw.roa
File:                     OgvLWwat67jlQ6Yr3KFb4XEU2Qw.roa (raw, json)
Hash identifier:          y6vSvwrNSELNuS4MUmDoiVuZAl82e4ZVlI1a2nfnX8E=
Subject key identifier:   3A:0B:CB:5B:06:AD:EB:B8:E5:43:A6:2B:DC:A1:5B:E1:71:14:D9:0C
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019DBAD975A2C9EE5E404679706F663BAB04
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/OgvLWwat67jlQ6Yr3KFb4XEU2Qw.roa
Signing time:             Thu 23 Apr 2026 14:58:26 +0000
ROA not before:           Thu 23 Apr 2026 14:58:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395839
IP address blocks:        87.76.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 May 2026 17:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ba:d9:75:a2:c9:ee:5e:40:46:79:70:6f:66:3b:ab:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Apr 23 14:58:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a0bcb5b06adebb8e543a62bdca15be17114d90c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b5:98:88:f7:dd:20:18:76:da:72:63:9b:7e:
                    18:30:03:0c:aa:af:44:a2:cd:a3:2f:b0:cb:a3:5b:
                    95:ea:b9:7b:db:55:9d:47:c0:20:18:20:de:6b:00:
                    e9:e2:0f:76:73:cb:89:2f:c6:2d:25:fc:f7:b2:a1:
                    f7:25:fd:ff:4f:7c:0e:71:33:db:c1:26:74:7a:63:
                    15:80:69:19:e7:db:0b:e9:74:bf:7c:9a:13:ae:02:
                    d4:c5:14:bf:a1:c7:24:87:82:9b:3b:8d:0f:59:59:
                    59:0c:bb:d0:b9:59:b2:c4:0e:82:91:c4:15:eb:be:
                    c4:a8:f5:93:9f:4c:0c:69:db:70:2c:7d:76:35:be:
                    d8:5a:0d:1e:8c:b5:89:8b:de:f8:01:e4:1b:27:43:
                    92:54:53:be:e4:67:aa:db:23:53:da:fd:5c:59:ef:
                    bf:d8:05:73:88:cb:6e:54:a2:bd:51:ab:29:28:66:
                    0b:17:2d:b1:c0:e0:fb:b9:57:3e:c0:0f:f4:05:75:
                    bb:cd:d8:b0:c5:a7:3f:91:4a:0c:f5:e0:8c:3b:3f:
                    14:8f:c0:9c:3e:d6:38:f0:f4:e2:03:10:f3:45:23:
                    cf:96:f7:7b:6c:60:40:51:4e:4d:49:3e:c7:66:c5:
                    55:53:36:3e:8a:8d:0c:a3:2e:b9:42:53:da:cf:4a:
                    d2:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:0B:CB:5B:06:AD:EB:B8:E5:43:A6:2B:DC:A1:5B:E1:71:14:D9:0C
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/OgvLWwat67jlQ6Yr3KFb4XEU2Qw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:05:a7:a7:3b:af:fe:93:47:93:f9:aa:e8:68:e1:1a:21:af:
         83:45:c5:e4:b7:85:87:5e:70:db:59:82:11:3b:79:ef:0a:d0:
         8e:6d:63:56:49:36:0e:d2:c5:c8:51:ef:2e:62:49:4c:e0:d6:
         72:3b:0b:f3:fe:bf:13:75:71:07:25:f3:4e:35:11:88:81:ab:
         50:e9:dd:e7:e2:28:07:c4:99:d6:68:08:70:44:2e:69:73:d7:
         09:ea:0f:15:67:71:7d:31:7d:c5:58:56:2c:1f:96:f9:ee:69:
         fb:37:e0:94:5c:5b:8e:91:03:20:43:22:c2:80:ed:49:7e:62:
         03:ac:c3:3e:de:4b:d9:5b:39:50:d7:26:60:32:2f:11:b9:90:
         14:9c:48:1c:67:e4:ea:8f:e5:b4:0c:72:50:99:c0:c9:89:70:
         d7:67:da:ba:7f:35:00:8c:34:57:53:39:d7:a7:e4:58:08:39:
         84:b5:5d:c4:eb:b6:3a:fc:7f:f7:d8:05:cf:86:95:0f:9d:fb:
         0a:6f:3c:d5:8d:e0:28:45:57:91:9f:89:1d:ef:88:ae:41:f9:
         a0:e1:6a:98:7d:fc:3d:78:34:23:58:16:aa:8f:70:5a:5b:de:
         91:68:95:bc:f2:5b:ed:e0:73:a1:07:54:5d:72:05:68:dd:8d:
         17:d1:f1:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ262XWiye5eQEZ5cG9mO6sEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNDIzMTQ1ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTBiY2I1YjA2YWRlYmI4ZTU0M2E2MmJkY2ExNWJlMTcxMTRkOTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLWYiPfdIBh22nJjm34YMAMMqq9E
os2jL7DLo1uV6rl721WdR8AgGCDeawDp4g92c8uJL8YtJfz3sqH3Jf3/T3wOcTPb
wSZ0emMVgGkZ59sL6XS/fJoTrgLUxRS/occkh4KbO40PWVlZDLvQuVmyxA6CkcQV
677EqPWTn0wMadtwLH12Nb7YWg0ejLWJi974AeQbJ0OSVFO+5Geq2yNT2v1cWe+/
2AVziMtuVKK9UaspKGYLFy2xwOD7uVc+wA/0BXW7zdiwxac/kUoM9eCMOz8Uj8Cc
PtY48PTiAxDzRSPPlvd7bGBAUU5NST7HZsVVUzY+io0Moy65QlPaz0rSGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDoLy1sGreu45UOmK9yhW+FxFNkMMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvT2d2TFd3YXQ2N2psUTZZcjNLRmI0WEVVMlF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0zAMA0G
CSqGSIb3DQEBCwUAA4IBAQBuBaenO6/+k0eT+aroaOEaIa+DRcXkt4WHXnDbWYIR
O3nvCtCObWNWSTYO0sXIUe8uYklM4NZyOwvz/r8TdXEHJfNONRGIgatQ6d3n4igH
xJnWaAhwRC5pc9cJ6g8VZ3F9MX3FWFYsH5b57mn7N+CUXFuOkQMgQyLCgO1JfmID
rMM+3kvZWzlQ1yZgMi8RuZAUnEgcZ+Tqj+W0DHJQmcDJiXDXZ9q6fzUAjDRXUznX
p+RYCDmEtV3E67Y6/H/32AXPhpUPnfsKbzzVjeAoRVeRn4kd74iuQfmg4WqYffw9
eDQjWBaqj3BaW96RaJW88lvt4HOhB1RdcgVo3Y0X0fHw
-----END CERTIFICATE-----