Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/PPR9iY6e7wB8dBG4hPjEf_bXgrE.roa
File:                     PPR9iY6e7wB8dBG4hPjEf_bXgrE.roa (raw, json)
Hash identifier:          rVsXHJx7s3hFoA+dVNyfw/DyXL6OOCw5L+m6ouelVRM=
Subject key identifier:   3C:F4:7D:89:8E:9E:EF:00:7C:74:11:B8:84:F8:C4:7F:F6:D7:82:B1
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019CE68F83528BF85315AE9239BC0C09993C
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/PPR9iY6e7wB8dBG4hPjEf_bXgrE.roa
Signing time:             Fri 13 Mar 2026 09:38:10 +0000
ROA not before:           Fri 13 Mar 2026 09:38:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201131
IP address blocks:        87.76.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Mar 2026 02:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e6:8f:83:52:8b:f8:53:15:ae:92:39:bc:0c:09:99:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Mar 13 09:38:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3cf47d898e9eef007c7411b884f8c47ff6d782b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:93:4b:73:02:70:c8:a6:25:1a:2e:df:a3:65:
                    f1:98:15:12:60:8b:ea:42:10:3d:c5:bb:e0:d4:b7:
                    cb:c1:9b:d6:f4:df:50:4c:f7:7f:4f:07:e3:a7:03:
                    ca:6a:f0:48:05:79:8e:f6:1d:9f:c3:bd:32:74:24:
                    5a:c3:4d:e6:5a:11:9a:a6:ce:d4:ff:2a:4a:f2:a7:
                    b3:55:8a:8f:89:43:cc:b6:13:5a:53:1c:93:3f:e6:
                    45:30:97:4d:9d:8c:07:11:5a:70:85:bc:9c:12:9a:
                    16:aa:79:92:76:19:3d:c5:8d:89:88:eb:36:cb:30:
                    45:14:c1:6e:c5:14:c4:c0:ef:3c:df:10:c2:b7:58:
                    29:01:21:96:99:de:8e:cc:30:2d:c5:65:1c:bc:60:
                    3f:0e:40:7b:5f:81:5d:ed:61:3c:ed:30:ef:5d:bc:
                    8a:39:ca:14:79:9a:5a:a5:eb:7f:7d:83:8c:e6:26:
                    a9:03:8a:ce:83:3f:7c:5f:b4:6a:7f:64:4a:c3:93:
                    28:f3:c6:72:f0:c3:c2:6a:bb:f1:55:77:64:b1:c7:
                    5a:6f:29:69:0e:28:50:da:f5:fd:0c:6e:19:b1:91:
                    0c:a5:88:56:e3:40:ab:ed:b3:5c:27:9e:a8:c1:b4:
                    c5:b3:10:c7:08:1a:fe:81:c3:ad:8d:ad:25:d3:f3:
                    2e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:F4:7D:89:8E:9E:EF:00:7C:74:11:B8:84:F8:C4:7F:F6:D7:82:B1
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/PPR9iY6e7wB8dBG4hPjEf_bXgrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:e1:9e:9f:e5:a1:d5:19:63:db:53:c1:ad:da:a5:81:12:d4:
         b5:e0:98:0c:e2:ce:2e:36:88:da:cb:59:f3:c5:75:9a:33:ae:
         17:b8:67:7e:90:d6:9a:a8:a7:8e:79:48:5f:7a:64:e8:08:22:
         54:07:bc:e1:2d:3f:b7:6e:60:95:41:f2:ba:79:4a:49:e2:41:
         3d:7d:7f:d9:c0:d2:61:f7:67:46:9b:3b:53:80:45:4f:ec:59:
         63:5d:11:9d:f2:ed:eb:30:75:0a:04:47:7e:75:a4:b6:88:62:
         70:67:0c:80:94:bd:f8:70:99:a8:3b:e1:88:58:0b:d8:ce:57:
         be:8c:6b:75:fa:b2:b2:c9:a3:99:98:2f:fe:fc:08:6d:01:12:
         9c:c3:45:8a:74:e1:eb:ca:48:95:d8:c5:0c:16:bf:cc:8f:03:
         ae:e7:f8:8e:68:c4:b1:58:9a:8f:0e:81:16:b5:89:74:93:7d:
         08:b2:b1:60:87:01:a3:6f:c2:7c:99:c4:6f:d2:20:a1:78:ef:
         17:21:d7:5d:47:cc:98:04:fa:d4:e3:13:40:8d:1f:e8:7a:39:
         61:62:41:21:e0:d9:6c:05:63:e6:00:0e:9f:cb:dd:d3:73:55:
         29:df:6a:7c:71:4b:47:e7:70:5f:64:51:1d:56:3c:49:f2:d4:
         f8:2d:44:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzmj4NSi/hTFa6SObwMCZk8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwMzEzMDkzODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2Y0N2Q4OThlOWVlZjAwN2M3NDExYjg4NGY4YzQ3ZmY2ZDc4MmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5NLcwJwyKYlGi7fo2XxmBUSYIvq
QhA9xbvg1LfLwZvW9N9QTPd/TwfjpwPKavBIBXmO9h2fw70ydCRaw03mWhGaps7U
/ypK8qezVYqPiUPMthNaUxyTP+ZFMJdNnYwHEVpwhbycEpoWqnmSdhk9xY2JiOs2
yzBFFMFuxRTEwO883xDCt1gpASGWmd6OzDAtxWUcvGA/DkB7X4Fd7WE87TDvXbyK
OcoUeZpapet/fYOM5iapA4rOgz98X7Rqf2RKw5Mo88Zy8MPCarvxVXdkscdabylp
DihQ2vX9DG4ZsZEMpYhW40Cr7bNcJ56owbTFsxDHCBr+gcOtja0l0/MuMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDz0fYmOnu8AfHQRuIT4xH/214KxMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvUFBSOWlZNmU3d0I4ZEJHNGhQakVmX2JYZ3JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0zNMA0G
CSqGSIb3DQEBCwUAA4IBAQAi4Z6f5aHVGWPbU8Gt2qWBEtS14JgM4s4uNojay1nz
xXWaM64XuGd+kNaaqKeOeUhfemToCCJUB7zhLT+3bmCVQfK6eUpJ4kE9fX/ZwNJh
92dGmztTgEVP7FljXRGd8u3rMHUKBEd+daS2iGJwZwyAlL34cJmoO+GIWAvYzle+
jGt1+rKyyaOZmC/+/AhtARKcw0WKdOHrykiV2MUMFr/MjwOu5/iOaMSxWJqPDoEW
tYl0k30IsrFghwGjb8J8mcRv0iCheO8XIdddR8yYBPrU4xNAjR/oejlhYkEh4Nls
BWPmAA6fy93Tc1Up32p8cUtH53BfZFEdVjxJ8tT4LURY
-----END CERTIFICATE-----