Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/PrDTE_W9w7u3rb3AMwcuUzQBk4k.roa
File:                     PrDTE_W9w7u3rb3AMwcuUzQBk4k.roa (raw, json)
Hash identifier:          cDvJDIq/K+Z1prcm9UYSMO3Ihf8lvFG1OH7pQyPkCEk=
Subject key identifier:   3E:B0:D3:13:F5:BD:C3:BB:B7:AD:BD:C0:33:07:2E:53:34:01:93:89
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019E9945843FE67CCF3E88477F5F7E69BB08
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/PrDTE_W9w7u3rb3AMwcuUzQBk4k.roa
Signing time:             Fri 05 Jun 2026 19:32:10 +0000
ROA not before:           Fri 05 Jun 2026 19:32:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207530
IP address blocks:        87.76.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:99:45:84:3f:e6:7c:cf:3e:88:47:7f:5f:7e:69:bb:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Jun  5 19:32:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3eb0d313f5bdc3bbb7adbdc033072e5334019389
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:02:53:5a:a2:75:32:96:d9:53:ef:9b:43:8e:
                    79:66:94:84:e0:26:42:89:21:f8:d7:f4:bf:e9:0f:
                    b6:12:d6:76:51:30:b0:b3:97:1a:8e:5c:aa:d9:c0:
                    27:73:86:d6:40:80:2c:34:00:f8:c3:6b:d7:a2:86:
                    b4:58:60:7b:3c:e1:3f:2c:5d:b1:a8:87:1b:11:33:
                    f1:86:c3:85:20:5a:81:33:ef:ca:d0:ab:e8:ea:62:
                    58:c6:21:2f:c3:e0:57:71:0c:2d:76:9c:92:8c:02:
                    18:96:87:33:9b:f9:3d:c8:31:68:4b:35:18:70:d9:
                    c8:af:66:92:ea:77:ad:75:eb:8f:e0:57:4f:9d:4a:
                    ce:01:c3:d9:c1:b4:04:29:2d:75:12:30:9d:26:71:
                    b8:91:0c:b7:f7:f0:47:cc:ef:51:e8:f5:ab:4c:98:
                    5b:d6:81:56:9d:f1:ba:05:28:3f:4d:e2:37:05:c4:
                    a7:b1:b9:6b:15:c2:41:a5:df:de:fc:f1:17:4b:b6:
                    1f:22:40:f7:f6:1c:47:5a:9d:d6:4b:1e:d3:75:43:
                    0b:ee:c8:dc:e0:11:52:e7:8d:7b:0e:ed:7f:61:f4:
                    25:a8:58:b0:3a:7c:38:f9:62:4f:fd:28:04:98:bb:
                    4e:ac:3e:bf:27:2a:01:c2:04:fe:14:df:e6:dd:cb:
                    63:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:B0:D3:13:F5:BD:C3:BB:B7:AD:BD:C0:33:07:2E:53:34:01:93:89
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/PrDTE_W9w7u3rb3AMwcuUzQBk4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:5f:20:6e:15:b5:68:a9:e9:50:59:fe:a3:f1:cd:39:33:b7:
         3c:e8:8c:6f:bb:d2:e4:30:b4:20:ad:a5:2b:25:31:00:c5:53:
         82:78:af:2d:d9:07:b6:8e:41:5d:b7:d1:85:b2:49:cd:b0:7a:
         02:2e:71:12:e4:44:3f:f0:bf:d8:40:c5:42:90:29:3b:37:d3:
         77:59:99:65:ed:c4:de:ab:e3:22:46:53:b2:68:28:e8:9d:32:
         d2:46:81:1b:4c:39:11:11:42:17:5e:1c:5d:17:11:6e:9e:e8:
         f0:0d:46:d6:86:bc:12:59:5e:ca:89:c2:81:d9:5f:f7:20:67:
         72:32:75:36:7b:4d:26:36:29:36:f7:d2:8c:fa:b2:1b:4e:b8:
         49:2f:af:d1:d3:2e:9a:e5:3a:25:6d:6e:77:c9:63:f0:95:63:
         3e:a7:32:b7:06:c6:44:ab:bb:62:ae:1b:3f:56:82:fb:8d:d8:
         c5:e6:5b:71:a8:11:e5:58:59:b5:df:34:a9:3b:fc:fc:1c:53:
         24:b7:57:ce:bc:f6:63:1b:12:74:26:00:18:cf:bd:40:7e:bc:
         45:81:15:c9:6e:38:11:70:83:3f:7a:1d:fe:92:a9:16:01:d9:
         8e:d1:44:ea:bc:46:d3:e8:9b:80:92:9c:7e:b9:5f:ed:d1:a6:
         74:4d:be:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6ZRYQ/5nzPPohHf19+absIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNjA1MTkzMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWIwZDMxM2Y1YmRjM2JiYjdhZGJkYzAzMzA3MmU1MzM0MDE5Mzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAJTWqJ1MpbZU++bQ455ZpSE4CZC
iSH41/S/6Q+2EtZ2UTCws5cajlyq2cAnc4bWQIAsNAD4w2vXooa0WGB7POE/LF2x
qIcbETPxhsOFIFqBM+/K0Kvo6mJYxiEvw+BXcQwtdpySjAIYloczm/k9yDFoSzUY
cNnIr2aS6netdeuP4FdPnUrOAcPZwbQEKS11EjCdJnG4kQy39/BHzO9R6PWrTJhb
1oFWnfG6BSg/TeI3BcSnsblrFcJBpd/e/PEXS7YfIkD39hxHWp3WSx7TdUML7sjc
4BFS5417Du1/YfQlqFiwOnw4+WJP/SgEmLtOrD6/JyoBwgT+FN/m3ctjOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6w0xP1vcO7t629wDMHLlM0AZOJMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvUHJEVEVfVzl3N3UzcmIzQU13Y3VVelFCazRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0ynMA0G
CSqGSIb3DQEBCwUAA4IBAQAXXyBuFbVoqelQWf6j8c05M7c86Ixvu9LkMLQgraUr
JTEAxVOCeK8t2Qe2jkFdt9GFsknNsHoCLnES5EQ/8L/YQMVCkCk7N9N3WZll7cTe
q+MiRlOyaCjonTLSRoEbTDkREUIXXhxdFxFunujwDUbWhrwSWV7KicKB2V/3IGdy
MnU2e00mNik299KM+rIbTrhJL6/R0y6a5TolbW53yWPwlWM+pzK3BsZEq7tirhs/
VoL7jdjF5ltxqBHlWFm13zSpO/z8HFMkt1fOvPZjGxJ0JgAYz71AfrxFgRXJbjgR
cIM/eh3+kqkWAdmO0UTqvEbT6JuAkpx+uV/t0aZ0Tb7p
-----END CERTIFICATE-----