Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/ftjC5cVdfXTXs9sRcd28dVzryPE.roa
File:                     ftjC5cVdfXTXs9sRcd28dVzryPE.roa (raw, json)
Hash identifier:          q39JPbUYVuRJ2Z24HmcjfZw4N5RNFUeAJy0WoLD7cGE=
Subject key identifier:   7E:D8:C2:E5:C5:5D:7D:74:D7:B3:DB:11:71:DD:BC:75:5C:EB:C8:F1
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019E5C17FECC4962153110CB9C9A99795B5C
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/ftjC5cVdfXTXs9sRcd28dVzryPE.roa
Signing time:             Sun 24 May 2026 22:25:36 +0000
ROA not before:           Sun 24 May 2026 22:25:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209658
IP address blocks:        87.76.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jun 2026 14:04:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5c:17:fe:cc:49:62:15:31:10:cb:9c:9a:99:79:5b:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: May 24 22:25:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ed8c2e5c55d7d74d7b3db1171ddbc755cebc8f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d7:51:88:bb:12:69:0f:19:8e:18:bd:6d:1c:
                    0c:fd:55:3e:3a:53:21:d4:89:49:b1:92:78:fb:b7:
                    b2:ee:46:18:c3:94:b3:99:10:dc:9c:5b:0c:59:53:
                    ec:32:c3:c2:ce:8b:72:4e:c4:bf:59:de:8a:ba:06:
                    66:48:af:13:be:ea:90:73:dc:08:1a:4e:11:1c:2d:
                    8b:d6:99:ed:dd:9f:87:eb:79:12:9d:70:39:99:2d:
                    c1:91:3d:8b:9b:3e:b5:38:b0:3e:fb:17:66:9c:2a:
                    60:b4:eb:87:06:d2:bc:9e:99:68:bf:73:2f:de:7a:
                    f2:74:63:db:0a:9c:64:67:93:72:26:2e:5f:a6:fc:
                    00:72:2b:56:43:17:25:73:5b:25:a8:ba:3a:b4:7f:
                    81:64:69:6c:2e:39:8e:b9:db:d8:83:19:5c:a5:32:
                    c4:20:8a:bb:56:6f:0a:f9:b3:07:59:a3:2d:bb:3e:
                    2b:3e:57:a5:86:64:02:af:9e:01:36:11:06:08:6e:
                    c4:7f:d5:41:55:22:8f:b4:3c:ee:98:86:ab:a1:f2:
                    cb:fc:ee:f3:6a:43:11:e4:70:f1:8a:77:cd:fa:45:
                    c4:33:1f:de:c8:cc:60:64:6e:6a:8b:e4:75:5f:ac:
                    a7:a3:f7:e1:e2:47:ba:5b:21:bf:a8:cb:79:ac:c0:
                    29:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:D8:C2:E5:C5:5D:7D:74:D7:B3:DB:11:71:DD:BC:75:5C:EB:C8:F1
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/ftjC5cVdfXTXs9sRcd28dVzryPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:99:4d:72:d9:ac:7c:35:81:89:a5:6a:c9:8b:0d:85:1f:43:
         c8:3a:6a:86:70:c4:48:d8:d5:a5:56:2e:3b:6b:df:88:1d:4e:
         a9:8d:02:19:85:ce:50:9e:9d:99:f0:3b:b0:cb:ca:97:79:b6:
         7c:9c:af:9d:d2:9f:7d:10:90:5e:77:d0:fc:f7:92:a3:60:bc:
         78:f8:8c:e9:e9:dc:30:14:30:8e:55:f2:28:96:b4:4e:84:31:
         72:cf:9f:f6:d5:d6:66:01:e2:02:7d:4d:a6:13:b0:49:2a:fe:
         5b:40:5b:88:5a:e6:d5:f2:6f:24:f4:bf:95:e0:e9:f9:f2:32:
         90:ed:eb:5a:52:2b:5d:ca:dc:f3:ec:fc:38:ac:59:6f:6e:57:
         f6:b6:73:69:32:ce:d0:76:80:8a:ad:5c:55:95:f2:4d:e3:04:
         4d:32:93:91:56:f0:46:46:6b:f6:99:00:d1:a0:a2:fb:20:56:
         02:8d:62:30:87:03:63:ba:7e:86:b7:c4:f8:44:93:4c:cc:83:
         18:c8:94:c6:8b:28:6d:3b:2d:b5:9b:29:d8:58:cf:81:d6:d7:
         15:95:ac:fb:af:f0:6b:83:13:f9:1c:b5:48:dd:8b:5f:5c:2d:
         f3:15:e1:34:46:8c:7a:7f:3c:09:d1:4b:15:c8:20:35:73:ee:
         bf:bd:54:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5cF/7MSWIVMRDLnJqZeVtcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNTI0MjIyNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWQ4YzJlNWM1NWQ3ZDc0ZDdiM2RiMTE3MWRkYmM3NTVjZWJjOGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtdRiLsSaQ8Zjhi9bRwM/VU+OlMh
1IlJsZJ4+7ey7kYYw5SzmRDcnFsMWVPsMsPCzotyTsS/Wd6KugZmSK8TvuqQc9wI
Gk4RHC2L1pnt3Z+H63kSnXA5mS3BkT2Lmz61OLA++xdmnCpgtOuHBtK8nplov3Mv
3nrydGPbCpxkZ5NyJi5fpvwAcitWQxclc1slqLo6tH+BZGlsLjmOudvYgxlcpTLE
IIq7Vm8K+bMHWaMtuz4rPlelhmQCr54BNhEGCG7Ef9VBVSKPtDzumIarofLL/O7z
akMR5HDxinfN+kXEMx/eyMxgZG5qi+R1X6yno/fh4ke6WyG/qMt5rMApVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7YwuXFXX1017PbEXHdvHVc68jxMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvZnRqQzVjVmRmWFRYczlzUmNkMjhkVnpyeVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0yOMA0G
CSqGSIb3DQEBCwUAA4IBAQAlmU1y2ax8NYGJpWrJiw2FH0PIOmqGcMRI2NWlVi47
a9+IHU6pjQIZhc5Qnp2Z8Duwy8qXebZ8nK+d0p99EJBed9D895KjYLx4+Izp6dww
FDCOVfIolrROhDFyz5/21dZmAeICfU2mE7BJKv5bQFuIWubV8m8k9L+V4On58jKQ
7etaUitdytzz7Pw4rFlvblf2tnNpMs7QdoCKrVxVlfJN4wRNMpORVvBGRmv2mQDR
oKL7IFYCjWIwhwNjun6Gt8T4RJNMzIMYyJTGiyhtOy21mynYWM+B1tcVlaz7r/Br
gxP5HLVI3YtfXC3zFeE0Rox6fzwJ0UsVyCA1c+6/vVQD
-----END CERTIFICATE-----