Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/mY4APe6dnQIAI2Z7-yMIzF6du9o.roa
File:                     mY4APe6dnQIAI2Z7-yMIzF6du9o.roa (raw, json)
Hash identifier:          abuIwDXj1yFmqyagyiZ0FXwWFO8cX3ASNGbjSbHhv6E=
Subject key identifier:   99:8E:00:3D:EE:9D:9D:02:00:23:66:7B:FB:23:08:CC:5E:9D:BB:DA
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019E83800B0B69A1EA691490B50D069CEA9C
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/mY4APe6dnQIAI2Z7-yMIzF6du9o.roa
Signing time:             Mon 01 Jun 2026 14:04:27 +0000
ROA not before:           Mon 01 Jun 2026 14:04:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202532
IP address blocks:        87.76.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:80:0b:0b:69:a1:ea:69:14:90:b5:0d:06:9c:ea:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Jun  1 14:04:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=998e003dee9d9d020023667bfb2308cc5e9dbbda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ea:ca:9c:47:43:57:7d:a2:b2:31:6c:91:83:
                    7c:a1:25:ed:d0:c1:2e:5a:08:f3:46:9a:05:14:08:
                    d6:d3:0c:20:cc:5a:5f:20:65:4e:bf:40:d7:11:c0:
                    e5:19:24:2e:5c:b4:23:83:b4:c7:f9:17:40:db:50:
                    7c:e2:4d:59:6e:b3:cf:89:af:75:a0:07:06:ef:c9:
                    4e:64:06:40:f2:9b:41:b2:9c:5c:a1:b6:5f:dc:90:
                    e0:b6:2a:bc:05:40:52:0d:31:e4:f8:39:61:ba:e8:
                    72:df:a7:9a:49:10:a7:27:c9:8b:92:db:2f:e2:1a:
                    03:42:a2:c0:6d:a5:48:33:69:f1:1d:a8:89:5d:d8:
                    13:f5:ca:06:0e:24:2d:16:78:ce:e2:de:cc:05:2b:
                    4c:b6:f7:c7:99:8d:42:cb:11:36:0a:2f:1b:d2:28:
                    05:80:f7:9f:0c:d5:55:2f:e7:a4:81:fc:10:be:29:
                    67:b8:bd:c9:0b:3e:49:a1:e4:a2:22:29:79:c3:c1:
                    70:f2:49:cd:9d:d1:bd:29:a1:76:5b:9c:44:e2:da:
                    3e:6b:05:d5:d3:c9:4e:46:c8:10:25:a9:ba:79:c8:
                    df:e1:e2:6a:ea:73:23:50:31:07:33:8a:1f:25:09:
                    6c:a4:57:41:66:b6:11:e1:e0:a8:23:64:84:de:90:
                    27:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:8E:00:3D:EE:9D:9D:02:00:23:66:7B:FB:23:08:CC:5E:9D:BB:DA
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/mY4APe6dnQIAI2Z7-yMIzF6du9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:1a:07:a1:97:98:da:d2:ca:83:a2:cb:ba:32:c9:6f:de:c2:
         c6:15:e6:f8:79:f2:a8:c6:38:5b:8d:d1:d9:8d:8c:c3:ae:a6:
         05:81:d9:dc:0e:91:6c:5e:69:44:27:a3:c9:be:6f:35:c1:bd:
         f7:da:93:0d:c5:b3:c2:20:b3:3c:c5:76:67:f2:b0:04:8e:05:
         05:fb:85:a9:a1:c8:69:de:ae:fa:06:bc:19:90:41:9b:5c:65:
         20:99:45:68:d3:85:fe:ee:c4:d5:10:9a:39:d8:63:a0:e9:b3:
         65:a4:68:f0:2f:0a:2b:bb:8f:98:14:95:78:ce:2e:b8:8f:66:
         0e:39:62:c1:67:62:34:b4:4e:ab:c1:33:10:ce:4e:c7:b2:45:
         ad:bc:ab:fc:41:93:ad:51:b5:7e:02:e4:a3:d8:8a:1e:7b:04:
         30:2b:9c:cb:f1:d2:2d:e3:f9:51:e8:b3:05:c3:88:93:99:29:
         45:d3:a4:ca:4d:0a:03:81:64:18:e0:cb:e5:05:55:11:a3:e6:
         37:7a:2b:6c:11:e4:ee:be:c1:5c:42:e0:4a:22:60:de:23:c4:
         0d:1a:64:e3:69:2b:1f:6c:0d:a5:05:b5:73:5e:2c:36:d3:97:
         dd:b4:a1:22:22:b8:f4:f8:0b:3c:7b:6e:f1:54:11:57:11:9f:
         e5:cd:88:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6DgAsLaaHqaRSQtQ0GnOqcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNjAxMTQwNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OThlMDAzZGVlOWQ5ZDAyMDAyMzY2N2JmYjIzMDhjYzVlOWRiYmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAperKnEdDV32isjFskYN8oSXt0MEu
WgjzRpoFFAjW0wwgzFpfIGVOv0DXEcDlGSQuXLQjg7TH+RdA21B84k1ZbrPPia91
oAcG78lOZAZA8ptBspxcobZf3JDgtiq8BUBSDTHk+Dlhuuhy36eaSRCnJ8mLktsv
4hoDQqLAbaVIM2nxHaiJXdgT9coGDiQtFnjO4t7MBStMtvfHmY1CyxE2Ci8b0igF
gPefDNVVL+ekgfwQvilnuL3JCz5JoeSiIil5w8Fw8knNndG9KaF2W5xE4to+awXV
08lORsgQJam6ecjf4eJq6nMjUDEHM4ofJQlspFdBZrYR4eCoI2SE3pAntQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmOAD3unZ0CACNme/sjCMxenbvaMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvbVk0QVBlNmRuUUlBSTJaNy15TUl6RjZkdTlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0yiMA0G
CSqGSIb3DQEBCwUAA4IBAQA7Ggehl5ja0sqDosu6Mslv3sLGFeb4efKoxjhbjdHZ
jYzDrqYFgdncDpFsXmlEJ6PJvm81wb332pMNxbPCILM8xXZn8rAEjgUF+4Wpochp
3q76BrwZkEGbXGUgmUVo04X+7sTVEJo52GOg6bNlpGjwLworu4+YFJV4zi64j2YO
OWLBZ2I0tE6rwTMQzk7HskWtvKv8QZOtUbV+AuSj2IoeewQwK5zL8dIt4/lR6LMF
w4iTmSlF06TKTQoDgWQY4MvlBVURo+Y3eitsEeTuvsFcQuBKImDeI8QNGmTjaSsf
bA2lBbVzXiw205fdtKEiIrj0+As8e27xVBFXEZ/lzYjy
-----END CERTIFICATE-----