Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/sozv7VGCsxdSPOcXi2-Gl7FbGmc.roa
File:                     sozv7VGCsxdSPOcXi2-Gl7FbGmc.roa (raw, json)
Hash identifier:          13eWjuGk6V+ukB57hpPW7WPtVKV78pxgLjs2HUAoi2k=
Subject key identifier:   B2:8C:EF:ED:51:82:B3:17:52:3C:E7:17:8B:6F:86:97:B1:5B:1A:67
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019E256157BABA9E3DA41A6F64B618B4BEAF
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/sozv7VGCsxdSPOcXi2-Gl7FbGmc.roa
Signing time:             Thu 14 May 2026 07:26:36 +0000
ROA not before:           Thu 14 May 2026 07:26:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150654
IP address blocks:        87.76.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:25:61:57:ba:ba:9e:3d:a4:1a:6f:64:b6:18:b4:be:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: May 14 07:26:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b28cefed5182b317523ce7178b6f8697b15b1a67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:64:ae:3e:3b:c2:1b:61:45:6d:04:44:8c:1e:
                    b4:8c:93:64:0f:b9:27:41:67:fd:34:93:c2:6b:53:
                    b7:4a:bf:50:75:3c:b1:db:84:c3:a2:74:48:b0:e1:
                    4d:5f:b4:da:51:71:21:a4:b1:19:42:b0:ab:c5:17:
                    94:6b:61:80:81:13:af:85:13:ea:9a:fd:15:a9:7e:
                    15:ce:39:78:18:ad:5a:6a:b3:f6:2e:95:f2:19:e7:
                    0b:6e:82:2c:9f:39:54:05:73:b4:7d:10:c9:8c:d8:
                    ee:1f:7e:7f:9c:3c:d5:2d:b6:9c:28:ab:5b:39:43:
                    da:1c:d8:d0:1f:27:5e:7d:cc:71:45:a3:72:d9:76:
                    3a:fd:b5:e9:2a:17:23:cf:92:b5:5b:82:44:6d:aa:
                    f0:4f:3f:35:d8:c4:e3:6a:ad:f8:a3:cf:71:fd:20:
                    fe:7d:e4:5e:5b:98:b2:9e:a1:f6:c5:4a:ad:73:02:
                    0d:55:56:a6:9a:a8:5f:e5:f9:10:a0:48:29:bd:cb:
                    3c:6d:bc:fa:ee:76:b2:32:9d:5b:2f:26:c0:e9:df:
                    d9:89:96:0f:fd:3a:e1:ba:07:18:0e:cc:fa:70:ec:
                    45:d6:ea:9b:2f:cf:03:40:c5:49:47:fc:d8:75:3a:
                    b4:b2:85:8c:99:43:7e:15:fc:cb:e5:a5:e2:d8:ef:
                    b2:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:8C:EF:ED:51:82:B3:17:52:3C:E7:17:8B:6F:86:97:B1:5B:1A:67
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/sozv7VGCsxdSPOcXi2-Gl7FbGmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:61:e8:90:4a:f1:6b:b5:c9:ed:0e:31:43:c6:fe:b2:2e:56:
         14:44:1b:08:19:8b:c6:e3:29:57:5d:9a:16:b6:ce:92:78:7a:
         0c:64:81:d4:a0:1b:4b:04:15:97:1f:d6:13:3e:fa:de:04:b1:
         57:49:a0:ec:40:2a:64:3d:70:33:1b:8d:26:84:b4:d6:c6:9b:
         31:49:57:84:49:a9:a1:91:3b:8d:83:01:bb:9a:ca:dd:a6:c8:
         98:80:c1:66:08:7c:92:15:c3:15:5b:86:7a:c1:bc:38:8f:bd:
         94:fc:09:ba:68:fb:f3:06:c9:54:7a:97:c0:81:8c:b0:54:c2:
         97:3a:d6:d2:4c:9b:0a:0e:7c:7b:30:13:d4:d5:60:c9:60:43:
         e7:52:5d:19:6c:b2:63:4d:c6:a7:16:1a:18:5b:28:13:d2:2e:
         db:78:d7:d9:90:6c:00:c3:c2:ed:e5:f9:b5:2d:8c:3a:04:d5:
         8c:73:dd:8e:d0:2e:f0:5e:c7:19:f2:f6:2d:12:de:8c:d9:f0:
         66:9e:62:ca:ce:77:52:67:1f:a6:b8:91:79:4f:28:17:4d:c1:
         82:3a:0e:61:59:2d:70:69:31:1c:48:af:28:32:80:6c:45:df:
         23:9d:8f:2f:4e:25:d8:a0:65:a9:41:25:b8:2f:87:4e:8d:92:
         13:42:a6:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4lYVe6up49pBpvZLYYtL6vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNTE0MDcyNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjhjZWZlZDUxODJiMzE3NTIzY2U3MTc4YjZmODY5N2IxNWIxYTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3mSuPjvCG2FFbQREjB60jJNkD7kn
QWf9NJPCa1O3Sr9QdTyx24TDonRIsOFNX7TaUXEhpLEZQrCrxReUa2GAgROvhRPq
mv0VqX4Vzjl4GK1aarP2LpXyGecLboIsnzlUBXO0fRDJjNjuH35/nDzVLbacKKtb
OUPaHNjQHydefcxxRaNy2XY6/bXpKhcjz5K1W4JEbarwTz812MTjaq34o89x/SD+
feReW5iynqH2xUqtcwINVVammqhf5fkQoEgpvcs8bbz67nayMp1bLybA6d/ZiZYP
/TrhugcYDsz6cOxF1uqbL88DQMVJR/zYdTq0soWMmUN+FfzL5aXi2O+yhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKM7+1RgrMXUjznF4tvhpexWxpnMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvc296djdWR0NzeGRTUE9jWGkyLUdsN0ZiR21jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0ylMA0G
CSqGSIb3DQEBCwUAA4IBAQBoYeiQSvFrtcntDjFDxv6yLlYURBsIGYvG4ylXXZoW
ts6SeHoMZIHUoBtLBBWXH9YTPvreBLFXSaDsQCpkPXAzG40mhLTWxpsxSVeESamh
kTuNgwG7msrdpsiYgMFmCHySFcMVW4Z6wbw4j72U/Am6aPvzBslUepfAgYywVMKX
OtbSTJsKDnx7MBPU1WDJYEPnUl0ZbLJjTcanFhoYWygT0i7beNfZkGwAw8Lt5fm1
LYw6BNWMc92O0C7wXscZ8vYtEt6M2fBmnmLKzndSZx+muJF5TygXTcGCOg5hWS1w
aTEcSK8oMoBsRd8jnY8vTiXYoGWpQSW4L4dOjZITQqbZ
-----END CERTIFICATE-----