Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/mnp3oAaIPZXUjhu0LfLz55vGM9g.roa
File:                     mnp3oAaIPZXUjhu0LfLz55vGM9g.roa (raw, json)
Hash identifier:          Wkmkjnrix9W6pgytS1ue0b+wzGe8fPNw2Fovaz7mML4=
Subject key identifier:   9A:7A:77:A0:06:88:3D:95:D4:8E:1B:B4:2D:F2:F3:E7:9B:C6:33:D8
Certificate issuer:       /CN=e5e03354666c4cb2abfd51411eca5d524b0d5be5
Certificate serial:       019D242467FAC2D9D4AE046C07CA4C8E4933
Authority key identifier: E5:E0:33:54:66:6C:4C:B2:AB:FD:51:41:1E:CA:5D:52:4B:0D:5B:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/mnp3oAaIPZXUjhu0LfLz55vGM9g.roa
Signing time:             Wed 25 Mar 2026 08:37:38 +0000
ROA not before:           Wed 25 Mar 2026 08:37:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        87.232.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:24:67:fa:c2:d9:d4:ae:04:6c:07:ca:4c:8e:49:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5e03354666c4cb2abfd51411eca5d524b0d5be5
        Validity
            Not Before: Mar 25 08:37:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9a7a77a006883d95d48e1bb42df2f3e79bc633d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:94:33:d7:0d:fa:08:f9:a7:11:1d:eb:1e:84:
                    5e:b5:98:99:39:d8:b1:c7:fb:26:ba:7f:87:e6:d3:
                    17:e9:52:47:0a:4b:c3:f7:41:5a:23:68:18:ca:5c:
                    85:d2:42:3e:77:9d:2c:c0:57:6b:41:62:23:14:b6:
                    9e:ab:69:e7:00:fa:d4:b9:3b:6d:ac:11:5d:a0:70:
                    59:84:5e:b3:81:ae:8a:da:b2:63:c3:8a:36:92:a0:
                    d4:2a:83:93:f2:27:a4:22:bd:92:ea:1d:bc:2b:14:
                    41:cc:71:3a:ca:4d:51:e5:c8:e3:ee:0e:f6:65:02:
                    a7:04:53:6e:90:46:e8:2b:ea:c1:b4:da:fe:7b:f7:
                    8b:03:e9:61:60:e8:df:7b:94:61:47:26:89:dd:98:
                    b0:6d:c8:c7:8e:bc:cb:97:a9:fa:64:0d:2b:47:6e:
                    03:e0:08:a8:1e:ad:f7:ab:4e:31:32:74:14:f6:cb:
                    15:81:f4:e3:ee:b9:8a:fb:70:ba:b1:ae:ec:b1:06:
                    66:36:7a:bf:41:ae:5a:f3:d5:52:5b:b5:00:69:e1:
                    eb:68:68:74:3a:0a:42:75:64:c4:b8:c4:cb:d1:7d:
                    99:e3:5d:05:b3:ca:8e:b8:3a:ab:19:a9:85:fa:bf:
                    7f:89:fc:ae:23:c7:e8:2c:19:dc:57:3a:25:ea:9d:
                    c7:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:7A:77:A0:06:88:3D:95:D4:8E:1B:B4:2D:F2:F3:E7:9B:C6:33:D8
            X509v3 Authority Key Identifier:
                keyid:E5:E0:33:54:66:6C:4C:B2:AB:FD:51:41:1E:CA:5D:52:4B:0D:5B:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/mnp3oAaIPZXUjhu0LfLz55vGM9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:1a:d1:5b:d4:99:8f:8a:a1:ca:d7:1e:3c:04:7e:1f:96:0b:
         b0:0c:f6:74:6c:5f:fa:ee:a2:3a:3c:1c:c6:c8:52:4f:c8:7d:
         45:57:85:ef:53:3c:c2:22:93:d6:bf:70:45:c5:d0:11:8e:3a:
         c2:1e:46:ed:35:43:75:a9:c7:ee:06:20:fc:32:40:88:f9:76:
         07:90:89:f1:93:89:0c:52:f5:3b:62:88:3e:9a:cd:77:07:58:
         a8:76:6d:73:6c:8e:93:b3:66:66:03:87:c4:7e:c3:83:80:a4:
         c2:c0:2a:4d:1a:19:6c:dc:c3:40:51:f6:da:d4:e0:75:b0:bc:
         6a:b1:9f:1a:e8:a1:bf:a1:93:51:d0:44:89:ea:d0:86:21:60:
         2b:1e:42:b3:14:04:41:b4:ca:99:ed:64:73:e4:a8:2c:19:81:
         71:21:b8:4c:40:a0:16:35:5b:73:5d:95:06:c6:ea:d9:57:79:
         9f:e9:95:8d:12:4d:3e:0c:47:a5:91:13:4d:e9:19:65:97:bf:
         59:3f:1a:77:eb:83:99:fd:9f:2d:09:66:05:cd:71:15:62:fd:
         9b:99:37:5f:9c:04:6d:08:bb:ec:db:65:f1:f8:ae:95:7b:b4:
         58:69:6d:a4:4d:4f:17:90:e5:5c:74:d1:81:58:34:d2:fe:2a:
         9d:c9:09:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0kJGf6wtnUrgRsB8pMjkkzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZTAzMzU0NjY2YzRjYjJhYmZkNTE0MTFlY2E1ZDUyNGIw
ZDViZTUwHhcNMjYwMzI1MDgzNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTdhNzdhMDA2ODgzZDk1ZDQ4ZTFiYjQyZGYyZjNlNzliYzYzM2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5Qz1w36CPmnER3rHoRetZiZOdix
x/smun+H5tMX6VJHCkvD90FaI2gYylyF0kI+d50swFdrQWIjFLaeq2nnAPrUuTtt
rBFdoHBZhF6zga6K2rJjw4o2kqDUKoOT8iekIr2S6h28KxRBzHE6yk1R5cjj7g72
ZQKnBFNukEboK+rBtNr+e/eLA+lhYOjfe5RhRyaJ3ZiwbcjHjrzLl6n6ZA0rR24D
4AioHq33q04xMnQU9ssVgfTj7rmK+3C6sa7ssQZmNnq/Qa5a89VSW7UAaeHraGh0
OgpCdWTEuMTL0X2Z410Fs8qOuDqrGamF+r9/ifyuI8foLBncVzol6p3HlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJp6d6AGiD2V1I4btC3y8+ebxjPYMB8GA1UdIwQY
MBaAFOXgM1RmbEyyq/1RQR7KXVJLDVvlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWVBelZHWnNUTEtyX1ZGQkhzcGRVa3NOVy1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS85YjYyNWQtMGI2Mi00NWQ5LTk5ZWYt
NjBmYjBmOTE5OTdlLzEvbW5wM29BYUlQWlhVamh1MExmTHo1NXZHTTlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS85YjYyNWQtMGI2Mi00NWQ5LTk5ZWYtNjBmYjBmOTE5OTdl
LzEvNWVBelZHWnNUTEtyX1ZGQkhzcGRVa3NOVy1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hMMA0G
CSqGSIb3DQEBCwUAA4IBAQAtGtFb1JmPiqHK1x48BH4flguwDPZ0bF/67qI6PBzG
yFJPyH1FV4XvUzzCIpPWv3BFxdARjjrCHkbtNUN1qcfuBiD8MkCI+XYHkInxk4kM
UvU7Yog+ms13B1iodm1zbI6Ts2ZmA4fEfsODgKTCwCpNGhls3MNAUfba1OB1sLxq
sZ8a6KG/oZNR0ESJ6tCGIWArHkKzFARBtMqZ7WRz5KgsGYFxIbhMQKAWNVtzXZUG
xurZV3mf6ZWNEk0+DEelkRNN6Rlll79ZPxp364OZ/Z8tCWYFzXEVYv2bmTdfnARt
CLvs22Xx+K6Ve7RYaW2kTU8XkOVcdNGBWDTS/iqdyQlY
-----END CERTIFICATE-----