Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/9anljo1u38WRWdyUlNqYgyIsWkc.roa
File:                     9anljo1u38WRWdyUlNqYgyIsWkc.roa (raw, json)
Hash identifier:          njj9lvf50nQWay0CSc0j5wmaZyV9ulWW8W8UXJFVS5Y=
Subject key identifier:   F5:A9:E5:8E:8D:6E:DF:C5:91:59:DC:94:94:DA:98:83:22:2C:5A:47
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019CE6915908CBED045A292861068F018F47
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/9anljo1u38WRWdyUlNqYgyIsWkc.roa
Signing time:             Fri 13 Mar 2026 09:40:10 +0000
ROA not before:           Fri 13 Mar 2026 09:40:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26769
IP address blocks:        87.76.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e6:91:59:08:cb:ed:04:5a:29:28:61:06:8f:01:8f:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Mar 13 09:40:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f5a9e58e8d6edfc59159dc9494da9883222c5a47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:5e:ff:96:f7:7a:b8:98:ae:cb:74:62:3a:c8:
                    9f:72:24:cf:65:a4:c6:80:17:d7:48:b1:3e:76:f0:
                    ee:7f:40:60:4b:78:c8:7d:8c:a0:0d:a1:38:dd:98:
                    df:9e:92:d5:83:32:16:03:bc:56:54:b8:a2:19:9a:
                    01:0b:df:c8:a0:7d:f5:9a:6b:c4:6f:fa:8d:0c:98:
                    56:9e:da:4a:e7:42:12:09:88:0b:e4:20:9c:2c:a8:
                    8a:2b:ea:13:98:33:84:f4:94:8c:54:33:2b:f7:69:
                    4a:96:55:6f:30:0d:5f:39:e0:74:ca:ed:d2:f3:65:
                    b0:4c:94:e9:0d:cb:52:91:0a:8c:cb:c7:92:08:01:
                    7f:9b:34:d8:10:04:23:4b:67:0c:73:4e:37:44:a0:
                    b0:84:0b:5f:3c:92:d5:83:ee:84:e8:c7:34:63:d3:
                    a4:ea:91:90:86:3e:8e:b3:22:67:29:82:2c:8d:bd:
                    0b:b3:af:93:8b:82:b5:e6:e0:b7:4b:e3:d9:63:15:
                    75:de:c2:0c:79:4a:cd:cb:5d:f3:fb:95:fb:4c:4e:
                    d5:8f:5c:6c:37:75:31:c2:3b:08:3f:5b:70:a4:71:
                    94:17:da:d8:85:a7:98:13:bc:84:81:4a:b4:15:9a:
                    5e:3d:15:57:6a:f1:c7:81:0f:2a:e2:03:73:3f:8f:
                    71:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:A9:E5:8E:8D:6E:DF:C5:91:59:DC:94:94:DA:98:83:22:2C:5A:47
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/9anljo1u38WRWdyUlNqYgyIsWkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:e9:8b:34:fc:21:f1:36:97:2b:e4:34:3c:45:43:0c:7a:fa:
         ac:cf:fb:b8:72:91:03:49:f3:1d:b3:35:cb:95:d0:a5:ef:22:
         23:94:42:ce:06:95:c1:23:60:bb:2f:07:53:15:6d:f0:7e:63:
         d2:df:d5:10:2d:b3:a2:09:fe:60:89:83:13:22:8e:21:a2:f2:
         c3:12:0f:3d:7d:e6:0a:55:aa:5b:7a:3e:5e:47:b7:d3:0e:24:
         55:bb:28:b2:cf:f8:71:04:01:14:ca:03:ab:fd:e4:3b:17:1b:
         d3:03:3e:51:dc:97:69:9a:1a:8b:4c:f2:31:65:26:e0:a1:07:
         34:02:bc:c4:d2:93:84:38:7c:7e:8b:ba:af:9d:9c:ca:15:db:
         c5:70:34:88:ef:c8:a3:0d:8e:cf:70:a0:26:cd:97:50:ff:be:
         7f:0a:52:05:59:6d:8b:0d:37:c0:60:8f:c7:b1:3e:ec:01:65:
         f2:76:f6:5c:3d:37:df:6c:61:f0:a1:20:dc:19:c7:71:ab:2c:
         cd:9f:c4:22:16:69:be:d4:e6:0a:99:c3:3e:d4:ca:46:a8:b1:
         b8:ae:d8:28:46:e1:5d:fd:6e:af:73:b5:16:1c:a1:ed:d5:68:
         74:3a:a6:cb:6b:ec:5b:42:9c:c9:63:5c:23:e9:9e:b6:e0:c7:
         24:d6:4d:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzmkVkIy+0EWikoYQaPAY9HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwMzEzMDk0MDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWE5ZTU4ZThkNmVkZmM1OTE1OWRjOTQ5NGRhOTg4MzIyMmM1YTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl17/lvd6uJiuy3RiOsifciTPZaTG
gBfXSLE+dvDuf0BgS3jIfYygDaE43ZjfnpLVgzIWA7xWVLiiGZoBC9/IoH31mmvE
b/qNDJhWntpK50ISCYgL5CCcLKiKK+oTmDOE9JSMVDMr92lKllVvMA1fOeB0yu3S
82WwTJTpDctSkQqMy8eSCAF/mzTYEAQjS2cMc043RKCwhAtfPJLVg+6E6Mc0Y9Ok
6pGQhj6OsyJnKYIsjb0Ls6+Ti4K15uC3S+PZYxV13sIMeUrNy13z+5X7TE7Vj1xs
N3UxwjsIP1twpHGUF9rYhaeYE7yEgUq0FZpePRVXavHHgQ8q4gNzP49xfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWp5Y6Nbt/FkVnclJTamIMiLFpHMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvOWFubGpvMXUzOFdSV2R5VWxOcVlneUlzV2tjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0zcMA0G
CSqGSIb3DQEBCwUAA4IBAQCa6Ys0/CHxNpcr5DQ8RUMMevqsz/u4cpEDSfMdszXL
ldCl7yIjlELOBpXBI2C7LwdTFW3wfmPS39UQLbOiCf5giYMTIo4hovLDEg89feYK
Vapbej5eR7fTDiRVuyiyz/hxBAEUygOr/eQ7FxvTAz5R3JdpmhqLTPIxZSbgoQc0
ArzE0pOEOHx+i7qvnZzKFdvFcDSI78ijDY7PcKAmzZdQ/75/ClIFWW2LDTfAYI/H
sT7sAWXydvZcPTffbGHwoSDcGcdxqyzNn8QiFmm+1OYKmcM+1MpGqLG4rtgoRuFd
/W6vc7UWHKHt1Wh0OqbLa+xbQpzJY1wj6Z624Mck1k2y
-----END CERTIFICATE-----