Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/D8MTwdqOGoqiadxznmbc58GGyCw.roa
File:                     D8MTwdqOGoqiadxznmbc58GGyCw.roa (raw, json)
Hash identifier:          hWg4hQ21GnKD+Kub0XusadCxYjYanrHdJMGDk68zWQI=
Subject key identifier:   0F:C3:13:C1:DA:8E:1A:8A:A2:69:DC:73:9E:66:DC:E7:C1:86:C8:2C
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019CC9BC9C80384FA8D9C73849E4BD45A672
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/D8MTwdqOGoqiadxznmbc58GGyCw.roa
Signing time:             Sat 07 Mar 2026 19:18:27 +0000
ROA not before:           Sat 07 Mar 2026 19:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212053
IP address blocks:        87.76.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c9:bc:9c:80:38:4f:a8:d9:c7:38:49:e4:bd:45:a6:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Mar  7 19:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0fc313c1da8e1a8aa269dc739e66dce7c186c82c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:5b:81:4e:0d:53:b5:5a:05:40:1e:a7:3e:a3:
                    6f:35:8c:28:2c:b3:21:24:61:7b:99:4f:4e:69:1d:
                    4b:c3:17:8a:ae:89:4c:cc:3b:d8:94:36:93:46:4e:
                    9a:b9:75:4c:c2:1b:ea:2e:62:2c:17:70:22:e3:dc:
                    38:5c:42:c1:c4:74:3f:42:57:ae:a6:02:44:5b:22:
                    8c:76:d5:2e:33:cd:2f:39:d7:d3:4e:87:79:15:5b:
                    40:c5:d0:7f:b8:90:48:c5:76:57:60:3d:92:c2:dd:
                    94:48:93:6c:11:93:5b:e4:61:59:c4:cf:b3:11:e0:
                    a0:55:30:e3:93:71:60:78:65:99:a6:ba:7a:14:33:
                    f6:fa:78:85:d0:28:c1:2e:99:cc:96:ea:26:b3:fc:
                    20:65:51:3d:95:60:9b:b4:a4:9e:f0:1a:28:17:c6:
                    62:9a:28:31:42:4b:d4:77:ee:42:8e:59:6c:ea:b9:
                    1e:53:2b:5a:5c:89:53:96:be:67:67:50:ec:64:19:
                    01:10:49:21:e9:73:d2:ba:24:1c:9f:f1:14:6e:2f:
                    78:25:80:2a:d3:f0:2c:23:0d:d7:db:ff:5b:f4:59:
                    43:f5:ab:72:fb:12:c3:62:62:41:ad:8d:52:31:57:
                    13:d4:c6:c2:18:11:76:c0:6e:cc:59:e6:89:c5:b7:
                    35:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:C3:13:C1:DA:8E:1A:8A:A2:69:DC:73:9E:66:DC:E7:C1:86:C8:2C
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/D8MTwdqOGoqiadxznmbc58GGyCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:d1:99:34:7c:53:2e:cf:83:99:d1:37:7d:1d:98:c4:a3:a7:
         62:4f:ed:34:69:1a:f4:6b:d2:cc:be:c1:61:12:14:9c:73:17:
         e0:95:c6:70:00:3c:29:9e:ff:ab:b3:3b:6f:77:46:f1:ca:3e:
         a8:79:f7:ac:c3:36:07:e1:46:b8:0f:68:b2:19:5c:d0:36:73:
         3b:30:63:32:29:7d:38:f8:2f:95:7c:ce:34:ea:69:92:91:4f:
         97:26:7e:2c:ab:b4:8c:82:03:cb:76:34:d1:15:29:80:79:d8:
         8b:2c:20:5c:57:f6:9d:d2:d7:c8:27:09:5f:05:78:fa:b0:ab:
         01:32:84:3a:4d:19:7d:2f:9d:6e:dd:03:d7:6d:cf:be:2b:c7:
         56:92:a0:c8:df:1f:b8:35:b4:6d:8a:53:b3:79:60:dc:95:ee:
         57:71:bf:f7:eb:fd:40:92:84:b1:22:26:28:aa:b3:ae:3b:5e:
         c7:5b:82:b7:d6:79:5d:11:f3:8f:82:8e:31:04:aa:a7:c1:1b:
         d4:16:7a:ec:31:df:f4:d7:c1:ae:d0:ea:b9:b9:de:12:11:b4:
         d9:ce:b5:f6:1b:69:5f:4e:ba:7b:b8:4a:d3:b1:8c:e2:c6:40:
         91:37:1f:c0:78:11:5b:12:77:5e:43:97:99:c5:43:8a:2a:03:
         62:bd:d3:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzJvJyAOE+o2cc4SeS9RaZyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwMzA3MTkxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmMzMTNjMWRhOGUxYThhYTI2OWRjNzM5ZTY2ZGNlN2MxODZjODJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFuBTg1TtVoFQB6nPqNvNYwoLLMh
JGF7mU9OaR1LwxeKrolMzDvYlDaTRk6auXVMwhvqLmIsF3Ai49w4XELBxHQ/Qleu
pgJEWyKMdtUuM80vOdfTTod5FVtAxdB/uJBIxXZXYD2Swt2USJNsEZNb5GFZxM+z
EeCgVTDjk3FgeGWZprp6FDP2+niF0CjBLpnMluoms/wgZVE9lWCbtKSe8BooF8Zi
migxQkvUd+5Cjlls6rkeUytaXIlTlr5nZ1DsZBkBEEkh6XPSuiQcn/EUbi94JYAq
0/AsIw3X2/9b9FlD9aty+xLDYmJBrY1SMVcT1MbCGBF2wG7MWeaJxbc1eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/DE8HajhqKomncc55m3OfBhsgsMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvRDhNVHdkcU9Hb3FpYWR4em5tYmM1OEdHeUN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0zTMA0G
CSqGSIb3DQEBCwUAA4IBAQB80Zk0fFMuz4OZ0Td9HZjEo6diT+00aRr0a9LMvsFh
EhSccxfglcZwADwpnv+rsztvd0bxyj6oefeswzYH4Ua4D2iyGVzQNnM7MGMyKX04
+C+VfM406mmSkU+XJn4sq7SMggPLdjTRFSmAediLLCBcV/ad0tfIJwlfBXj6sKsB
MoQ6TRl9L51u3QPXbc++K8dWkqDI3x+4NbRtilOzeWDcle5Xcb/36/1AkoSxIiYo
qrOuO17HW4K31nldEfOPgo4xBKqnwRvUFnrsMd/018Gu0Oq5ud4SEbTZzrX2G2lf
Trp7uErTsYzixkCRNx/AeBFbEndeQ5eZxUOKKgNivdMt
-----END CERTIFICATE-----