Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/JsfneSVwVomMTAI7LSQA-0ELvJs.roa
File:                     JsfneSVwVomMTAI7LSQA-0ELvJs.roa (raw, json)
Hash identifier:          ijb9VpYjikVWB96kEd+Fm2MWIa66ydBL5EH/e5s0H8I=
Subject key identifier:   26:C7:E7:79:25:70:56:89:8C:4C:02:3B:2D:24:00:FB:41:0B:BC:9B
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019DD8632460A41601EDD6F6438E38382C11
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/JsfneSVwVomMTAI7LSQA-0ELvJs.roa
Signing time:             Wed 29 Apr 2026 08:37:49 +0000
ROA not before:           Wed 29 Apr 2026 08:37:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30058
IP address blocks:        87.76.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d8:63:24:60:a4:16:01:ed:d6:f6:43:8e:38:38:2c:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Apr 29 08:37:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=26c7e779257056898c4c023b2d2400fb410bbc9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e7:21:86:f8:4b:f4:e9:ef:74:f0:ec:49:19:
                    f1:79:d5:be:20:89:a2:3a:61:8d:4f:62:a6:82:6c:
                    ef:7c:11:54:06:d9:46:6b:2e:41:94:9d:36:2c:d3:
                    e8:27:41:69:a4:fc:72:8e:dd:80:93:e8:da:e0:b2:
                    d3:c7:c1:60:34:ed:ed:f8:ab:20:10:08:bb:bc:1f:
                    84:2f:21:4f:d4:30:29:4d:78:4d:e6:08:03:f8:1a:
                    10:35:ad:4d:4d:28:a3:7b:d6:65:66:6c:da:84:83:
                    14:18:fd:20:53:5c:cc:b9:a6:7b:13:e3:4d:e4:7b:
                    d6:e4:18:5a:15:08:b8:ef:54:94:41:f9:83:73:6a:
                    f3:83:ac:cb:d5:36:1e:38:46:db:24:1e:19:af:cf:
                    69:ce:f2:cb:78:22:ad:6c:a0:58:ae:20:f9:76:ff:
                    ee:dd:be:32:89:3a:69:74:26:00:45:8f:88:93:dc:
                    0b:a2:e7:7a:94:b4:66:c4:eb:4d:8f:72:96:e8:80:
                    2b:dd:a1:3a:c9:fa:5c:4b:09:e3:fd:c8:b1:62:74:
                    03:e1:27:5c:dd:ed:63:48:56:46:ff:b0:72:c9:13:
                    51:e3:d3:78:2e:c7:fb:e5:d4:e5:57:59:9e:36:f3:
                    a9:9f:74:f8:ab:8b:3d:84:08:d2:61:f0:b7:6a:21:
                    28:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:C7:E7:79:25:70:56:89:8C:4C:02:3B:2D:24:00:FB:41:0B:BC:9B
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/JsfneSVwVomMTAI7LSQA-0ELvJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:bf:b0:d2:96:ff:af:6c:53:82:88:92:9d:05:91:db:23:84:
         fd:5f:c3:5f:8d:c7:44:5e:d6:d1:6e:29:5c:b8:ac:c4:89:ac:
         f6:5f:e9:ee:6e:f1:d3:9d:06:93:ba:85:64:a3:9c:d5:0d:2b:
         4a:49:8e:87:3a:93:8f:f1:b1:51:4e:84:29:3b:cd:ed:fb:e2:
         29:75:80:d1:c7:02:e7:e5:e2:72:09:97:34:cd:8b:de:75:13:
         5a:92:09:d2:67:1d:eb:33:81:3d:7a:3b:9a:8f:31:c7:e0:55:
         18:32:0f:7a:6c:8b:a3:af:1b:4d:d5:2e:cc:14:92:ad:7f:c5:
         f3:54:96:63:d6:e9:bc:00:5a:d7:eb:67:af:47:89:57:cf:f8:
         46:20:1a:b9:88:de:c2:4e:6e:25:a4:6f:88:ca:d7:22:ae:ad:
         36:25:ff:6d:75:eb:7c:a2:cc:66:e4:47:a9:51:45:95:0f:74:
         40:00:83:a0:69:bd:cf:b2:31:55:79:b6:9c:d7:e7:c3:20:a8:
         ac:6b:01:88:22:b5:d1:65:e6:f2:b2:bf:37:47:a9:ab:94:2e:
         d8:fd:ea:44:aa:8c:b6:06:53:b5:e9:97:2f:91:8c:00:30:9d:
         74:db:56:52:d1:f4:57:b9:99:94:c6:db:91:8d:4e:c2:f1:47:
         e5:4a:09:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3YYyRgpBYB7db2Q444OCwRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNDI5MDgzNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmM3ZTc3OTI1NzA1Njg5OGM0YzAyM2IyZDI0MDBmYjQxMGJiYzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOchhvhL9OnvdPDsSRnxedW+IImi
OmGNT2KmgmzvfBFUBtlGay5BlJ02LNPoJ0FppPxyjt2Ak+ja4LLTx8FgNO3t+Ksg
EAi7vB+ELyFP1DApTXhN5ggD+BoQNa1NTSije9ZlZmzahIMUGP0gU1zMuaZ7E+NN
5HvW5BhaFQi471SUQfmDc2rzg6zL1TYeOEbbJB4Zr89pzvLLeCKtbKBYriD5dv/u
3b4yiTppdCYARY+Ik9wLoud6lLRmxOtNj3KW6IAr3aE6yfpcSwnj/cixYnQD4Sdc
3e1jSFZG/7ByyRNR49N4Lsf75dTlV1meNvOpn3T4q4s9hAjSYfC3aiEobQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbH53klcFaJjEwCOy0kAPtBC7ybMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvSnNmbmVTVndWb21NVEFJN0xTUUEtMEVMdkpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0y8MA0G
CSqGSIb3DQEBCwUAA4IBAQAUv7DSlv+vbFOCiJKdBZHbI4T9X8NfjcdEXtbRbilc
uKzEiaz2X+nubvHTnQaTuoVko5zVDStKSY6HOpOP8bFRToQpO83t++IpdYDRxwLn
5eJyCZc0zYvedRNakgnSZx3rM4E9ejuajzHH4FUYMg96bIujrxtN1S7MFJKtf8Xz
VJZj1um8AFrX62evR4lXz/hGIBq5iN7CTm4lpG+Iytcirq02Jf9tdet8osxm5Eep
UUWVD3RAAIOgab3PsjFVebac1+fDIKisawGIIrXRZebysr83R6mrlC7Y/epEqoy2
BlO16ZcvkYwAMJ1021ZS0fRXuZmUxtuRjU7C8UflSglZ
-----END CERTIFICATE-----