Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/NzvJC_KMleGhtmNpsqKr65nFwKw.roa
File:                     NzvJC_KMleGhtmNpsqKr65nFwKw.roa (raw, json)
Hash identifier:          xdkY4pIv1Ov6lhrcogUMNsybPzhiBPJCRk9I0apg674=
Subject key identifier:   37:3B:C9:0B:F2:8C:95:E1:A1:B6:63:69:B2:A2:AB:EB:99:C5:C0:AC
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019D151D38969F3CBA29BF89AD6624546173
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/NzvJC_KMleGhtmNpsqKr65nFwKw.roa
Signing time:             Sun 22 Mar 2026 10:35:29 +0000
ROA not before:           Sun 22 Mar 2026 10:35:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203997
IP address blocks:        87.76.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:15:1d:38:96:9f:3c:ba:29:bf:89:ad:66:24:54:61:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Mar 22 10:35:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=373bc90bf28c95e1a1b66369b2a2abeb99c5c0ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a6:4a:29:73:17:dd:3b:14:c6:94:0d:8f:a3:
                    99:db:25:06:45:a0:c4:fb:49:e4:ff:5e:cd:6d:04:
                    e1:d3:8a:a3:19:6f:0f:1f:4f:6e:0b:55:79:04:d3:
                    3d:c3:ef:e4:5c:00:08:ca:cf:92:e0:ac:55:c3:f0:
                    1a:a2:c2:bd:b8:d4:6a:95:34:10:60:ab:d4:62:03:
                    81:66:ae:9d:d1:53:5c:fa:51:a3:eb:80:7f:f4:25:
                    e5:47:44:1e:83:ab:8f:bd:93:db:7b:26:b8:29:a4:
                    00:6d:e7:4e:9d:56:73:0a:41:3f:0f:98:b6:f9:bb:
                    35:2e:63:a0:d6:cd:1b:14:c2:a5:8a:6c:fa:bc:91:
                    ab:66:70:43:f9:ff:88:fa:f8:2f:fd:66:ea:7d:1f:
                    c1:04:04:c2:02:66:be:59:7e:9d:b1:7a:99:d9:6f:
                    ae:fd:97:2a:b6:31:ef:19:7e:c3:d4:11:d8:54:9c:
                    aa:94:84:9d:f7:35:3c:24:64:5e:2f:88:af:55:24:
                    95:8a:fb:66:3c:92:ae:0c:c8:05:5f:de:90:b7:3f:
                    74:21:d9:ea:c3:2a:00:a6:92:79:18:c5:e5:a2:42:
                    48:da:e6:05:94:9a:be:af:c4:bb:cd:cd:d1:d8:c3:
                    7c:bf:6d:d4:18:ff:51:b5:a9:c0:f5:d8:d1:5a:37:
                    10:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:3B:C9:0B:F2:8C:95:E1:A1:B6:63:69:B2:A2:AB:EB:99:C5:C0:AC
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/NzvJC_KMleGhtmNpsqKr65nFwKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:bc:8b:96:6c:63:d2:70:96:b1:48:f2:09:75:9c:33:4e:15:
         6a:03:f9:20:c0:1e:86:14:29:79:a8:26:31:bf:96:35:3b:6c:
         45:67:d0:8c:49:13:63:a1:bc:2c:cc:3e:da:6e:17:72:8f:a3:
         35:f8:67:eb:d7:26:50:2c:25:84:b2:4f:75:49:28:1f:d1:49:
         7e:a5:df:2c:61:05:c2:4c:55:b6:a4:76:bb:11:f0:54:83:af:
         75:2b:08:a6:15:b3:94:9d:95:ed:08:d6:11:1c:0f:79:72:50:
         93:e1:2b:d1:bc:91:e5:21:92:b2:0a:f7:7e:56:e5:46:98:e9:
         6b:4d:53:78:9c:3d:bc:b0:16:42:31:18:d1:bf:8c:de:9d:61:
         8e:33:b5:6a:8b:f1:4c:b2:b5:43:39:fd:eb:67:af:bc:c3:87:
         fa:52:b7:8e:cf:2e:cd:a9:34:89:8a:b5:8e:12:cc:f5:26:68:
         1a:4a:0e:f1:7d:32:d9:b7:10:88:e3:5e:99:b2:b5:7e:a3:4a:
         ce:f2:ac:b2:24:cf:0c:a1:87:24:67:fa:8b:cd:04:fd:40:ce:
         d7:a4:7e:0a:03:e3:08:da:03:ef:ae:91:d8:28:45:63:83:cd:
         ec:10:cf:d8:34:a2:83:12:82:99:cb:e9:fa:6c:12:13:2a:05:
         18:db:1a:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0VHTiWnzy6Kb+JrWYkVGFzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwMzIyMTAzNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzNiYzkwYmYyOGM5NWUxYTFiNjYzNjliMmEyYWJlYjk5YzVjMGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaZKKXMX3TsUxpQNj6OZ2yUGRaDE
+0nk/17NbQTh04qjGW8PH09uC1V5BNM9w+/kXAAIys+S4KxVw/AaosK9uNRqlTQQ
YKvUYgOBZq6d0VNc+lGj64B/9CXlR0Qeg6uPvZPbeya4KaQAbedOnVZzCkE/D5i2
+bs1LmOg1s0bFMKlimz6vJGrZnBD+f+I+vgv/WbqfR/BBATCAma+WX6dsXqZ2W+u
/ZcqtjHvGX7D1BHYVJyqlISd9zU8JGReL4ivVSSVivtmPJKuDMgFX96Qtz90Idnq
wyoAppJ5GMXlokJI2uYFlJq+r8S7zc3R2MN8v23UGP9RtanA9djRWjcQDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDc7yQvyjJXhobZjabKiq+uZxcCsMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvTnp2SkNfS01sZUdodG1OcHNxS3I2NW5Gd0t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0y4MA0G
CSqGSIb3DQEBCwUAA4IBAQABvIuWbGPScJaxSPIJdZwzThVqA/kgwB6GFCl5qCYx
v5Y1O2xFZ9CMSRNjobwszD7abhdyj6M1+Gfr1yZQLCWEsk91SSgf0Ul+pd8sYQXC
TFW2pHa7EfBUg691KwimFbOUnZXtCNYRHA95clCT4SvRvJHlIZKyCvd+VuVGmOlr
TVN4nD28sBZCMRjRv4zenWGOM7Vqi/FMsrVDOf3rZ6+8w4f6UreOzy7NqTSJirWO
Esz1JmgaSg7xfTLZtxCI416ZsrV+o0rO8qyyJM8MoYckZ/qLzQT9QM7XpH4KA+MI
2gPvrpHYKEVjg83sEM/YNKKDEoKZy+n6bBITKgUY2xpw
-----END CERTIFICATE-----