Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/SIanYXi3_Td_KBjzKBHJ7l1iE-Q.roa
File:                     SIanYXi3_Td_KBjzKBHJ7l1iE-Q.roa (raw, json)
Hash identifier:          Dal4pj3Xjjtf0SlnyAHbIFvMCSsx6mApd3Zdi3IhoXE=
Subject key identifier:   48:86:A7:61:78:B7:FD:37:7F:28:18:F3:28:11:C9:EE:5D:62:13:E4
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019D1729D1084BB040D752F5D48FDF6069B3
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/SIanYXi3_Td_KBjzKBHJ7l1iE-Q.roa
Signing time:             Sun 22 Mar 2026 20:08:29 +0000
ROA not before:           Sun 22 Mar 2026 20:08:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        87.76.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 17:19:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:17:29:d1:08:4b:b0:40:d7:52:f5:d4:8f:df:60:69:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Mar 22 20:08:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4886a76178b7fd377f2818f32811c9ee5d6213e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:4c:63:0a:d6:93:9d:c4:28:95:3a:73:39:a5:
                    26:00:1e:3d:ab:ff:f3:5b:98:36:2b:4a:26:ed:31:
                    a3:c3:6d:b0:9e:c7:b4:c6:49:2d:40:b1:75:ad:2f:
                    d0:04:ae:c1:04:c8:0b:c6:30:25:b0:49:f8:38:94:
                    f8:e6:9d:88:20:2e:17:c2:79:7a:4c:68:e9:95:33:
                    d4:f2:08:4f:ce:c8:17:16:75:19:13:9e:02:81:87:
                    f4:42:2f:f7:9f:3a:cb:bd:2f:c4:23:7c:c5:4e:39:
                    e1:d5:71:dd:f5:5b:11:e1:d8:96:a1:06:d5:b9:70:
                    cf:a9:ce:04:25:3b:aa:00:f6:bf:80:d8:96:87:06:
                    72:1d:5c:a6:bd:e0:4c:97:89:e4:05:71:29:55:e8:
                    fc:e9:78:d4:9c:a8:a1:35:fa:f4:a0:70:01:74:0e:
                    e3:13:45:3f:b2:65:c6:0d:62:87:fd:a0:68:12:9c:
                    aa:06:98:6f:ba:db:6d:62:1e:21:5b:65:32:d8:67:
                    6d:e4:44:27:28:ae:0a:48:4e:79:0a:0e:6a:e6:e2:
                    bf:48:ed:0c:1a:a3:54:10:df:68:a4:d7:46:93:47:
                    72:90:6a:9d:95:02:97:50:fe:7c:66:bb:8e:1b:7f:
                    ea:28:0c:d7:ec:d9:9f:d3:a5:a0:16:da:63:3a:88:
                    63:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:86:A7:61:78:B7:FD:37:7F:28:18:F3:28:11:C9:EE:5D:62:13:E4
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/SIanYXi3_Td_KBjzKBHJ7l1iE-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:59:d9:a0:cd:48:cd:ac:63:86:1c:e2:66:3a:41:bd:23:5f:
         3e:bd:0c:2e:ec:52:13:fe:87:6f:0f:53:c4:b5:9b:f0:02:31:
         db:d5:3c:4b:fd:79:b9:83:78:c8:e2:94:c1:b6:8e:a1:42:af:
         97:ce:44:2d:24:8c:f9:99:c2:5e:45:68:55:0d:2e:ee:f6:7d:
         bb:46:b3:11:21:65:60:86:5c:cd:f9:e6:a1:7b:53:d5:63:db:
         c2:c2:f9:13:6e:83:f6:37:63:0e:99:25:1d:95:10:14:5e:ac:
         76:f4:58:23:07:4e:a1:6e:91:1a:86:0e:68:56:8b:20:0c:a8:
         a8:1a:81:9d:01:b9:f6:33:88:a0:bc:b5:a9:bb:41:b2:57:cc:
         d3:79:86:4d:86:e4:5e:84:94:72:31:b2:61:7c:65:cd:e4:ff:
         1d:5e:64:a7:1c:11:12:5d:0d:dc:b6:6b:cb:ed:f7:2c:97:e6:
         ae:8b:75:09:ac:8e:e1:1a:15:82:0c:8b:7f:3b:74:52:6a:6b:
         43:7b:df:67:73:e2:c7:84:ef:0c:06:19:6b:81:f5:35:30:55:
         0b:f7:9e:b8:3b:02:7f:57:c5:8e:6c:2d:df:a4:bb:90:45:dc:
         a0:05:58:df:dc:75:cc:fd:7f:3d:58:f5:9b:8d:df:43:97:51:
         18:c2:43:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0XKdEIS7BA11L11I/fYGmzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwMzIyMjAwODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODg2YTc2MTc4YjdmZDM3N2YyODE4ZjMyODExYzllZTVkNjIxM2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUxjCtaTncQolTpzOaUmAB49q//z
W5g2K0om7TGjw22wnse0xkktQLF1rS/QBK7BBMgLxjAlsEn4OJT45p2IIC4Xwnl6
TGjplTPU8ghPzsgXFnUZE54CgYf0Qi/3nzrLvS/EI3zFTjnh1XHd9VsR4diWoQbV
uXDPqc4EJTuqAPa/gNiWhwZyHVymveBMl4nkBXEpVej86XjUnKihNfr0oHABdA7j
E0U/smXGDWKH/aBoEpyqBphvutttYh4hW2Uy2Gdt5EQnKK4KSE55Cg5q5uK/SO0M
GqNUEN9opNdGk0dykGqdlQKXUP58ZruOG3/qKAzX7Nmf06WgFtpjOohj8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEiGp2F4t/03fygY8ygRye5dYhPkMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvU0lhbllYaTNfVGRfS0JqektCSEo3bDFpRS1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0y9MA0G
CSqGSIb3DQEBCwUAA4IBAQA1WdmgzUjNrGOGHOJmOkG9I18+vQwu7FIT/odvD1PE
tZvwAjHb1TxL/Xm5g3jI4pTBto6hQq+XzkQtJIz5mcJeRWhVDS7u9n27RrMRIWVg
hlzN+eahe1PVY9vCwvkTboP2N2MOmSUdlRAUXqx29FgjB06hbpEahg5oVosgDKio
GoGdAbn2M4igvLWpu0GyV8zTeYZNhuRehJRyMbJhfGXN5P8dXmSnHBESXQ3ctmvL
7fcsl+aui3UJrI7hGhWCDIt/O3RSamtDe99nc+LHhO8MBhlrgfU1MFUL9564OwJ/
V8WObC3fpLuQRdygBVjf3HXM/X89WPWbjd9Dl1EYwkPA
-----END CERTIFICATE-----