Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/VrNj0M4mnj9kzHEyGPdEmjmf84A.roa
File:                     VrNj0M4mnj9kzHEyGPdEmjmf84A.roa (raw, json)
Hash identifier:          w/kU1o4Kzikm46Sn/bHKUIH++Cjl6dziCYRmB6MDxqM=
Subject key identifier:   56:B3:63:D0:CE:26:9E:3F:64:CC:71:32:18:F7:44:9A:39:9F:F3:80
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019DBF4163499233618042374994B9F26356
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/VrNj0M4mnj9kzHEyGPdEmjmf84A.roa
Signing time:             Fri 24 Apr 2026 11:30:26 +0000
ROA not before:           Fri 24 Apr 2026 11:30:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9009
IP address blocks:        87.76.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bf:41:63:49:92:33:61:80:42:37:49:94:b9:f2:63:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Apr 24 11:30:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=56b363d0ce269e3f64cc713218f7449a399ff380
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:fb:4f:52:05:6d:40:7d:c9:73:b5:b0:96:38:
                    2f:a2:b2:b9:27:f2:6a:a3:27:e7:72:dd:db:eb:56:
                    61:ec:ca:e0:db:11:db:cb:3f:25:ab:30:ef:95:7e:
                    80:32:1c:5e:84:cc:dd:2d:7d:e6:3c:b8:db:23:3d:
                    41:ac:41:6a:b5:58:2f:72:51:bc:a0:02:80:90:50:
                    23:24:58:f8:93:02:a5:3b:34:9c:42:e8:5f:5d:12:
                    c6:7d:62:2c:90:27:59:1b:28:5b:30:46:db:7d:cf:
                    84:ff:55:11:4d:19:63:8c:ed:18:f3:cc:f6:54:1a:
                    15:c3:94:9b:5a:bc:ec:7f:b2:3e:61:d3:a2:41:a2:
                    82:c4:9c:15:66:11:ed:d2:32:ba:be:99:f6:80:0e:
                    db:fc:df:40:b4:ec:b5:3b:ef:bf:3a:1e:6d:52:fa:
                    3d:eb:54:69:13:df:e6:35:11:a4:d4:1e:46:d9:07:
                    c7:80:49:95:86:bf:d4:29:80:d0:3d:ea:07:9d:c6:
                    15:6a:6c:48:4c:0c:2c:ee:10:08:53:48:f7:01:f3:
                    9b:ba:94:81:ff:91:8d:51:19:b2:28:7b:da:c0:94:
                    c5:81:b8:93:33:32:45:e0:54:c3:cb:03:8f:03:c6:
                    cd:2e:a3:23:92:74:d0:15:5c:1a:16:a2:40:dd:57:
                    11:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:B3:63:D0:CE:26:9E:3F:64:CC:71:32:18:F7:44:9A:39:9F:F3:80
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/VrNj0M4mnj9kzHEyGPdEmjmf84A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:1a:6d:83:d6:99:b2:a9:cf:0a:20:67:90:05:51:49:23:54:
         d1:e6:4d:b3:71:c8:aa:51:c7:7f:13:d9:76:0f:d0:c6:d3:6c:
         22:4e:e6:5e:6e:d7:f6:cb:8a:26:0d:1a:35:83:59:30:be:65:
         75:1b:f3:4d:ff:95:ab:4f:b4:21:11:42:81:4f:31:7e:7d:a6:
         f7:34:01:94:16:e2:bd:de:c6:ce:b4:02:54:67:5f:83:57:0e:
         d8:1a:55:16:d9:51:2d:7e:eb:58:00:de:d5:c6:b7:59:67:d8:
         fd:1d:e9:13:8d:24:c2:bc:69:95:54:3f:8a:17:a5:b9:c2:6f:
         ed:b8:be:32:17:cd:b1:41:c2:88:ce:f9:11:76:31:69:1f:1b:
         89:35:f9:8e:52:be:98:15:90:06:4f:9f:37:bd:34:7f:62:b4:
         af:5e:43:2c:5a:4b:27:ae:47:97:f6:bc:b0:4d:22:eb:c6:ed:
         cb:a6:99:b6:99:6b:a6:c5:cc:a2:6e:1b:3e:ae:de:c5:30:ae:
         87:2c:cb:8b:6e:cd:b8:82:56:5c:73:e7:43:2a:c1:4e:93:e6:
         e3:09:8d:a5:d4:f4:b6:cd:34:35:6f:cc:b8:4b:ee:8d:77:db:
         17:22:29:a2:89:91:d6:d5:14:1c:e3:94:83:1a:fd:36:88:68:
         06:fc:0a:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2/QWNJkjNhgEI3SZS58mNWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNDI0MTEzMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmIzNjNkMGNlMjY5ZTNmNjRjYzcxMzIxOGY3NDQ5YTM5OWZmMzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ftPUgVtQH3Jc7WwljgvorK5J/Jq
oyfnct3b61Zh7Mrg2xHbyz8lqzDvlX6AMhxehMzdLX3mPLjbIz1BrEFqtVgvclG8
oAKAkFAjJFj4kwKlOzScQuhfXRLGfWIskCdZGyhbMEbbfc+E/1URTRljjO0Y88z2
VBoVw5SbWrzsf7I+YdOiQaKCxJwVZhHt0jK6vpn2gA7b/N9AtOy1O++/Oh5tUvo9
61RpE9/mNRGk1B5G2QfHgEmVhr/UKYDQPeoHncYVamxITAws7hAIU0j3AfObupSB
/5GNURmyKHvawJTFgbiTMzJF4FTDywOPA8bNLqMjknTQFVwaFqJA3VcRVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFazY9DOJp4/ZMxxMhj3RJo5n/OAMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvVnJOajBNNG1uajlrekhFeUdQZEVtam1mODRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0y5MA0G
CSqGSIb3DQEBCwUAA4IBAQAhGm2D1pmyqc8KIGeQBVFJI1TR5k2zcciqUcd/E9l2
D9DG02wiTuZebtf2y4omDRo1g1kwvmV1G/NN/5WrT7QhEUKBTzF+fab3NAGUFuK9
3sbOtAJUZ1+DVw7YGlUW2VEtfutYAN7VxrdZZ9j9HekTjSTCvGmVVD+KF6W5wm/t
uL4yF82xQcKIzvkRdjFpHxuJNfmOUr6YFZAGT583vTR/YrSvXkMsWksnrkeX9ryw
TSLrxu3Lppm2mWumxcyibhs+rt7FMK6HLMuLbs24glZcc+dDKsFOk+bjCY2l1PS2
zTQ1b8y4S+6Nd9sXIimiiZHW1RQc45SDGv02iGgG/Ao+
-----END CERTIFICATE-----