Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Z3tFdufgPl6EBqM83ZZTUlCsxeU.roa
File:                     Z3tFdufgPl6EBqM83ZZTUlCsxeU.roa (raw, json)
Hash identifier:          bg7JnMjL5ADxpVlyak0KcCSpMSEHMIGLxB84iGem6Ng=
Subject key identifier:   67:7B:45:76:E7:E0:3E:5E:84:06:A3:3C:DD:96:53:52:50:AC:C5:E5
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019D02018E87A3ABDEEA296E392EB8612537
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Z3tFdufgPl6EBqM83ZZTUlCsxeU.roa
Signing time:             Wed 18 Mar 2026 17:32:29 +0000
ROA not before:           Wed 18 Mar 2026 17:32:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214762
IP address blocks:        87.76.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:02:01:8e:87:a3:ab:de:ea:29:6e:39:2e:b8:61:25:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Mar 18 17:32:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=677b4576e7e03e5e8406a33cdd96535250acc5e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:39:2f:73:a9:7f:f0:fc:a0:9d:79:94:dc:5a:
                    30:b1:be:e9:44:31:4a:ca:17:75:1d:30:33:4b:03:
                    3e:0b:3a:70:de:c8:c5:b1:ba:32:e0:0b:18:64:32:
                    53:8e:b4:27:a4:b0:ae:0a:0d:7b:28:3d:c2:aa:0b:
                    6c:d1:9f:2b:fb:9b:05:cf:88:5f:df:24:46:7e:a7:
                    1d:da:92:b4:36:83:a1:82:c3:96:ce:d5:cc:46:7e:
                    04:22:59:70:6c:c2:38:9a:44:c1:cd:fa:eb:51:a5:
                    b2:bf:27:a9:b6:ba:e4:57:59:fe:2a:ac:fc:d7:7c:
                    62:1b:07:f8:8d:72:9d:03:9a:b9:09:3b:c7:f0:a5:
                    d4:98:14:52:e7:8c:aa:87:0d:db:0f:d7:87:b8:13:
                    77:9d:61:8b:48:4e:55:c4:f4:50:8b:2d:fa:40:20:
                    e8:7b:ed:55:e7:88:08:55:0d:68:18:fc:2b:e1:d8:
                    b2:42:99:60:5d:92:71:ca:b7:07:11:3a:38:0f:01:
                    0c:23:88:7b:15:75:9a:00:2a:a6:9d:46:73:fa:89:
                    a6:55:9e:4f:7c:a1:23:54:64:dc:91:32:c5:ba:6a:
                    de:1d:c0:88:56:98:4f:97:e6:21:79:1c:9c:59:36:
                    2f:10:c5:31:f3:db:2b:1a:8a:48:90:77:73:67:3d:
                    b5:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:7B:45:76:E7:E0:3E:5E:84:06:A3:3C:DD:96:53:52:50:AC:C5:E5
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Z3tFdufgPl6EBqM83ZZTUlCsxeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:5c:6d:b3:98:ae:52:ec:74:a7:d4:5d:84:fa:83:1e:a8:65:
         ab:91:39:a6:ed:95:bf:9c:83:b8:17:84:2a:7b:f2:13:0f:b6:
         82:3c:95:32:ab:25:b2:6c:77:74:f6:fc:55:ea:48:d8:da:ba:
         2d:77:20:76:21:df:0c:69:4b:e7:7a:b8:82:23:04:70:16:43:
         ab:e6:a2:33:65:55:b2:3d:4f:e6:80:ae:de:ea:1e:44:bd:e8:
         ef:02:25:2e:ba:e9:34:c6:aa:b3:13:b5:07:5a:41:5f:6b:45:
         fa:af:cd:d4:5c:45:2c:45:eb:14:99:02:c8:cb:98:2e:4c:fa:
         9e:9d:74:05:6d:2b:59:6a:a6:bc:59:d0:ce:07:36:cc:35:ed:
         1a:2f:3c:28:5c:96:a4:91:89:67:5d:7f:b0:77:a1:64:1d:96:
         42:72:60:55:0f:93:82:f7:70:97:20:f3:7f:d9:83:a6:dc:ff:
         04:95:a2:f1:8d:13:a0:d7:d9:ca:c6:e9:6b:0b:dd:c0:93:89:
         5b:d0:bb:1e:7d:9a:90:a9:c7:4f:74:b3:a9:0c:bc:8e:f4:a1:
         34:b3:2f:36:77:ea:e6:28:1e:96:e6:6a:1d:68:ff:f2:c3:fb:
         6c:98:19:72:29:43:1c:ce:bd:ca:b9:12:df:ef:f1:fb:9c:ce:
         75:93:09:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0CAY6Ho6ve6iluOS64YSU3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwMzE4MTczMjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzdiNDU3NmU3ZTAzZTVlODQwNmEzM2NkZDk2NTM1MjUwYWNjNWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjkvc6l/8PygnXmU3Fowsb7pRDFK
yhd1HTAzSwM+Czpw3sjFsboy4AsYZDJTjrQnpLCuCg17KD3Cqgts0Z8r+5sFz4hf
3yRGfqcd2pK0NoOhgsOWztXMRn4EIllwbMI4mkTBzfrrUaWyvyeptrrkV1n+Kqz8
13xiGwf4jXKdA5q5CTvH8KXUmBRS54yqhw3bD9eHuBN3nWGLSE5VxPRQiy36QCDo
e+1V54gIVQ1oGPwr4diyQplgXZJxyrcHETo4DwEMI4h7FXWaACqmnUZz+ommVZ5P
fKEjVGTckTLFumreHcCIVphPl+YheRycWTYvEMUx89srGopIkHdzZz21vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGd7RXbn4D5ehAajPN2WU1JQrMXlMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvWjN0RmR1ZmdQbDZFQnFNODNaWlRVbENzeGVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0zDMA0G
CSqGSIb3DQEBCwUAA4IBAQAoXG2zmK5S7HSn1F2E+oMeqGWrkTmm7ZW/nIO4F4Qq
e/ITD7aCPJUyqyWybHd09vxV6kjY2rotdyB2Id8MaUvneriCIwRwFkOr5qIzZVWy
PU/mgK7e6h5EvejvAiUuuuk0xqqzE7UHWkFfa0X6r83UXEUsResUmQLIy5guTPqe
nXQFbStZaqa8WdDOBzbMNe0aLzwoXJakkYlnXX+wd6FkHZZCcmBVD5OC93CXIPN/
2YOm3P8ElaLxjROg19nKxulrC93Ak4lb0LsefZqQqcdPdLOpDLyO9KE0sy82d+rm
KB6W5modaP/yw/tsmBlyKUMczr3KuRLf7/H7nM51kwk0
-----END CERTIFICATE-----