Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Zy4u8OQmpS--VuyxpTtEdgQj7u8.roa
File:                     Zy4u8OQmpS--VuyxpTtEdgQj7u8.roa (raw, json)
Hash identifier:          3tm5LplJNsUwv6QzEI2j7o9juIR/DbsW3Y8t7c94ZKY=
Subject key identifier:   67:2E:2E:F0:E4:26:A5:2F:BE:56:EC:B1:A5:3B:44:76:04:23:EE:EF
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019D1E9D000F94D7974E1BB8CDBAA62A4C48
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Zy4u8OQmpS--VuyxpTtEdgQj7u8.roa
Signing time:             Tue 24 Mar 2026 06:51:38 +0000
ROA not before:           Tue 24 Mar 2026 06:51:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17497
IP address blocks:        87.76.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1e:9d:00:0f:94:d7:97:4e:1b:b8:cd:ba:a6:2a:4c:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Mar 24 06:51:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=672e2ef0e426a52fbe56ecb1a53b44760423eeef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:5c:a8:0d:a0:47:4d:1f:66:db:43:cd:e2:6b:
                    3c:cf:ef:da:a9:b8:dc:e7:ac:31:cc:bd:6d:0c:67:
                    6e:1e:c6:6b:60:c0:53:70:c7:91:09:a6:87:2d:c1:
                    ab:a8:70:22:66:ac:ca:a1:d5:29:82:8d:4b:b2:b8:
                    78:89:03:4e:e0:43:4f:be:b4:42:f9:3e:18:30:70:
                    08:9d:57:d0:9f:52:dc:0b:5c:3e:ea:2a:2d:b8:7a:
                    6b:d6:b4:7b:e2:92:63:f1:f3:a3:ef:eb:2a:af:f8:
                    4b:42:27:63:6b:43:fe:ae:b8:fd:74:46:1b:40:dd:
                    85:44:b8:19:08:13:8d:4b:f5:c3:a7:a6:d2:79:65:
                    47:96:2c:44:66:0a:a6:08:e5:d9:a3:91:51:62:38:
                    ea:bf:2b:65:5c:93:0d:46:9c:c8:a0:dc:1a:13:ce:
                    fa:a9:fb:29:48:c1:14:d7:7d:8f:da:7b:b9:05:37:
                    0d:a3:86:b0:a7:30:50:92:b4:00:cf:6f:08:45:2f:
                    69:fc:73:d6:a1:49:b3:bb:0c:93:db:0b:3a:97:97:
                    a0:b6:c4:70:27:24:c9:24:ce:5e:3a:b7:05:d3:97:
                    de:2f:93:13:ca:25:71:37:e3:4a:79:ca:01:dc:34:
                    2e:89:c5:9a:67:22:28:8e:e1:df:bf:9d:e4:01:a1:
                    6a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:2E:2E:F0:E4:26:A5:2F:BE:56:EC:B1:A5:3B:44:76:04:23:EE:EF
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Zy4u8OQmpS--VuyxpTtEdgQj7u8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:5c:b4:29:b7:5e:7e:75:13:39:c0:18:50:6f:c7:c9:f5:1d:
         6a:cc:3a:3b:d2:3d:1d:22:66:c5:46:6d:1b:2b:6c:f2:97:9f:
         c8:12:81:ff:ca:c0:b4:58:19:b9:ab:66:9b:5f:17:24:5a:a1:
         b0:c5:d2:b2:89:9b:db:43:a2:e1:d1:5c:12:0e:12:3c:4c:c5:
         7f:eb:b0:e2:9d:34:b9:b9:9f:6f:0a:61:1a:36:be:ca:c1:b5:
         44:23:9f:65:0a:1b:6f:ae:87:8d:d9:3a:43:0c:30:88:2e:f9:
         75:5b:cb:22:7d:ba:08:9d:ec:d7:c1:4b:1e:12:41:09:b8:31:
         8f:54:1d:e7:0e:40:e0:98:4f:af:1a:26:82:fa:9d:e4:cd:08:
         dd:19:59:04:e2:bf:68:8f:ce:c2:ca:8d:d0:3b:71:4a:d2:8d:
         8c:af:2e:95:d4:02:56:51:19:a3:5d:d1:8e:5d:12:b1:6f:1b:
         44:12:f0:34:de:50:22:56:f9:7c:80:9c:d7:1c:a9:81:94:9b:
         18:f1:7d:bb:39:ae:32:18:b3:d7:26:49:71:08:92:67:a9:ae:
         bb:48:87:aa:7f:6f:2c:7a:99:86:70:1e:8d:2a:d2:49:4d:38:
         a9:c5:99:28:ac:71:2b:e9:2b:ed:f8:8a:68:46:c9:ad:e1:3e:
         57:da:9f:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0enQAPlNeXThu4zbqmKkxIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwMzI0MDY1MTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzJlMmVmMGU0MjZhNTJmYmU1NmVjYjFhNTNiNDQ3NjA0MjNlZWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2VyoDaBHTR9m20PN4ms8z+/aqbjc
56wxzL1tDGduHsZrYMBTcMeRCaaHLcGrqHAiZqzKodUpgo1Lsrh4iQNO4ENPvrRC
+T4YMHAInVfQn1LcC1w+6iotuHpr1rR74pJj8fOj7+sqr/hLQidja0P+rrj9dEYb
QN2FRLgZCBONS/XDp6bSeWVHlixEZgqmCOXZo5FRYjjqvytlXJMNRpzIoNwaE876
qfspSMEU132P2nu5BTcNo4awpzBQkrQAz28IRS9p/HPWoUmzuwyT2ws6l5egtsRw
JyTJJM5eOrcF05feL5MTyiVxN+NKecoB3DQuicWaZyIojuHfv53kAaFq+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcuLvDkJqUvvlbssaU7RHYEI+7vMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvWnk0dThPUW1wUy0tVnV5eHBUdEVkZ1FqN3U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0y6MA0G
CSqGSIb3DQEBCwUAA4IBAQAWXLQpt15+dRM5wBhQb8fJ9R1qzDo70j0dImbFRm0b
K2zyl5/IEoH/ysC0WBm5q2abXxckWqGwxdKyiZvbQ6Lh0VwSDhI8TMV/67DinTS5
uZ9vCmEaNr7KwbVEI59lChtvroeN2TpDDDCILvl1W8sifboInezXwUseEkEJuDGP
VB3nDkDgmE+vGiaC+p3kzQjdGVkE4r9oj87Cyo3QO3FK0o2Mry6V1AJWURmjXdGO
XRKxbxtEEvA03lAiVvl8gJzXHKmBlJsY8X27Oa4yGLPXJklxCJJnqa67SIeqf28s
epmGcB6NKtJJTTipxZkorHEr6Svt+IpoRsmt4T5X2p+s
-----END CERTIFICATE-----