Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/xnb_q0bsSZmR8KW0Xofeds3-I6s.roa
File:                     xnb_q0bsSZmR8KW0Xofeds3-I6s.roa (raw, json)
Hash identifier:          RJ4MbpYF+/lgoK+ST29AdMZUMm6lesb+0MkFrW0PYxU=
Subject key identifier:   C6:76:FF:AB:46:EC:49:99:91:F0:A5:B4:5E:87:DE:76:CD:FE:23:AB
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019DF68E880A61551C2CB3948EDB4B014C59
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/xnb_q0bsSZmR8KW0Xofeds3-I6s.roa
Signing time:             Tue 05 May 2026 05:13:49 +0000
ROA not before:           Tue 05 May 2026 05:13:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8849
IP address blocks:        87.76.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f6:8e:88:0a:61:55:1c:2c:b3:94:8e:db:4b:01:4c:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: May  5 05:13:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c676ffab46ec499991f0a5b45e87de76cdfe23ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:40:66:47:ca:ad:46:9e:4e:24:71:13:ce:61:
                    01:ab:08:39:58:12:1c:01:9d:02:17:f9:ec:05:c7:
                    50:81:ae:3b:92:e5:3d:b2:52:cd:aa:5a:a5:9d:cb:
                    ab:55:c6:2e:e5:86:49:75:04:dc:e5:42:f9:c6:5d:
                    d1:f8:3e:4a:7e:25:d9:bb:48:3f:54:04:35:6c:cc:
                    94:ed:57:1b:93:d9:3b:85:20:62:b5:39:a8:5a:97:
                    7e:99:80:f4:d3:af:7d:08:b2:62:67:c6:8f:ba:b5:
                    e4:43:d2:3c:e3:52:c7:34:38:f2:5b:9a:d2:1e:eb:
                    a3:e2:ba:87:71:46:9e:cc:6f:10:91:9c:65:c5:8a:
                    38:f0:49:01:70:46:35:bb:f2:71:95:cb:c5:95:45:
                    13:5a:52:6d:c3:73:76:4b:f1:c0:ce:25:0e:af:dd:
                    f7:a9:d4:3d:63:ce:e8:3f:8a:fa:c2:43:40:41:28:
                    1c:4f:2a:e2:ac:8c:f6:28:8e:45:e0:10:1d:9a:74:
                    cb:31:53:2c:90:47:e3:53:a7:a7:7c:f6:2a:ad:09:
                    ad:e9:df:d0:6e:d9:b6:17:45:ce:74:23:f4:e1:ee:
                    7b:c6:93:2d:e5:b5:c9:8e:e9:fb:a7:10:91:a3:64:
                    8b:15:1f:11:29:d8:fa:27:fc:f5:23:59:d3:11:b1:
                    2f:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:76:FF:AB:46:EC:49:99:91:F0:A5:B4:5E:87:DE:76:CD:FE:23:AB
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/xnb_q0bsSZmR8KW0Xofeds3-I6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:93:b4:84:d1:c2:f3:a3:e9:e0:cf:ba:a1:3a:36:7a:91:d5:
         c8:bc:0c:00:00:90:a9:d7:17:82:26:64:6a:57:ef:41:54:e8:
         10:d7:60:b5:ca:2f:80:95:d6:68:74:8c:94:e5:0b:2a:a7:1b:
         c4:3b:be:c8:10:39:46:27:27:a4:d6:3b:66:16:5c:bb:62:40:
         ae:7a:8b:d3:7c:3a:cd:70:de:44:0c:9a:84:25:2c:33:eb:ba:
         99:63:8f:d3:79:57:94:fd:74:01:b9:cd:f3:de:74:3c:7a:a8:
         6b:bc:9d:92:36:cb:4d:fe:57:30:8d:72:bd:ee:05:54:ed:87:
         a5:9f:51:84:59:0e:0c:c2:be:46:21:5d:bd:fc:31:6f:8c:2f:
         c0:47:f5:7c:91:b7:05:de:ee:11:6c:fb:6f:3c:e3:5f:38:94:
         e9:cb:91:13:c1:e7:d8:4a:f0:53:eb:7b:0d:12:9a:a9:c3:69:
         6f:61:94:72:67:f0:70:a2:bf:57:1e:ba:07:ed:0b:bd:3b:9b:
         f5:43:4d:4e:64:a4:33:2f:03:d8:26:41:6d:77:a3:26:57:1e:
         ba:13:c3:76:7d:61:72:f3:b0:90:e9:8f:eb:f4:87:26:f2:0b:
         4b:39:bd:c7:2e:7b:d8:fd:c9:7c:27:a1:ee:e5:59:39:4d:61:
         1e:5b:71:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ32jogKYVUcLLOUjttLAUxZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNTA1MDUxMzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjc2ZmZhYjQ2ZWM0OTk5OTFmMGE1YjQ1ZTg3ZGU3NmNkZmUyM2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4UBmR8qtRp5OJHETzmEBqwg5WBIc
AZ0CF/nsBcdQga47kuU9slLNqlqlncurVcYu5YZJdQTc5UL5xl3R+D5KfiXZu0g/
VAQ1bMyU7Vcbk9k7hSBitTmoWpd+mYD00699CLJiZ8aPurXkQ9I841LHNDjyW5rS
Huuj4rqHcUaezG8QkZxlxYo48EkBcEY1u/JxlcvFlUUTWlJtw3N2S/HAziUOr933
qdQ9Y87oP4r6wkNAQSgcTyrirIz2KI5F4BAdmnTLMVMskEfjU6enfPYqrQmt6d/Q
btm2F0XOdCP04e57xpMt5bXJjun7pxCRo2SLFR8RKdj6J/z1I1nTEbEvrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZ2/6tG7EmZkfCltF6H3nbN/iOrMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEveG5iX3EwYnNTWm1SOEtXMFhvZmVkczMtSTZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0yAMA0G
CSqGSIb3DQEBCwUAA4IBAQAZk7SE0cLzo+ngz7qhOjZ6kdXIvAwAAJCp1xeCJmRq
V+9BVOgQ12C1yi+AldZodIyU5QsqpxvEO77IEDlGJyek1jtmFly7YkCueovTfDrN
cN5EDJqEJSwz67qZY4/TeVeU/XQBuc3z3nQ8eqhrvJ2SNstN/lcwjXK97gVU7Yel
n1GEWQ4Mwr5GIV29/DFvjC/AR/V8kbcF3u4RbPtvPONfOJTpy5ETwefYSvBT63sN
Epqpw2lvYZRyZ/Bwor9XHroH7Qu9O5v1Q01OZKQzLwPYJkFtd6MmVx66E8N2fWFy
87CQ6Y/r9Icm8gtLOb3HLnvY/cl8J6Hu5Vk5TWEeW3GY
-----END CERTIFICATE-----