Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/zKqnquuEn-McTEol5oGnIhYAmy0.roa
File:                     zKqnquuEn-McTEol5oGnIhYAmy0.roa (raw, json)
Hash identifier:          oCtvyo+fDE9JdHJIxhwHi/+Z9/aIRkF4L/I9VIjuKP0=
Subject key identifier:   CC:AA:A7:AA:EB:84:9F:E3:1C:4C:4A:25:E6:81:A7:22:16:00:9B:2D
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019CB3970AEC2EB41F66AA851B733C1BAE24
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/zKqnquuEn-McTEol5oGnIhYAmy0.roa
Signing time:             Tue 03 Mar 2026 12:05:46 +0000
ROA not before:           Tue 03 Mar 2026 12:05:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397067
IP address blocks:        87.76.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:97:0a:ec:2e:b4:1f:66:aa:85:1b:73:3c:1b:ae:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Mar  3 12:05:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ccaaa7aaeb849fe31c4c4a25e681a72216009b2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ad:f6:a3:0f:95:a3:25:6d:a2:2e:2b:d5:a1:
                    50:eb:80:1b:3b:c1:36:6d:9d:86:d3:a8:94:23:a6:
                    d4:7d:ac:b9:6b:37:2e:15:12:7a:ea:17:a6:1b:ef:
                    d7:ab:63:93:48:bb:80:26:c1:19:6e:47:75:1c:41:
                    a1:57:04:02:49:85:c7:8d:b1:7c:82:98:23:87:16:
                    80:37:c0:db:d4:89:9c:03:28:74:7a:15:49:fa:fe:
                    79:9e:05:99:bb:63:e9:3b:81:fc:2c:99:5e:43:42:
                    9c:f6:20:60:be:a9:29:d1:5f:2f:f3:91:60:bb:75:
                    6c:48:52:4e:5a:32:94:c0:c4:6c:00:5b:c6:3f:65:
                    95:82:d4:f3:28:d8:24:91:1d:aa:9d:88:93:de:2e:
                    d2:93:62:18:bb:7f:67:29:2f:66:dd:1f:65:ef:5f:
                    6d:f0:a6:52:78:74:32:17:8b:40:73:14:9a:af:7c:
                    82:64:31:05:5b:af:a1:8c:83:d6:7e:6c:08:2a:c8:
                    1d:3b:cd:d4:db:5e:2d:88:76:a4:81:82:45:e1:8e:
                    d8:28:79:98:38:bf:f9:8a:d3:fb:40:56:8f:81:47:
                    fc:68:47:b2:be:8e:bb:b8:2e:20:86:bf:24:98:41:
                    e5:d1:2e:6a:8e:f3:98:cf:7c:b0:3c:70:c0:09:e0:
                    3b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:AA:A7:AA:EB:84:9F:E3:1C:4C:4A:25:E6:81:A7:22:16:00:9B:2D
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/zKqnquuEn-McTEol5oGnIhYAmy0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:73:b8:30:0b:07:d0:2e:c3:e4:68:26:08:ab:20:6c:17:ca:
         7a:68:28:a1:2d:d2:ae:53:ba:16:72:a6:1a:21:fe:ae:e6:33:
         07:91:1a:1e:71:75:88:d1:d0:72:69:34:53:35:5c:1b:a2:50:
         fa:a4:f2:16:bc:45:ea:13:85:ca:10:b5:49:84:9a:39:59:40:
         23:d3:5a:94:e2:d6:95:02:c9:da:3a:89:06:35:46:10:dd:dd:
         06:f1:38:dd:ce:25:37:14:13:04:51:21:45:ee:86:bf:94:be:
         04:58:85:bb:c0:04:68:1b:c1:6d:b8:ca:1b:33:90:f3:bc:6c:
         5b:2b:f2:e5:1e:3d:2f:46:8c:12:82:9a:07:5c:69:cd:9c:e0:
         14:84:a2:73:7a:e8:58:eb:09:3a:9d:53:ef:23:7d:90:f7:af:
         00:db:9a:72:d3:eb:9e:6a:c4:61:9c:bb:4e:d6:9d:4a:86:19:
         24:f4:55:0d:8a:2f:eb:e3:8c:db:d3:9e:80:dd:67:d9:ed:14:
         6e:45:7b:f0:5a:e3:84:5d:e2:8a:b4:7f:e9:a7:b0:42:21:57:
         c3:cf:77:87:fd:26:ae:84:21:5a:14:03:34:0a:c5:d7:5d:34:
         1c:a1:c7:73:6f:d3:55:59:d3:9a:dc:5a:35:6c:b8:70:67:b4:
         16:70:82:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyzlwrsLrQfZqqFG3M8G64kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwMzAzMTIwNTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2FhYTdhYWViODQ5ZmUzMWM0YzRhMjVlNjgxYTcyMjE2MDA5YjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq632ow+VoyVtoi4r1aFQ64AbO8E2
bZ2G06iUI6bUfay5azcuFRJ66hemG+/Xq2OTSLuAJsEZbkd1HEGhVwQCSYXHjbF8
gpgjhxaAN8Db1ImcAyh0ehVJ+v55ngWZu2PpO4H8LJleQ0Kc9iBgvqkp0V8v85Fg
u3VsSFJOWjKUwMRsAFvGP2WVgtTzKNgkkR2qnYiT3i7Sk2IYu39nKS9m3R9l719t
8KZSeHQyF4tAcxSar3yCZDEFW6+hjIPWfmwIKsgdO83U214tiHakgYJF4Y7YKHmY
OL/5itP7QFaPgUf8aEeyvo67uC4ghr8kmEHl0S5qjvOYz3ywPHDACeA75wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMyqp6rrhJ/jHExKJeaBpyIWAJstMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvektxbnF1dUVuLU1jVEVvbDVvR25JaFlBbXkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0zSMA0G
CSqGSIb3DQEBCwUAA4IBAQB6c7gwCwfQLsPkaCYIqyBsF8p6aCihLdKuU7oWcqYa
If6u5jMHkRoecXWI0dByaTRTNVwbolD6pPIWvEXqE4XKELVJhJo5WUAj01qU4taV
AsnaOokGNUYQ3d0G8TjdziU3FBMEUSFF7oa/lL4EWIW7wARoG8FtuMobM5DzvGxb
K/LlHj0vRowSgpoHXGnNnOAUhKJzeuhY6wk6nVPvI32Q968A25py0+ueasRhnLtO
1p1Khhkk9FUNii/r44zb056A3WfZ7RRuRXvwWuOEXeKKtH/pp7BCIVfDz3eH/Sau
hCFaFAM0CsXXXTQcocdzb9NVWdOa3Fo1bLhwZ7QWcIK2
-----END CERTIFICATE-----