Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/rAJ9_5zEd3dmMjWOCjfsZFUyKPQ.roa
File:                     rAJ9_5zEd3dmMjWOCjfsZFUyKPQ.roa (raw, json)
Hash identifier:          DyTaBCznWg0kaPfdOOVudlJY7K+OhAqJ5CvIYLUzE9s=
Subject key identifier:   AC:02:7D:FF:9C:C4:77:77:66:32:35:8E:0A:37:EC:64:55:32:28:F4
Certificate issuer:       /CN=d4ce2bf0001cd430e9277fb00ed1abe51c0b5c7c
Certificate serial:       019CBD7FAC20F84501F82193A1C8575505D3
Authority key identifier: D4:CE:2B:F0:00:1C:D4:30:E9:27:7F:B0:0E:D1:AB:E5:1C:0B:5C:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/rAJ9_5zEd3dmMjWOCjfsZFUyKPQ.roa
Signing time:             Thu 05 Mar 2026 10:16:26 +0000
ROA not before:           Thu 05 Mar 2026 10:16:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        77.110.94.0/24 maxlen: 24
                          80.71.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 02:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bd:7f:ac:20:f8:45:01:f8:21:93:a1:c8:57:55:05:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4ce2bf0001cd430e9277fb00ed1abe51c0b5c7c
        Validity
            Not Before: Mar  5 10:16:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac027dff9cc477776632358e0a37ec64553228f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:30:7d:4c:7b:9e:a9:84:48:d3:21:00:54:7a:
                    ef:a0:69:bb:81:cf:6c:6b:c0:ae:41:f2:63:69:c3:
                    70:62:bd:d4:ce:3d:8a:41:1d:48:bc:da:0f:d9:6a:
                    f4:26:8f:84:e7:aa:5e:0f:8d:ec:6d:a6:ea:b5:37:
                    e9:94:d0:12:b7:aa:34:97:ed:f1:06:0e:61:af:11:
                    fe:5e:46:ae:ff:20:92:9c:c2:98:51:ff:f4:a7:0c:
                    2c:86:bd:ca:ff:74:ea:7a:c3:7f:3d:10:54:da:fe:
                    0f:fd:c4:ba:e7:ba:71:ae:af:65:46:ad:57:69:10:
                    cd:45:b8:ff:2c:99:a9:2d:12:3a:f2:1d:71:f0:c4:
                    5b:00:93:e5:b4:d7:94:07:c5:43:db:c8:c1:6a:fa:
                    df:59:06:18:44:e5:ba:36:57:1e:b2:8e:79:00:2f:
                    8a:53:da:a4:80:16:ea:9f:d7:a6:e8:49:7b:3c:d8:
                    a2:cd:ed:23:ac:7f:0c:dc:14:2f:27:7d:7e:8f:7e:
                    1f:db:95:ae:b9:f4:20:22:04:47:d2:e7:eb:9e:1e:
                    36:c2:d8:e3:31:76:9a:87:b3:71:72:72:26:8c:2a:
                    56:57:a7:0f:4e:fc:c2:6b:67:d7:9d:d4:91:50:24:
                    fc:2a:9d:26:a2:15:30:ae:33:39:58:e4:92:56:e3:
                    3f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:02:7D:FF:9C:C4:77:77:66:32:35:8E:0A:37:EC:64:55:32:28:F4
            X509v3 Authority Key Identifier:
                keyid:D4:CE:2B:F0:00:1C:D4:30:E9:27:7F:B0:0E:D1:AB:E5:1C:0B:5C:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/rAJ9_5zEd3dmMjWOCjfsZFUyKPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.110.94.0/24
                  80.71.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:ec:02:8a:5f:5b:1d:be:3d:72:1e:51:2e:d1:23:81:13:43:
         e3:8b:41:db:3b:8c:1b:18:07:a5:72:fb:cb:6d:06:86:b9:c4:
         3d:fc:21:bf:bd:f0:30:18:c3:c7:46:65:ec:3f:47:f4:a7:60:
         04:07:fb:66:2e:c6:c8:b3:b6:5a:62:42:5e:05:52:b7:10:79:
         12:74:f6:df:45:4b:b6:27:00:e5:aa:b5:fe:1d:a3:89:99:fe:
         2e:ab:ed:61:68:88:8c:6d:cd:f8:4d:5b:de:1f:98:35:84:cd:
         4d:70:91:8f:e7:95:d3:e9:20:75:da:23:b6:91:46:02:f4:84:
         88:2d:4d:40:83:e3:07:11:6d:b3:c3:f6:59:49:94:4e:ee:20:
         d8:e9:a1:e0:a4:3b:60:67:3b:a9:cb:0f:80:2d:8f:4a:46:47:
         e9:b0:a7:de:69:73:d0:a5:ae:ff:d8:b4:53:de:7b:08:61:b7:
         2d:01:ed:ea:ab:bd:7d:ab:13:6f:78:24:a1:ee:2d:70:89:52:
         8f:4e:86:04:21:9e:81:7b:50:95:42:63:2d:b2:81:06:88:25:
         b3:b7:19:fe:3c:b2:ab:b2:3f:e8:b4:be:67:82:e6:4f:87:5b:
         5b:a9:0e:72:24:30:2d:b9:2c:f7:69:11:06:4e:46:0a:20:96:
         2a:51:d6:d6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZy9f6wg+EUB+CGTochXVQXTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Y2UyYmYwMDAxY2Q0MzBlOTI3N2ZiMDBlZDFhYmU1MWMw
YjVjN2MwHhcNMjYwMzA1MTAxNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzAyN2RmZjljYzQ3Nzc3NjYzMjM1OGUwYTM3ZWM2NDU1MzIyOGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzB9THueqYRI0yEAVHrvoGm7gc9s
a8CuQfJjacNwYr3Uzj2KQR1IvNoP2Wr0Jo+E56peD43sbabqtTfplNASt6o0l+3x
Bg5hrxH+Xkau/yCSnMKYUf/0pwwshr3K/3TqesN/PRBU2v4P/cS657pxrq9lRq1X
aRDNRbj/LJmpLRI68h1x8MRbAJPltNeUB8VD28jBavrfWQYYROW6Nlceso55AC+K
U9qkgBbqn9em6El7PNiize0jrH8M3BQvJ31+j34f25WuufQgIgRH0ufrnh42wtjj
MXaah7NxcnImjCpWV6cPTvzCa2fXndSRUCT8Kp0mohUwrjM5WOSSVuM/IwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKwCff+cxHd3ZjI1jgo37GRVMij0MB8GA1UdIwQY
MBaAFNTOK/AAHNQw6Sd/sA7Rq+UcC1x8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU00cjhBQWMxRERwSjMtd0R0R3I1UndMWEh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9iYTBiZDMtYjM2NS00NDYxLThmZmEt
MWY1NDMxZTJhNWFmLzEvckFKOV81ekVkM2RtTWpXT0NqZnNaRlV5S1BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9iYTBiZDMtYjM2NS00NDYxLThmZmEtMWY1NDMxZTJhNWFm
LzEvMU00cjhBQWMxRERwSjMtd0R0R3I1UndMWEh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATW5eAwQA
UEeZMA0GCSqGSIb3DQEBCwUAA4IBAQAn7AKKX1sdvj1yHlEu0SOBE0Pji0HbO4wb
GAelcvvLbQaGucQ9/CG/vfAwGMPHRmXsP0f0p2AEB/tmLsbIs7ZaYkJeBVK3EHkS
dPbfRUu2JwDlqrX+HaOJmf4uq+1haIiMbc34TVveH5g1hM1NcJGP55XT6SB12iO2
kUYC9ISILU1Ag+MHEW2zw/ZZSZRO7iDY6aHgpDtgZzupyw+ALY9KRkfpsKfeaXPQ
pa7/2LRT3nsIYbctAe3qq719qxNveCSh7i1wiVKPToYEIZ6Be1CVQmMtsoEGiCWz
txn+PLKrsj/otL5nguZPh1tbqQ5yJDAtuSz3aREGTkYKIJYqUdbW
-----END CERTIFICATE-----