Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/9D5WwjKLKWgOIgPanR8axjhLcU4.roa
File:                     9D5WwjKLKWgOIgPanR8axjhLcU4.roa (raw, json)
Hash identifier:          ZLdDEz7U/sFImJ7TRS2LLSrQd9lNXvIbMcJRDgvz3sA=
Subject key identifier:   F4:3E:56:C2:32:8B:29:68:0E:22:03:DA:9D:1F:1A:C6:38:4B:71:4E
Certificate issuer:       /CN=df895a3ee2211b6ee2df7202f09a426680d66269
Certificate serial:       019E9723DC05B2199F7DA34FCC01775CEBEB
Authority key identifier: DF:89:5A:3E:E2:21:1B:6E:E2:DF:72:02:F0:9A:42:66:80:D6:62:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/9D5WwjKLKWgOIgPanR8axjhLcU4.roa
Signing time:             Fri 05 Jun 2026 09:36:10 +0000
ROA not before:           Fri 05 Jun 2026 09:36:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215102
IP address blocks:        77.105.132.0/24 maxlen: 24
                          77.105.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/34laPuIhG27i33IC8JpCZoDWYmk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/34laPuIhG27i33IC8JpCZoDWYmk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:97:23:dc:05:b2:19:9f:7d:a3:4f:cc:01:77:5c:eb:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df895a3ee2211b6ee2df7202f09a426680d66269
        Validity
            Not Before: Jun  5 09:36:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f43e56c2328b29680e2203da9d1f1ac6384b714e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:1e:20:fc:c9:08:cf:f7:10:75:3e:be:d0:dc:
                    2a:4f:4e:a0:40:ae:0f:54:62:60:b9:78:49:01:cf:
                    83:fe:df:f7:87:45:27:bb:bb:d0:ab:f9:a6:a5:78:
                    49:a2:94:64:05:d8:32:3a:00:7f:ae:9f:ac:d8:11:
                    94:20:59:fe:3f:69:49:b7:a4:b0:18:9d:f0:e0:d0:
                    d0:ad:35:06:8c:20:03:4e:1a:11:f3:45:f4:05:05:
                    50:62:88:60:86:0a:71:e4:24:d5:0b:80:7a:73:30:
                    91:eb:84:b9:bc:fa:65:bb:e8:58:59:d5:5f:2d:83:
                    7f:15:3f:7b:20:7d:99:2b:5c:18:1c:17:c9:1a:4d:
                    e9:c0:22:c7:da:cd:50:2e:93:e3:c2:59:9e:b2:98:
                    2e:e7:83:23:bd:df:e2:fb:cb:7f:fe:19:96:d9:6e:
                    ee:11:bc:2e:9e:b6:8a:6b:5f:1f:d2:9b:39:4f:a1:
                    f7:cf:f9:63:cc:07:39:9d:99:89:78:ce:ea:64:56:
                    e9:30:b9:7a:1a:d0:a7:88:d0:92:e4:44:90:d0:07:
                    0a:3a:39:38:b0:36:7f:46:50:a1:72:a8:cf:71:db:
                    7a:43:19:4f:30:96:1e:84:82:e2:30:f7:d5:fe:e3:
                    15:f1:db:c7:28:d1:db:24:ff:b3:f1:9e:ac:26:bc:
                    05:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:3E:56:C2:32:8B:29:68:0E:22:03:DA:9D:1F:1A:C6:38:4B:71:4E
            X509v3 Authority Key Identifier:
                keyid:DF:89:5A:3E:E2:21:1B:6E:E2:DF:72:02:F0:9A:42:66:80:D6:62:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/9D5WwjKLKWgOIgPanR8axjhLcU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/34laPuIhG27i33IC8JpCZoDWYmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.132.0/24
                  77.105.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:41:c3:80:5f:2d:db:6f:c1:dd:51:84:7c:44:0c:58:90:f1:
         80:8e:6d:14:67:e9:c5:8e:25:3b:ac:02:40:00:89:0a:c1:1d:
         82:0d:33:ff:bf:f3:67:8a:a2:d4:ae:30:c4:6a:4c:63:71:ca:
         4a:d8:f8:11:f8:ad:a3:c3:41:c5:d3:9b:86:2d:b3:8f:b9:36:
         aa:14:ec:2a:b0:1c:24:c5:ac:bd:f0:56:25:35:25:cc:8a:51:
         7f:5f:0c:08:28:d3:82:bb:08:80:c3:a0:06:e3:7c:c2:2f:03:
         ee:a0:82:9b:86:b0:c9:2a:b2:f9:be:fc:c1:37:74:b6:fa:af:
         3b:ff:5b:6f:9d:87:5b:9b:7e:e2:a2:7d:ce:12:f4:d2:a6:2c:
         71:42:67:93:02:7c:c4:00:32:41:6e:d1:06:12:16:2f:5b:7f:
         f1:7c:2d:f8:98:07:7b:72:4e:c3:f2:07:5a:af:8f:ef:9b:97:
         a0:a6:01:42:c2:6f:b3:b7:60:c2:17:e4:1a:9d:90:e3:ff:c5:
         86:6f:c9:46:09:97:76:ca:21:72:47:00:a6:6a:b4:4c:5b:a4:
         12:26:4f:29:d7:ed:95:a7:9b:7f:b3:b3:58:83:0a:75:6a:b3:
         4c:54:84:63:92:ce:db:66:d3:b6:74:3f:80:08:5b:8c:c2:fb:
         b9:8a:34:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6XI9wFshmffaNPzAF3XOvrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmODk1YTNlZTIyMTFiNmVlMmRmNzIwMmYwOWE0MjY2ODBk
NjYyNjkwHhcNMjYwNjA1MDkzNjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDNlNTZjMjMyOGIyOTY4MGUyMjAzZGE5ZDFmMWFjNjM4NGI3MTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0B4g/MkIz/cQdT6+0NwqT06gQK4P
VGJguXhJAc+D/t/3h0Unu7vQq/mmpXhJopRkBdgyOgB/rp+s2BGUIFn+P2lJt6Sw
GJ3w4NDQrTUGjCADThoR80X0BQVQYohghgpx5CTVC4B6czCR64S5vPplu+hYWdVf
LYN/FT97IH2ZK1wYHBfJGk3pwCLH2s1QLpPjwlmespgu54Mjvd/i+8t//hmW2W7u
EbwunraKa18f0ps5T6H3z/ljzAc5nZmJeM7qZFbpMLl6GtCniNCS5ESQ0AcKOjk4
sDZ/RlChcqjPcdt6QxlPMJYehILiMPfV/uMV8dvHKNHbJP+z8Z6sJrwFQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPQ+VsIyiyloDiID2p0fGsY4S3FOMB8GA1UdIwQY
MBaAFN+JWj7iIRtu4t9yAvCaQmaA1mJpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzRsYVB1SWhHMjdpMzNJQzhKcENab0RXWW1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8xYTcyYTctMjc3ZC00NGY1LTg3ZGUt
NzBiMmViZDUxNDM4LzEvOUQ1V3dqS0xLV2dPSWdQYW5SOGF4amhMY1U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8xYTcyYTctMjc3ZC00NGY1LTg3ZGUtNzBiMmViZDUxNDM4
LzEvMzRsYVB1SWhHMjdpMzNJQzhKcENab0RXWW1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATWmEAwQA
TWmGMA0GCSqGSIb3DQEBCwUAA4IBAQCaQcOAXy3bb8HdUYR8RAxYkPGAjm0UZ+nF
jiU7rAJAAIkKwR2CDTP/v/NniqLUrjDEakxjccpK2PgR+K2jw0HF05uGLbOPuTaq
FOwqsBwkxay98FYlNSXMilF/XwwIKNOCuwiAw6AG43zCLwPuoIKbhrDJKrL5vvzB
N3S2+q87/1tvnYdbm37ion3OEvTSpixxQmeTAnzEADJBbtEGEhYvW3/xfC34mAd7
ck7D8gdar4/vm5egpgFCwm+zt2DCF+QanZDj/8WGb8lGCZd2yiFyRwCmarRMW6QS
Jk8p1+2Vp5t/s7NYgwp1arNMVIRjks7bZtO2dD+ACFuMwvu5ijRJ
-----END CERTIFICATE-----