Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/k7kKv6wuSKhleW2ZaqCRlyTOnqg.roa
File:                     k7kKv6wuSKhleW2ZaqCRlyTOnqg.roa (raw, json)
Hash identifier:          vHAo540aOlLXcMUBuG2BeP/L+cRzc7W2l6L3IJqazT4=
Subject key identifier:   93:B9:0A:BF:AC:2E:48:A8:65:79:6D:99:6A:A0:91:97:24:CE:9E:A8
Certificate issuer:       /CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
Certificate serial:       019E6B3887021AAEC2C3144FFDAB94DD55B1
Authority key identifier: 4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/k7kKv6wuSKhleW2ZaqCRlyTOnqg.roa
Signing time:             Wed 27 May 2026 20:55:27 +0000
ROA not before:           Wed 27 May 2026 20:55:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56694
IP address blocks:        77.91.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 09:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6b:38:87:02:1a:ae:c2:c3:14:4f:fd:ab:94:dd:55:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
        Validity
            Not Before: May 27 20:55:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=93b90abfac2e48a865796d996aa0919724ce9ea8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f9:2e:11:90:fb:5b:aa:d4:3f:20:98:32:8d:
                    71:ae:23:1a:54:4c:47:e9:60:58:fe:c9:51:9b:91:
                    7f:20:7f:8f:df:ca:6d:5c:2a:9a:88:d5:99:7e:e0:
                    f2:7d:93:1b:c4:3e:01:ff:92:06:86:be:02:4d:f3:
                    ed:c8:b7:c7:6e:c1:b5:0a:a3:cf:3c:3c:76:fb:20:
                    02:77:00:83:e6:4c:7c:aa:b2:02:a7:7b:2f:87:c3:
                    a5:8d:2d:4c:c8:7c:0e:5c:df:18:59:a1:1c:0c:ef:
                    3d:86:01:d3:1d:65:b3:de:a7:d9:5f:cc:ff:e5:45:
                    b7:9a:06:94:b9:b8:9b:f2:bc:bd:1e:85:4e:62:79:
                    27:ef:4f:6a:b6:56:9c:b0:71:13:3f:d9:2b:39:ab:
                    39:5a:d9:9e:89:eb:2e:19:da:0b:d4:56:11:28:a9:
                    42:00:8e:cc:81:3e:e6:c0:16:92:7f:34:65:dc:4b:
                    1c:98:6f:68:f4:44:ac:10:ce:01:04:e4:9f:85:2c:
                    17:5e:21:d5:15:8a:e7:ff:fe:c5:cd:f5:a0:e1:b8:
                    52:64:50:5a:9d:8b:21:97:8e:a4:47:ca:ae:29:00:
                    92:cc:65:5f:a1:48:3a:77:c9:18:6d:be:02:f1:ca:
                    95:54:9b:28:48:53:11:56:17:cb:93:1d:6d:75:3d:
                    c5:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:B9:0A:BF:AC:2E:48:A8:65:79:6D:99:6A:A0:91:97:24:CE:9E:A8
            X509v3 Authority Key Identifier:
                keyid:4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/k7kKv6wuSKhleW2ZaqCRlyTOnqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:ae:8f:ea:4d:01:cf:48:46:64:27:14:7e:d1:f0:62:e6:4e:
         bb:b7:60:34:74:d2:15:bf:e8:5a:c5:69:11:21:e0:2a:60:21:
         34:34:40:f8:1e:7d:e6:f3:ea:ae:c7:6f:58:27:dd:b8:15:f6:
         83:03:86:c2:86:8f:17:41:09:2a:32:a2:a3:1c:42:62:35:e9:
         21:77:c3:98:e8:c3:ca:16:c2:c4:91:cf:b9:3f:8d:53:d3:66:
         5f:ed:47:a8:47:f5:0e:d8:ff:8b:7f:f4:90:ed:92:db:e9:65:
         65:a7:dc:2e:80:53:6c:b6:ee:c5:e0:4f:a4:71:7b:67:57:55:
         c8:2f:58:57:4d:6b:47:a6:63:33:ec:07:35:fe:24:e3:1b:1f:
         c3:62:c7:46:81:93:78:bf:a8:ac:73:25:ea:05:a7:54:57:4d:
         09:65:df:23:ba:b6:6f:78:5f:3d:1f:e5:02:f8:87:b4:ca:40:
         66:fe:43:c1:dd:97:40:7b:66:0e:3f:94:a0:98:5b:04:83:45:
         fc:03:b3:7e:63:2b:9a:6d:6f:54:14:02:23:8e:8b:70:e8:e1:
         01:66:86:43:bb:70:bd:e4:a5:b4:78:05:1e:32:b7:bd:ef:8b:
         90:7e:87:de:13:5b:01:0d:e7:17:78:4b:f5:17:89:31:bb:11:
         ec:56:ba:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5rOIcCGq7CwxRP/auU3VWxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMmQzMGIwMTVlYzRlZjFiMGQzYzY0MzQ3YzhkMWI1OTgy
OTNmODEwHhcNMjYwNTI3MjA1NTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2I5MGFiZmFjMmU0OGE4NjU3OTZkOTk2YWEwOTE5NzI0Y2U5ZWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPkuEZD7W6rUPyCYMo1xriMaVExH
6WBY/slRm5F/IH+P38ptXCqaiNWZfuDyfZMbxD4B/5IGhr4CTfPtyLfHbsG1CqPP
PDx2+yACdwCD5kx8qrICp3svh8OljS1MyHwOXN8YWaEcDO89hgHTHWWz3qfZX8z/
5UW3mgaUubib8ry9HoVOYnkn709qtlacsHETP9krOas5WtmeiesuGdoL1FYRKKlC
AI7MgT7mwBaSfzRl3EscmG9o9ESsEM4BBOSfhSwXXiHVFYrn//7FzfWg4bhSZFBa
nYshl46kR8quKQCSzGVfoUg6d8kYbb4C8cqVVJsoSFMRVhfLkx1tdT3F9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJO5Cr+sLkioZXltmWqgkZckzp6oMB8GA1UdIwQY
MBaAFE8tMLAV7E7xsNPGQ0fI0bWYKT+BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjkt
NDM1MWJiZjc0YzBjLzEvazdrS3Y2d3VTS2hsZVcyWmFxQ1JseVRPbnFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjktNDM1MWJiZjc0YzBj
LzEvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVtZMA0G
CSqGSIb3DQEBCwUAA4IBAQCyro/qTQHPSEZkJxR+0fBi5k67t2A0dNIVv+haxWkR
IeAqYCE0NED4Hn3m8+qux29YJ924FfaDA4bCho8XQQkqMqKjHEJiNekhd8OY6MPK
FsLEkc+5P41T02Zf7UeoR/UO2P+Lf/SQ7ZLb6WVlp9wugFNstu7F4E+kcXtnV1XI
L1hXTWtHpmMz7Ac1/iTjGx/DYsdGgZN4v6iscyXqBadUV00JZd8jurZveF89H+UC
+Ie0ykBm/kPB3ZdAe2YOP5SgmFsEg0X8A7N+YyuabW9UFAIjjotw6OEBZoZDu3C9
5KW0eAUeMre974uQfofeE1sBDecXeEv1F4kxuxHsVrqo
-----END CERTIFICATE-----