Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/ADRzfCr8-nkR6lRMT7eQyQ5uz2c.roa
File:                     ADRzfCr8-nkR6lRMT7eQyQ5uz2c.roa (raw, json)
Hash identifier:          Zz8uOoQc0hbIxPblxdT0hBouk0wTSjJNAtxlR56BcEk=
Subject key identifier:   00:34:73:7C:2A:FC:FA:79:11:EA:54:4C:4F:B7:90:C9:0E:6E:CF:67
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       019C68944369E23928E2C5CFB6076C39BC9B
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/ADRzfCr8-nkR6lRMT7eQyQ5uz2c.roa
Signing time:             Mon 16 Feb 2026 22:31:12 +0000
ROA not before:           Mon 16 Feb 2026 22:31:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199785
IP address blocks:        77.91.76.0/22 maxlen: 24
                          91.209.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Feb 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:68:94:43:69:e2:39:28:e2:c5:cf:b6:07:6c:39:bc:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Feb 16 22:31:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0034737c2afcfa7911ea544c4fb790c90e6ecf67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:d8:10:05:3c:e7:d3:89:9e:f9:84:c2:b4:d4:
                    9f:78:6a:65:e5:d4:3d:2c:68:37:e2:8b:60:88:29:
                    b5:eb:86:65:7b:51:30:41:30:62:3f:f4:b0:80:37:
                    d4:5f:13:ee:7c:89:a0:01:b6:d8:e3:0a:a1:fc:be:
                    cf:91:1f:47:39:87:5d:34:c0:67:cb:c0:ab:81:56:
                    a6:25:97:8e:ef:9d:5f:e5:f7:8c:78:06:8b:1d:6d:
                    88:47:b9:29:75:fb:20:2e:c8:ee:09:9d:54:ad:3f:
                    94:c9:83:96:25:2a:76:58:5a:f8:6f:be:74:f9:28:
                    28:68:b6:d6:b3:9c:92:d9:20:69:f9:8e:46:bc:7f:
                    aa:8b:eb:da:de:3f:1b:82:c4:29:76:57:05:be:81:
                    91:ee:e7:6b:cf:f4:3c:b5:d6:1b:5f:54:cf:b0:d0:
                    b3:ee:49:9d:1a:3e:42:ca:b3:7d:5a:cd:13:4c:63:
                    c7:76:26:ea:a1:b5:80:0a:33:55:6b:48:38:2c:26:
                    41:81:06:d6:9e:33:28:b7:cb:2a:dc:15:2f:83:98:
                    86:39:90:36:4a:f9:f6:54:ac:bc:28:0f:60:9d:5f:
                    2f:c0:4a:28:3b:8f:b1:1c:06:b9:6c:bc:3e:65:2d:
                    e9:3f:9d:9e:9c:cd:a9:56:82:57:98:2b:e8:da:26:
                    2e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:34:73:7C:2A:FC:FA:79:11:EA:54:4C:4F:B7:90:C9:0E:6E:CF:67
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/ADRzfCr8-nkR6lRMT7eQyQ5uz2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.76.0/22
                  91.209.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:a9:ea:48:ec:c0:83:0e:70:99:8f:d6:c8:95:e7:22:5d:c2:
         f3:24:79:f1:06:7e:e7:5f:8f:79:54:0d:c4:06:d6:a7:05:3f:
         4b:24:c8:97:eb:ba:ed:2d:45:98:3a:7b:bf:5a:23:c6:87:61:
         08:8b:89:65:b1:6f:3d:2c:7b:23:c4:ba:74:e0:b1:5b:89:09:
         18:f7:c9:4e:1b:32:71:17:9a:8f:91:e7:56:c2:71:1b:61:5a:
         9f:2c:f8:a5:a0:8d:9b:57:58:cd:d4:9a:fa:82:64:01:7a:82:
         49:4a:37:a7:c5:8f:ed:aa:8d:a6:e1:de:c3:15:2b:f2:b4:4e:
         7a:76:1c:18:72:e8:ec:fb:68:03:4d:ef:24:cf:7a:30:88:c9:
         4e:57:8e:b3:2e:19:c8:2a:50:57:7f:1b:58:29:7f:64:a5:c1:
         f5:36:da:3b:82:45:2f:28:40:1b:66:7c:60:7f:6b:17:12:77:
         e3:a8:aa:b7:c8:86:a8:22:cf:28:78:e3:de:6f:98:6a:5c:2d:
         63:d2:d8:81:41:78:d5:e2:dc:4a:fb:d6:81:01:80:7c:50:d3:
         17:1b:61:5b:a4:6d:28:f3:f5:3a:fb:76:cb:f8:4d:67:36:f5:
         f4:9c:8b:0e:33:46:bb:c3:19:24:f1:95:b0:ae:e6:f3:ed:88:
         dc:38:36:72
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxolENp4jko4sXPtgdsObybMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjYwMjE2MjIzMTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDM0NzM3YzJhZmNmYTc5MTFlYTU0NGM0ZmI3OTBjOTBlNmVjZjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4NgQBTzn04me+YTCtNSfeGpl5dQ9
LGg34otgiCm164Zle1EwQTBiP/SwgDfUXxPufImgAbbY4wqh/L7PkR9HOYddNMBn
y8CrgVamJZeO751f5feMeAaLHW2IR7kpdfsgLsjuCZ1UrT+UyYOWJSp2WFr4b750
+SgoaLbWs5yS2SBp+Y5GvH+qi+va3j8bgsQpdlcFvoGR7udrz/Q8tdYbX1TPsNCz
7kmdGj5CyrN9Ws0TTGPHdibqobWACjNVa0g4LCZBgQbWnjMot8sq3BUvg5iGOZA2
Svn2VKy8KA9gnV8vwEooO4+xHAa5bLw+ZS3pP52enM2pVoJXmCvo2iYu6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAA0c3wq/Pp5EepUTE+3kMkObs9nMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvQURSemZDcjgtbmtSNmxSTVQ3ZVF5UTV1ejJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCTVtMAwQA
W9GHMA0GCSqGSIb3DQEBCwUAA4IBAQBZqepI7MCDDnCZj9bIleciXcLzJHnxBn7n
X495VA3EBtanBT9LJMiX67rtLUWYOnu/WiPGh2EIi4llsW89LHsjxLp04LFbiQkY
98lOGzJxF5qPkedWwnEbYVqfLPiloI2bV1jN1Jr6gmQBeoJJSjenxY/tqo2m4d7D
FSvytE56dhwYcujs+2gDTe8kz3owiMlOV46zLhnIKlBXfxtYKX9kpcH1Nto7gkUv
KEAbZnxgf2sXEnfjqKq3yIaoIs8oeOPeb5hqXC1j0tiBQXjV4txK+9aBAYB8UNMX
G2FbpG0o8/U6+3bL+E1nNvX0nIsOM0a7wxkk8ZWwrubz7YjcODZy
-----END CERTIFICATE-----