Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/RjEWq6ih6-2kfI0plendbaS8Y6w.roa
File:                     RjEWq6ih6-2kfI0plendbaS8Y6w.roa (raw, json)
Hash identifier:          2i+2TrldDE3Er0VIAbdcWVtXkE1ii9e0XPDWCNXu1QA=
Subject key identifier:   46:31:16:AB:A8:A1:EB:ED:A4:7C:8D:29:95:E9:DD:6D:A4:BC:63:AC
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       019EB888C0919A6883546AFC15B84FFD3060
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/RjEWq6ih6-2kfI0plendbaS8Y6w.roa
Signing time:             Thu 11 Jun 2026 21:13:50 +0000
ROA not before:           Thu 11 Jun 2026 21:13:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44094
IP address blocks:        77.91.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b8:88:c0:91:9a:68:83:54:6a:fc:15:b8:4f:fd:30:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Jun 11 21:13:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=463116aba8a1ebeda47c8d2995e9dd6da4bc63ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ab:8c:57:70:02:d8:5e:8f:ce:b3:a9:42:96:
                    a1:ea:98:4b:a7:de:0f:74:d8:0b:97:21:82:6d:c4:
                    1f:1f:3e:2e:2b:45:f1:87:eb:45:21:73:d6:80:2f:
                    6e:6c:df:e6:e9:b1:cd:be:12:50:ed:f9:43:7a:96:
                    4c:ec:b5:97:92:23:22:9b:79:7b:e7:c8:05:2c:d9:
                    71:fb:ae:51:ab:50:94:2d:6d:c5:f0:02:c2:e2:58:
                    ce:1b:ff:a3:d6:5a:4a:c6:42:ac:f7:19:d5:0f:32:
                    31:af:a9:78:39:b6:90:6c:45:15:de:85:91:9a:43:
                    d5:af:e8:b7:e1:44:00:07:aa:19:97:89:08:1a:45:
                    91:5f:95:f4:23:c8:2a:10:e4:f0:a8:38:e6:ae:e2:
                    1b:89:19:65:af:14:2a:ad:13:a3:f7:6d:54:a4:c5:
                    6d:39:9c:dd:f2:07:87:21:fd:4b:6a:ce:f8:55:31:
                    b9:46:e2:ab:fd:0f:77:2c:b4:22:93:1d:a7:5c:b7:
                    de:8d:56:9e:20:93:c3:ce:8a:77:ab:a7:58:8d:c0:
                    54:64:91:75:9e:12:a6:68:52:2b:a6:18:e4:31:1e:
                    a2:07:51:ab:3b:3e:44:5f:33:ac:c9:37:81:16:8b:
                    c9:6a:30:7a:d2:e2:cc:1e:a3:41:a2:13:72:fa:30:
                    c8:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:31:16:AB:A8:A1:EB:ED:A4:7C:8D:29:95:E9:DD:6D:A4:BC:63:AC
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/RjEWq6ih6-2kfI0plendbaS8Y6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:30:09:a1:65:69:43:5f:c2:f0:28:d3:4d:7f:70:d4:91:d4:
         c7:df:68:cf:04:b7:19:a4:7c:6d:32:05:b4:cf:ea:56:ce:c9:
         6c:72:0f:63:f2:75:0d:c1:3d:93:10:d1:c9:c8:ea:8e:08:6c:
         db:6c:3e:6d:3a:46:d6:6e:5e:15:7d:6e:af:1a:b7:1f:06:3b:
         9d:37:2b:74:33:2a:25:37:48:7a:17:a9:d6:98:39:71:6d:74:
         00:93:fe:68:29:d2:f4:86:69:42:b5:6a:74:9f:a3:3d:8e:29:
         80:f5:4b:0e:92:42:75:20:26:43:ce:42:4f:fa:d2:52:2a:d8:
         f7:fc:0a:07:c8:29:96:13:54:7c:03:7f:9f:5b:23:54:1c:30:
         0d:af:bd:02:c5:4f:73:6b:a3:e5:d5:eb:d7:4b:43:20:a3:c3:
         e2:3e:d1:45:50:1e:b2:8e:4a:54:76:9e:f1:a7:ac:a5:e1:c1:
         a2:09:b7:c2:10:9d:a9:fb:98:f2:8a:40:a6:c4:c4:1c:2e:18:
         d7:fe:24:0a:dd:2f:e3:fe:82:34:6d:ec:9e:7e:54:af:0a:5e:
         dd:60:94:e5:fe:52:3e:05:7b:6f:a7:e5:07:cd:26:8c:94:a3:
         18:ca:d4:13:cb:9e:d0:ae:0e:6c:8d:07:af:cf:a4:e1:fd:29:
         56:26:44:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ64iMCRmmiDVGr8FbhP/TBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjYwNjExMjExMzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjMxMTZhYmE4YTFlYmVkYTQ3YzhkMjk5NWU5ZGQ2ZGE0YmM2M2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzquMV3AC2F6PzrOpQpah6phLp94P
dNgLlyGCbcQfHz4uK0Xxh+tFIXPWgC9ubN/m6bHNvhJQ7flDepZM7LWXkiMim3l7
58gFLNlx+65Rq1CULW3F8ALC4ljOG/+j1lpKxkKs9xnVDzIxr6l4ObaQbEUV3oWR
mkPVr+i34UQAB6oZl4kIGkWRX5X0I8gqEOTwqDjmruIbiRllrxQqrROj921UpMVt
OZzd8geHIf1Las74VTG5RuKr/Q93LLQikx2nXLfejVaeIJPDzop3q6dYjcBUZJF1
nhKmaFIrphjkMR6iB1GrOz5EXzOsyTeBFovJajB60uLMHqNBohNy+jDIEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYxFquooevtpHyNKZXp3W2kvGOsMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvUmpFV3E2aWg2LTJrZkkwcGxlbmRiYVM4WTZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVtEMA0G
CSqGSIb3DQEBCwUAA4IBAQCFMAmhZWlDX8LwKNNNf3DUkdTH32jPBLcZpHxtMgW0
z+pWzslscg9j8nUNwT2TENHJyOqOCGzbbD5tOkbWbl4VfW6vGrcfBjudNyt0Myol
N0h6F6nWmDlxbXQAk/5oKdL0hmlCtWp0n6M9jimA9UsOkkJ1ICZDzkJP+tJSKtj3
/AoHyCmWE1R8A3+fWyNUHDANr70CxU9za6Pl1evXS0Mgo8PiPtFFUB6yjkpUdp7x
p6yl4cGiCbfCEJ2p+5jyikCmxMQcLhjX/iQK3S/j/oI0beyeflSvCl7dYJTl/lI+
BXtvp+UHzSaMlKMYytQTy57Qrg5sjQevz6Th/SlWJkSc
-----END CERTIFICATE-----