Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/X7jZyI4WWSLbJ9vTl0wdZX9z8_U.roa
File:                     X7jZyI4WWSLbJ9vTl0wdZX9z8_U.roa (raw, json)
Hash identifier:          qTOdWXALnwkpqasar2MX6fAmT+eVbqYDbmrC5CG6XRc=
Subject key identifier:   5F:B8:D9:C8:8E:16:59:22:DB:27:DB:D3:97:4C:1D:65:7F:73:F3:F5
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       019CB3D7C0033D673380A8F5A2FF19C82230
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/X7jZyI4WWSLbJ9vTl0wdZX9z8_U.roa
Signing time:             Tue 03 Mar 2026 13:16:26 +0000
ROA not before:           Tue 03 Mar 2026 13:16:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210546
IP address blocks:        77.91.70.0/24 maxlen: 24
                          77.91.76.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Mar 2026 15:20:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:d7:c0:03:3d:67:33:80:a8:f5:a2:ff:19:c8:22:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Mar  3 13:16:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5fb8d9c88e165922db27dbd3974c1d657f73f3f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b1:0e:0f:30:ef:5b:5c:bf:22:67:8f:21:fb:
                    33:6c:23:60:09:8f:74:68:4b:89:2e:25:3c:27:f4:
                    0a:fd:f3:5b:1a:55:4f:75:91:89:50:6a:57:2d:75:
                    23:91:fa:76:3a:d0:76:7e:92:14:bc:13:2c:c3:b4:
                    b0:e5:34:48:eb:02:5a:c3:61:27:b2:27:d2:e8:35:
                    7a:9e:14:87:23:21:e4:62:1c:27:d8:12:80:48:8a:
                    1e:24:f6:53:26:8d:f2:c6:d4:7f:f5:73:5c:be:f7:
                    3d:e4:be:01:b4:2f:b8:9d:70:2b:46:4b:e2:34:d1:
                    df:1e:5c:e8:3e:09:ae:3a:ff:3b:0b:94:f4:ca:5f:
                    8b:1a:49:0b:69:40:7c:51:43:55:10:c3:3c:c2:d6:
                    19:30:40:ba:73:b5:3a:f1:0c:64:1a:3b:c4:91:75:
                    2d:22:5d:f7:f3:b5:75:fc:e1:b8:32:1f:fd:59:15:
                    2d:43:34:68:03:5d:a8:9c:e0:cb:87:0a:4e:11:5d:
                    de:fe:f9:e3:7b:22:68:c1:27:f0:4f:43:57:d1:80:
                    f4:90:20:25:52:a1:58:ec:9b:f9:c5:24:5a:88:9c:
                    f9:0f:a4:4b:fc:03:48:f4:db:33:c3:92:64:d3:c1:
                    f7:1b:93:e1:12:32:c4:cb:4a:b2:f0:25:b5:85:84:
                    52:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:B8:D9:C8:8E:16:59:22:DB:27:DB:D3:97:4C:1D:65:7F:73:F3:F5
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/X7jZyI4WWSLbJ9vTl0wdZX9z8_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.70.0/24
                  77.91.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:ee:88:79:ab:39:78:75:68:23:46:de:29:db:7f:73:22:e9:
         8d:f9:38:f1:d3:50:cd:51:82:70:1e:7a:b4:7f:89:4b:72:38:
         85:80:3e:ee:3b:d9:be:1f:c3:07:9e:55:a3:eb:f9:18:e4:30:
         37:dc:6b:42:e1:48:85:4e:9f:73:ee:e8:79:e1:76:0e:f1:1c:
         8a:c2:cf:43:53:1c:91:6e:cc:c5:74:67:6f:d6:76:2a:c7:ad:
         7f:b4:ff:58:8c:1f:18:b8:41:e8:82:be:41:ac:44:f8:83:dd:
         9d:5d:f5:1c:f7:25:0c:aa:21:fa:79:03:32:3b:91:54:9c:39:
         fe:9d:25:7a:96:ae:e9:db:e6:18:6d:20:e3:52:45:3c:8a:ff:
         96:32:c2:09:f2:11:ae:9d:db:94:f0:6e:6c:25:9b:fb:3e:b5:
         c1:85:9b:74:46:e9:d7:31:03:d6:9d:fb:26:9b:7a:e2:2b:cb:
         28:c9:83:aa:60:04:95:70:df:a9:0a:89:e5:75:de:75:02:d4:
         a4:4e:4a:0d:b4:56:b0:c6:6e:20:fb:de:c4:16:90:e4:ae:fa:
         cb:9f:66:b7:17:cd:ad:54:15:58:8a:e1:4b:ba:54:8b:d3:eb:
         3c:40:df:34:98:00:ad:86:42:a3:9b:6f:b3:8d:77:3a:76:b5:
         1a:ae:95:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyz18ADPWczgKj1ov8ZyCIwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjYwMzAzMTMxNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmI4ZDljODhlMTY1OTIyZGIyN2RiZDM5NzRjMWQ2NTdmNzNmM2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLEODzDvW1y/ImePIfszbCNgCY90
aEuJLiU8J/QK/fNbGlVPdZGJUGpXLXUjkfp2OtB2fpIUvBMsw7Sw5TRI6wJaw2En
sifS6DV6nhSHIyHkYhwn2BKASIoeJPZTJo3yxtR/9XNcvvc95L4BtC+4nXArRkvi
NNHfHlzoPgmuOv87C5T0yl+LGkkLaUB8UUNVEMM8wtYZMEC6c7U68QxkGjvEkXUt
Il3387V1/OG4Mh/9WRUtQzRoA12onODLhwpOEV3e/vnjeyJowSfwT0NX0YD0kCAl
UqFY7Jv5xSRaiJz5D6RL/ANI9Nszw5Jk08H3G5PhEjLEy0qy8CW1hYRS/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF+42ciOFlki2yfb05dMHWV/c/P1MB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvWDdqWnlJNFdXU0xiSjl2VGwwd2RaWDl6OF9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVtGAwQC
TVtMMA0GCSqGSIb3DQEBCwUAA4IBAQBh7oh5qzl4dWgjRt4p239zIumN+Tjx01DN
UYJwHnq0f4lLcjiFgD7uO9m+H8MHnlWj6/kY5DA33GtC4UiFTp9z7uh54XYO8RyK
ws9DUxyRbszFdGdv1nYqx61/tP9YjB8YuEHogr5BrET4g92dXfUc9yUMqiH6eQMy
O5FUnDn+nSV6lq7p2+YYbSDjUkU8iv+WMsIJ8hGunduU8G5sJZv7PrXBhZt0RunX
MQPWnfsmm3riK8soyYOqYASVcN+pConldd51AtSkTkoNtFawxm4g+97EFpDkrvrL
n2a3F82tVBVYiuFLulSL0+s8QN80mACthkKjm2+zjXc6drUarpVM
-----END CERTIFICATE-----