Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/dpKkGD2SgABNju9FzjICMh-bILM.roa
File:                     dpKkGD2SgABNju9FzjICMh-bILM.roa (raw, json)
Hash identifier:          eA7DrTniAuZ9y6HHMxZvWAMtE9cnaGhtY/mRIrHlXQg=
Subject key identifier:   76:92:A4:18:3D:92:80:00:4D:8E:EF:45:CE:32:02:32:1F:9B:20:B3
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       019CB8A3E15098E2DCB99AB03F7FA93AA762
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/dpKkGD2SgABNju9FzjICMh-bILM.roa
Signing time:             Wed 04 Mar 2026 11:37:53 +0000
ROA not before:           Wed 04 Mar 2026 11:37:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210546
IP address blocks:        77.91.70.0/24 maxlen: 24
                          77.91.76.0/22 maxlen: 24
                          91.209.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Mar 2026 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b8:a3:e1:50:98:e2:dc:b9:9a:b0:3f:7f:a9:3a:a7:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Mar  4 11:37:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7692a4183d9280004d8eef45ce3202321f9b20b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:5d:12:c3:7e:ab:f4:e9:e3:34:91:87:fc:eb:
                    67:17:a6:33:e1:eb:83:92:d9:07:50:78:1f:cd:86:
                    52:d4:63:20:49:3b:cf:46:fc:11:cc:27:60:fb:bb:
                    9b:de:95:3d:6e:24:05:ab:74:4e:77:63:1a:2b:ef:
                    94:7b:18:b0:f3:a5:2d:13:7b:14:23:ea:c2:82:f1:
                    77:b1:fc:18:d8:3f:17:a0:02:6a:f9:48:47:3b:32:
                    62:70:bc:18:75:94:5d:bc:9d:97:5a:f1:da:d5:dd:
                    c7:7c:a3:6b:ad:1c:bc:44:5f:65:57:44:31:63:fa:
                    2e:cb:f3:dd:fb:4a:1e:6f:11:a4:37:50:0e:ce:49:
                    6e:0a:54:f1:89:a4:d8:67:e5:9c:87:06:bc:48:4c:
                    d8:1a:47:eb:90:5b:70:c6:3c:d9:8d:b4:4b:f1:f0:
                    4c:7f:1b:1b:e9:1b:48:14:4f:f0:d3:6f:79:6b:2d:
                    d5:b8:8b:c0:75:e6:cb:eb:03:0d:09:98:87:79:15:
                    1b:65:4c:44:a3:6d:80:25:56:98:5d:5d:57:e7:c7:
                    15:01:2b:75:99:e5:d6:19:97:69:e8:90:2b:21:da:
                    14:60:3b:66:e5:a6:44:a7:2c:8c:e1:a9:fd:d1:db:
                    35:2c:b3:60:dd:e0:f1:ff:75:40:13:e8:a2:68:ba:
                    d1:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:92:A4:18:3D:92:80:00:4D:8E:EF:45:CE:32:02:32:1F:9B:20:B3
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/dpKkGD2SgABNju9FzjICMh-bILM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.70.0/24
                  77.91.76.0/22
                  91.209.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:ae:83:05:54:3e:c4:dd:28:89:27:65:f2:14:1f:87:3f:f8:
         3d:4f:bd:fe:f9:b5:88:ec:b2:35:b8:64:34:aa:f7:8f:f4:1b:
         a0:05:94:cb:bb:24:b5:cd:ca:16:21:41:33:e6:88:1e:98:87:
         ad:9b:17:f9:79:f5:3c:57:0a:6d:d3:e5:79:86:fd:51:38:63:
         ad:35:ff:f4:9a:09:28:6b:0b:b7:19:dd:7c:4b:86:95:37:ea:
         46:2e:b4:86:30:7b:aa:7f:7e:e6:44:99:87:72:30:fb:69:38:
         ac:1b:31:cc:07:b6:0b:b2:b7:b9:13:97:4e:ab:d1:d3:85:b7:
         43:33:d8:c7:d0:a4:84:b2:9a:8b:bf:f1:64:4f:9a:9e:6b:7e:
         f9:da:0d:38:13:73:f3:65:ad:ff:ca:fc:81:ec:aa:eb:89:9a:
         02:71:ec:22:7e:66:c5:e6:86:d5:2d:20:c7:d0:25:ed:c5:61:
         22:14:6b:fa:60:d5:fe:66:dd:42:57:ff:4b:7b:48:6a:a6:f6:
         e5:23:cb:9a:92:ad:54:55:05:73:1e:7e:cf:47:23:89:02:5c:
         ce:5f:9c:86:d7:77:70:c4:b7:6f:2f:f3:eb:79:44:3a:0f:05:
         2e:ed:6c:fc:4c:0d:f1:17:e5:cc:22:3e:94:f3:eb:a9:cc:f4:
         69:ac:c1:f4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZy4o+FQmOLcuZqwP3+pOqdiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjYwMzA0MTEzNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjkyYTQxODNkOTI4MDAwNGQ4ZWVmNDVjZTMyMDIzMjFmOWIyMGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3F0Sw36r9OnjNJGH/OtnF6Yz4euD
ktkHUHgfzYZS1GMgSTvPRvwRzCdg+7ub3pU9biQFq3ROd2MaK++Uexiw86UtE3sU
I+rCgvF3sfwY2D8XoAJq+UhHOzJicLwYdZRdvJ2XWvHa1d3HfKNrrRy8RF9lV0Qx
Y/ouy/Pd+0oebxGkN1AOzkluClTxiaTYZ+Wchwa8SEzYGkfrkFtwxjzZjbRL8fBM
fxsb6RtIFE/w0295ay3VuIvAdebL6wMNCZiHeRUbZUxEo22AJVaYXV1X58cVASt1
meXWGZdp6JArIdoUYDtm5aZEpyyM4an90ds1LLNg3eDx/3VAE+iiaLrRtwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHaSpBg9koAATY7vRc4yAjIfmyCzMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvZHBLa0dEMlNnQUJOanU5RnpqSUNNaC1iSUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATVtGAwQC
TVtMAwQAW9GHMA0GCSqGSIb3DQEBCwUAA4IBAQB4roMFVD7E3SiJJ2XyFB+HP/g9
T73++bWI7LI1uGQ0qveP9BugBZTLuyS1zcoWIUEz5ogemIetmxf5efU8Vwpt0+V5
hv1ROGOtNf/0mgkoawu3Gd18S4aVN+pGLrSGMHuqf37mRJmHcjD7aTisGzHMB7YL
sre5E5dOq9HThbdDM9jH0KSEspqLv/FkT5qea3752g04E3PzZa3/yvyB7KrriZoC
cewifmbF5obVLSDH0CXtxWEiFGv6YNX+Zt1CV/9Le0hqpvblI8uakq1UVQVzHn7P
RyOJAlzOX5yG13dwxLdvL/PreUQ6DwUu7Wz8TA3xF+XMIj6U8+upzPRprMH0
-----END CERTIFICATE-----