Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/dbd951-259b-4759-a519-9c5e1deb2c33/1/FhKAoau0JjukzC47olP9U847XGI.roa
File:                     FhKAoau0JjukzC47olP9U847XGI.roa (raw, json)
Hash identifier:          3F1NNCOQC9ZPD91aPkyQm6i6mrnOfMArj9YcvlMVCtY=
Subject key identifier:   16:12:80:A1:AB:B4:26:3B:A4:CC:2E:3B:A2:53:FD:53:CE:3B:5C:62
Certificate issuer:       /CN=2400b20606314858a7b3f2a975e8e9d919ec753a
Certificate serial:       019E68388CDC7978DA99349C9E090C287C82
Authority key identifier: 24:00:B2:06:06:31:48:58:A7:B3:F2:A9:75:E8:E9:D9:19:EC:75:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JACyBgYxSFins_Kpdejp2RnsdTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/dbd951-259b-4759-a519-9c5e1deb2c33/1/FhKAoau0JjukzC47olP9U847XGI.roa
Signing time:             Wed 27 May 2026 06:56:37 +0000
ROA not before:           Wed 27 May 2026 06:56:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35699
IP address blocks:        77.246.188.0/24 maxlen: 24
                          77.246.189.0/24 maxlen: 24
                          185.74.82.0/23 maxlen: 23
                          185.74.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/dbd951-259b-4759-a519-9c5e1deb2c33/1/JACyBgYxSFins_Kpdejp2RnsdTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/dbd951-259b-4759-a519-9c5e1deb2c33/1/JACyBgYxSFins_Kpdejp2RnsdTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JACyBgYxSFins_Kpdejp2RnsdTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:68:38:8c:dc:79:78:da:99:34:9c:9e:09:0c:28:7c:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2400b20606314858a7b3f2a975e8e9d919ec753a
        Validity
            Not Before: May 27 06:56:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=161280a1abb4263ba4cc2e3ba253fd53ce3b5c62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:cc:d8:38:7e:b4:39:86:53:83:23:49:fa:d1:
                    a8:c3:d8:0c:a0:ca:a1:f0:09:fb:da:dd:fa:fb:b3:
                    05:6f:d4:78:07:45:16:76:df:c6:61:70:34:ae:f2:
                    66:24:9d:8a:ea:74:ca:b4:b5:8b:84:83:94:fa:a7:
                    52:f7:15:3a:df:83:0f:6a:6f:4b:48:ac:e8:24:53:
                    10:a4:58:29:d4:16:39:70:d8:04:45:99:10:84:bb:
                    88:74:9a:bc:82:54:b1:dd:b9:0e:ed:db:58:eb:1f:
                    6e:18:02:53:97:63:3b:5e:de:44:90:9c:d7:0a:22:
                    c3:94:98:28:87:02:d3:ff:cd:65:b8:97:58:5f:56:
                    33:14:76:c5:85:0a:0d:e9:09:84:f0:85:94:28:5f:
                    98:7b:88:68:f7:c7:d8:fe:ba:2f:af:fe:d7:d6:21:
                    bb:1f:7a:23:7a:9a:09:8a:c7:e5:b4:b8:93:55:4e:
                    8e:f0:7f:07:58:07:e9:af:79:c6:1a:57:14:c5:dc:
                    d3:74:78:96:70:7b:bf:4e:94:94:29:09:63:46:dc:
                    be:49:b9:9b:6f:1e:98:c3:b9:f1:22:3e:a9:70:e9:
                    a6:d6:b6:d1:a6:03:dd:28:dd:4e:d9:9e:db:9c:66:
                    c1:f0:7a:ca:1a:da:e4:06:f2:e2:3f:58:2b:7a:14:
                    bc:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:12:80:A1:AB:B4:26:3B:A4:CC:2E:3B:A2:53:FD:53:CE:3B:5C:62
            X509v3 Authority Key Identifier:
                keyid:24:00:B2:06:06:31:48:58:A7:B3:F2:A9:75:E8:E9:D9:19:EC:75:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JACyBgYxSFins_Kpdejp2RnsdTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/dbd951-259b-4759-a519-9c5e1deb2c33/1/FhKAoau0JjukzC47olP9U847XGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/dbd951-259b-4759-a519-9c5e1deb2c33/1/JACyBgYxSFins_Kpdejp2RnsdTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.188.0/23
                  185.74.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:d0:7a:3b:8b:7c:8b:ff:66:d0:ed:c7:43:7f:e2:c4:f0:b6:
         77:a1:73:a0:0f:07:dc:9f:2d:b2:3a:a2:f8:49:04:06:01:62:
         72:9b:76:ad:a4:8f:80:58:98:67:39:37:d1:02:46:0a:5e:7c:
         db:8e:6b:c7:13:bb:ae:94:de:0c:d9:6a:93:dc:2e:2b:46:fe:
         f6:66:85:ce:ec:f8:6c:33:cc:3b:c2:07:7e:51:b2:a0:fa:79:
         79:2e:a9:f7:5b:b1:f0:d3:17:65:01:e0:38:a8:a9:0e:df:89:
         0d:c7:b8:e2:e3:6d:53:06:b8:97:32:cd:2a:61:ff:4b:dd:d4:
         3f:37:d4:3e:7c:5c:40:fb:c5:cc:e5:5a:2e:bc:f2:8c:41:a9:
         f3:f8:57:19:86:1e:f9:d7:dc:b8:8d:86:60:64:d1:72:11:9d:
         fe:85:84:5f:c6:89:6b:40:c0:08:80:82:74:a4:3d:ae:9a:b9:
         f8:d0:a8:96:34:bd:4a:c1:5b:c1:1b:a3:b0:e4:9d:18:63:03:
         16:07:03:30:6a:fb:7d:e1:a2:65:1c:35:32:57:a5:52:80:69:
         d4:95:f4:f3:73:4e:08:db:02:78:77:3f:38:db:84:2e:ab:6c:
         df:31:42:24:04:1c:55:8b:59:34:58:ca:0f:df:5d:92:88:f9:
         79:3c:57:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5oOIzceXjamTScngkMKHyCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MDBiMjA2MDYzMTQ4NThhN2IzZjJhOTc1ZThlOWQ5MTll
Yzc1M2EwHhcNMjYwNTI3MDY1NjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjEyODBhMWFiYjQyNjNiYTRjYzJlM2JhMjUzZmQ1M2NlM2I1YzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8zYOH60OYZTgyNJ+tGow9gMoMqh
8An72t36+7MFb9R4B0UWdt/GYXA0rvJmJJ2K6nTKtLWLhIOU+qdS9xU634MPam9L
SKzoJFMQpFgp1BY5cNgERZkQhLuIdJq8glSx3bkO7dtY6x9uGAJTl2M7Xt5EkJzX
CiLDlJgohwLT/81luJdYX1YzFHbFhQoN6QmE8IWUKF+Ye4ho98fY/rovr/7X1iG7
H3ojepoJisfltLiTVU6O8H8HWAfpr3nGGlcUxdzTdHiWcHu/TpSUKQljRty+Sbmb
bx6Yw7nxIj6pcOmm1rbRpgPdKN1O2Z7bnGbB8HrKGtrkBvLiP1grehS8IQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBYSgKGrtCY7pMwuO6JT/VPOO1xiMB8GA1UdIwQY
MBaAFCQAsgYGMUhYp7PyqXXo6dkZ7HU6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkFDeUJnWXhTRmluc19LcGRlanAyUm5zZFRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9kYmQ5NTEtMjU5Yi00NzU5LWE1MTkt
OWM1ZTFkZWIyYzMzLzEvRmhLQW9hdTBKanVrekM0N29sUDlVODQ3WEdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9kYmQ5NTEtMjU5Yi00NzU5LWE1MTktOWM1ZTFkZWIyYzMz
LzEvSkFDeUJnWXhTRmluc19LcGRlanAyUm5zZFRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBTfa8AwQB
uUpSMA0GCSqGSIb3DQEBCwUAA4IBAQAn0Ho7i3yL/2bQ7cdDf+LE8LZ3oXOgDwfc
ny2yOqL4SQQGAWJym3atpI+AWJhnOTfRAkYKXnzbjmvHE7uulN4M2WqT3C4rRv72
ZoXO7PhsM8w7wgd+UbKg+nl5Lqn3W7Hw0xdlAeA4qKkO34kNx7ji421TBriXMs0q
Yf9L3dQ/N9Q+fFxA+8XM5VouvPKMQanz+FcZhh7519y4jYZgZNFyEZ3+hYRfxolr
QMAIgIJ0pD2umrn40KiWNL1KwVvBG6Ow5J0YYwMWBwMwavt94aJlHDUyV6VSgGnU
lfTzc04I2wJ4dz8424Quq2zfMUIkBBxVi1k0WMoP312SiPl5PFcb
-----END CERTIFICATE-----