Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/ksti9Cz-YWGrPG3nUQtWw4iwXW8.roa
File:                     ksti9Cz-YWGrPG3nUQtWw4iwXW8.roa (raw, json)
Hash identifier:          QXzCZnDrQ2SXERmOPrfezHiPL5LdEJk0j9fQC6saTKg=
Subject key identifier:   92:CB:62:F4:2C:FE:61:61:AB:3C:6D:E7:51:0B:56:C3:88:B0:5D:6F
Certificate issuer:       /CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
Certificate serial:       019E9E7C59E0468E1DDC04801F1FF569C202
Authority key identifier: D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/ksti9Cz-YWGrPG3nUQtWw4iwXW8.roa
Signing time:             Sat 06 Jun 2026 19:50:10 +0000
ROA not before:           Sat 06 Jun 2026 19:50:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215366
IP address blocks:        77.221.54.0/23 maxlen: 23
                          77.221.54.0/24 maxlen: 24
                          77.221.55.0/24 maxlen: 24
                          77.221.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 22:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9e:7c:59:e0:46:8e:1d:dc:04:80:1f:1f:f5:69:c2:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
        Validity
            Not Before: Jun  6 19:50:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=92cb62f42cfe6161ab3c6de7510b56c388b05d6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:94:c7:64:02:14:34:f7:c0:50:d5:57:4b:28:
                    05:21:90:7a:57:d5:ee:5a:cc:6a:3e:2b:25:a8:b9:
                    b5:aa:97:52:98:b4:11:cd:ae:b6:0c:bc:2a:69:32:
                    50:cb:63:3b:29:3a:18:cb:b1:13:0d:47:76:75:92:
                    2f:23:0b:b5:c3:45:3c:52:ce:1f:8e:1a:f6:7f:69:
                    7b:33:d3:64:60:df:9e:e7:7a:9d:e9:37:b8:e6:0a:
                    6f:9b:3e:7e:70:19:57:14:cd:08:94:d7:9f:7e:b1:
                    64:fc:b0:8c:93:cf:f5:f0:8f:d5:1d:48:44:6d:99:
                    c4:3d:c2:ca:3e:e5:f9:3d:9d:c0:24:69:46:b8:2c:
                    d8:e8:43:40:9d:5b:09:0e:25:48:45:be:8f:c3:7d:
                    7f:03:b2:78:3d:ff:99:ff:29:4d:d7:30:73:a5:dd:
                    25:08:96:92:cb:49:1f:d8:e0:82:c2:26:fe:d9:8b:
                    4a:31:3b:91:d5:84:67:f1:26:90:85:78:fe:8b:4a:
                    6f:cd:92:fe:c6:12:51:ce:52:67:a3:b4:b2:5c:de:
                    d3:b1:ff:34:4f:bc:bf:2e:9a:48:ec:e8:55:45:7e:
                    40:f2:d4:05:ad:4f:67:59:36:01:53:65:0f:f7:3a:
                    94:54:61:c1:36:32:ec:ba:d8:9b:fe:da:9c:be:63:
                    da:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:CB:62:F4:2C:FE:61:61:AB:3C:6D:E7:51:0B:56:C3:88:B0:5D:6F
            X509v3 Authority Key Identifier:
                keyid:D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/ksti9Cz-YWGrPG3nUQtWw4iwXW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.54.0-77.221.56.255

    Signature Algorithm: sha256WithRSAEncryption
         4b:16:89:60:6c:bc:11:8e:91:aa:62:73:ed:c1:58:3d:42:f5:
         a4:c9:63:0d:bc:77:d7:34:e8:91:27:54:ea:0f:b0:8e:7b:c4:
         1c:12:c6:0d:db:8d:d3:7d:e8:d3:dc:42:f5:25:f6:cb:55:ce:
         26:af:db:ff:1a:87:8f:46:6a:a2:21:b6:35:9c:23:d2:ee:5b:
         21:3b:3a:d9:a2:e2:e5:b0:8a:2e:0a:d6:fe:73:47:92:65:a8:
         d1:c8:7d:fd:b7:a0:6c:72:69:a0:45:ed:a4:13:82:e7:9e:28:
         51:66:78:4d:a5:b8:c0:73:ab:30:8e:fe:5c:2d:63:06:52:23:
         b0:d0:5a:75:ce:04:2a:9e:e5:f7:5d:c1:e9:72:aa:2c:82:2a:
         67:8f:ac:6a:e1:70:f4:86:88:21:1e:1f:64:3c:7e:5e:f8:f1:
         9f:22:df:2b:ce:d2:da:05:c3:f7:9e:3f:57:8a:a3:ab:ea:f5:
         d7:ca:d3:65:a1:59:38:05:7c:ac:69:fe:11:f9:d9:e4:b0:cc:
         c7:92:fb:71:bc:f3:e0:97:2a:44:69:60:ca:7a:20:6d:e0:8a:
         b8:43:d4:d4:7c:3b:ee:a0:60:22:25:e0:7a:aa:b9:df:47:47:
         51:1a:0a:36:1a:03:07:eb:f2:07:de:d4:17:11:65:e6:08:43:
         de:6e:91:24
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ6efFngRo4d3ASAHx/1acICMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDM2NDIwNzZkMjdlMjUyZmE5MGJmMWE0Mjk2ZjhiY2Q5
ZDBjZjEwHhcNMjYwNjA2MTk1MDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmNiNjJmNDJjZmU2MTYxYWIzYzZkZTc1MTBiNTZjMzg4YjA1ZDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJTHZAIUNPfAUNVXSygFIZB6V9Xu
WsxqPislqLm1qpdSmLQRza62DLwqaTJQy2M7KToYy7ETDUd2dZIvIwu1w0U8Us4f
jhr2f2l7M9NkYN+e53qd6Te45gpvmz5+cBlXFM0IlNeffrFk/LCMk8/18I/VHUhE
bZnEPcLKPuX5PZ3AJGlGuCzY6ENAnVsJDiVIRb6Pw31/A7J4Pf+Z/ylN1zBzpd0l
CJaSy0kf2OCCwib+2YtKMTuR1YRn8SaQhXj+i0pvzZL+xhJRzlJno7SyXN7Tsf80
T7y/LppI7OhVRX5A8tQFrU9nWTYBU2UP9zqUVGHBNjLsutib/tqcvmPaxwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJLLYvQs/mFhqzxt51ELVsOIsF1vMB8GA1UdIwQY
MBaAFNcDZCB20n4lL6kL8aQpb4vNnQzxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGIt
NjU0NTA1YTJkMDQ1LzEva3N0aTlDei1ZV0dyUEczblVRdFd3NGl3WFc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGItNjU0NTA1YTJkMDQ1
LzEvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFN3TYD
BABN3TgwDQYJKoZIhvcNAQELBQADggEBAEsWiWBsvBGOkapic+3BWD1C9aTJYw28
d9c06JEnVOoPsI57xBwSxg3bjdN96NPcQvUl9stVziav2/8ah49GaqIhtjWcI9Lu
WyE7Otmi4uWwii4K1v5zR5JlqNHIff23oGxyaaBF7aQTgueeKFFmeE2luMBzqzCO
/lwtYwZSI7DQWnXOBCqe5fddwelyqiyCKmePrGrhcPSGiCEeH2Q8fl748Z8i3yvO
0toFw/eeP1eKo6vq9dfK02WhWTgFfKxp/hH52eSwzMeS+3G88+CXKkRpYMp6IG3g
irhD1NR8O+6gYCIl4Hqqud9HR1EaCjYaAwfr8gfe1BcRZeYIQ95ukSQ=
-----END CERTIFICATE-----