Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/n8m0xVPUJ7sSm50Su5RRDOcBypY.roa
File:                     n8m0xVPUJ7sSm50Su5RRDOcBypY.roa (raw, json)
Hash identifier:          gyRmAMA/LaYNtHFV0LdlYDTpgJV5V6CTCcVfo5PwA40=
Subject key identifier:   9F:C9:B4:C5:53:D4:27:BB:12:9B:9D:12:BB:94:51:0C:E7:01:CA:96
Certificate issuer:       /CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
Certificate serial:       019CB3DF12BC156B1CE016C74ABBB7FC2F94
Authority key identifier: D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/n8m0xVPUJ7sSm50Su5RRDOcBypY.roa
Signing time:             Tue 03 Mar 2026 13:24:26 +0000
ROA not before:           Tue 03 Mar 2026 13:24:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39679
IP address blocks:        77.221.49.0/24 maxlen: 24
                          77.221.54.0/24 maxlen: 24
                          77.221.56.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:df:12:bc:15:6b:1c:e0:16:c7:4a:bb:b7:fc:2f:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
        Validity
            Not Before: Mar  3 13:24:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9fc9b4c553d427bb129b9d12bb94510ce701ca96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:aa:66:8f:a5:8e:e0:70:9e:d6:c1:56:c3:73:
                    75:d5:78:c7:b6:dc:af:2c:0f:21:79:6f:30:e1:14:
                    c0:cb:f5:e5:91:1f:5c:a1:64:c7:d2:f3:eb:d3:ee:
                    f9:09:08:89:2d:b6:aa:ac:88:f8:8d:27:0a:d4:e2:
                    f5:4f:0b:39:32:5f:a5:79:5a:87:2f:6d:2b:a6:c0:
                    e3:35:57:3a:ca:21:2d:df:d8:5c:b6:87:93:b8:94:
                    2e:ee:e9:13:6a:c9:b2:e9:7a:df:21:30:fd:1f:58:
                    49:17:0c:48:e5:44:4b:e4:6f:64:ec:b3:c2:94:f9:
                    71:82:42:f9:83:f1:a4:08:9a:19:33:56:4e:d8:d4:
                    21:bd:e4:ca:a5:f3:90:f9:9a:b4:2e:ad:16:6e:6a:
                    df:01:31:bc:96:54:57:f0:10:ea:9d:b8:3d:ca:29:
                    c5:4b:46:54:ac:bf:ff:0e:80:09:78:4e:a6:1f:13:
                    ca:6a:7c:50:62:42:8f:1a:ef:36:57:40:c8:01:ff:
                    82:25:13:f8:e8:cc:f9:b7:99:52:0b:0a:29:92:57:
                    13:f3:4a:62:6d:91:10:2d:c5:b7:76:89:db:29:2b:
                    95:cf:a5:c6:02:50:95:a2:b1:cb:5b:2a:81:ab:1c:
                    6a:1d:20:43:c5:4a:a9:ee:fb:93:22:ee:da:79:a0:
                    1d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:C9:B4:C5:53:D4:27:BB:12:9B:9D:12:BB:94:51:0C:E7:01:CA:96
            X509v3 Authority Key Identifier:
                keyid:D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/n8m0xVPUJ7sSm50Su5RRDOcBypY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.49.0/24
                  77.221.54.0/24
                  77.221.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ad:64:3a:9d:03:34:aa:7f:b4:20:62:a9:0a:8d:a6:03:3f:5d:
         dc:0e:8b:da:bf:53:bb:09:7e:3b:0e:a4:7a:d7:6a:15:3a:d7:
         64:31:f4:2b:8d:de:70:2e:85:33:09:bf:a7:85:0e:95:45:9e:
         36:01:98:1c:25:50:91:26:1d:34:bb:85:97:6c:72:c1:3b:4d:
         9d:bf:0b:50:7a:dc:80:5d:6e:14:51:28:52:48:5f:de:f6:24:
         53:18:66:6a:db:30:95:89:f2:64:4c:5c:cd:e0:e7:b5:68:c8:
         22:8e:a1:0a:41:ce:dd:2c:91:8b:11:da:49:21:d1:d3:6f:ed:
         46:49:9b:64:ca:57:6a:ca:ce:57:39:8a:f2:a8:ed:1c:70:c1:
         37:ff:be:29:58:5a:bd:01:d0:d8:0f:cf:6a:05:f6:26:70:de:
         7d:47:f0:58:0f:34:f4:74:9d:bc:89:10:8e:b0:68:7b:26:b2:
         0f:59:c3:7a:17:a3:f3:0b:72:d3:a6:1f:54:52:0d:55:c6:77:
         e7:b1:fa:3b:9d:5b:91:3a:f5:64:5b:60:01:d6:4f:42:82:26:
         a3:bd:0f:fd:18:f1:14:52:3a:36:13:d4:95:2c:5b:67:7b:67:
         e9:28:0e:ac:73:83:39:90:89:aa:53:74:5e:34:d3:ac:d2:6f:
         bd:b5:3b:95
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZyz3xK8FWsc4BbHSru3/C+UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDM2NDIwNzZkMjdlMjUyZmE5MGJmMWE0Mjk2ZjhiY2Q5
ZDBjZjEwHhcNMjYwMzAzMTMyNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmM5YjRjNTUzZDQyN2JiMTI5YjlkMTJiYjk0NTEwY2U3MDFjYTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnqpmj6WO4HCe1sFWw3N11XjHttyv
LA8heW8w4RTAy/XlkR9coWTH0vPr0+75CQiJLbaqrIj4jScK1OL1Tws5Ml+leVqH
L20rpsDjNVc6yiEt39hctoeTuJQu7ukTasmy6XrfITD9H1hJFwxI5URL5G9k7LPC
lPlxgkL5g/GkCJoZM1ZO2NQhveTKpfOQ+Zq0Lq0WbmrfATG8llRX8BDqnbg9yinF
S0ZUrL//DoAJeE6mHxPKanxQYkKPGu82V0DIAf+CJRP46Mz5t5lSCwopklcT80pi
bZEQLcW3donbKSuVz6XGAlCVorHLWyqBqxxqHSBDxUqp7vuTIu7aeaAd0wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ/JtMVT1Ce7EpudEruUUQznAcqWMB8GA1UdIwQY
MBaAFNcDZCB20n4lL6kL8aQpb4vNnQzxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGIt
NjU0NTA1YTJkMDQ1LzEvbjhtMHhWUFVKN3NTbTUwU3U1UlJET2NCeXBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGItNjU0NTA1YTJkMDQ1
LzEvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATd0xAwQA
Td02AwQBTd04MA0GCSqGSIb3DQEBCwUAA4IBAQCtZDqdAzSqf7QgYqkKjaYDP13c
Dovav1O7CX47DqR612oVOtdkMfQrjd5wLoUzCb+nhQ6VRZ42AZgcJVCRJh00u4WX
bHLBO02dvwtQetyAXW4UUShSSF/e9iRTGGZq2zCVifJkTFzN4Oe1aMgijqEKQc7d
LJGLEdpJIdHTb+1GSZtkyldqys5XOYryqO0ccME3/74pWFq9AdDYD89qBfYmcN59
R/BYDzT0dJ28iRCOsGh7JrIPWcN6F6PzC3LTph9UUg1Vxnfnsfo7nVuROvVkW2AB
1k9CgiajvQ/9GPEUUjo2E9SVLFtne2fpKA6sc4M5kImqU3ReNNOs0m+9tTuV
-----END CERTIFICATE-----