Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/fW59nKWFAAcX3FkGdJCNC4LY0lU.roa
File:                     fW59nKWFAAcX3FkGdJCNC4LY0lU.roa (raw, json)
Hash identifier:          QrZ99mG5ipIB8lihFmB86+BQ62v5THWSecfMtXAd/Vk=
Subject key identifier:   7D:6E:7D:9C:A5:85:00:07:17:DC:59:06:74:90:8D:0B:82:D8:D2:55
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019CB31CFBEB3B189ED35C745BB27B3D8066
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/fW59nKWFAAcX3FkGdJCNC4LY0lU.roa
Signing time:             Tue 03 Mar 2026 09:52:27 +0000
ROA not before:           Tue 03 Mar 2026 09:52:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47596
IP address blocks:        212.22.77.0/24 maxlen: 24
                          2a06:c3c0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 10:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:1c:fb:eb:3b:18:9e:d3:5c:74:5b:b2:7b:3d:80:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Mar  3 09:52:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d6e7d9ca585000717dc590674908d0b82d8d255
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c4:3b:fb:c3:62:34:4e:bb:e8:5a:8a:94:59:
                    85:52:69:9e:7a:28:f7:70:23:7b:98:4d:f0:6d:2d:
                    98:0d:a8:1b:7b:7d:67:d3:d5:55:df:f0:71:ce:da:
                    55:03:6e:2a:5e:35:8c:0a:e4:de:76:4a:38:e8:df:
                    91:d8:18:c9:86:ef:0e:2e:65:b3:2d:9a:26:6a:17:
                    e4:dc:69:a9:9f:98:5d:51:c6:96:ee:b4:7d:c4:22:
                    c4:c0:62:67:54:65:64:11:ea:8f:d6:09:66:fb:7c:
                    28:fe:03:93:c5:6c:0a:a9:6f:e1:14:6d:91:10:22:
                    0e:78:c4:c7:94:25:a6:c6:99:cc:32:76:32:33:4e:
                    66:0c:9e:c9:3e:c6:15:a7:1e:e4:18:b9:43:90:ec:
                    e6:2c:5b:16:5f:15:66:6b:23:5b:20:1d:cf:1a:2e:
                    93:de:dd:93:8d:79:ec:31:c0:03:ad:76:dd:e1:cb:
                    c2:25:81:25:6c:22:e8:31:48:ee:ef:45:d7:f9:c8:
                    9b:d4:14:da:8b:59:fc:57:1c:e3:be:fe:eb:d6:8a:
                    7d:28:c2:36:84:83:48:35:90:ab:a9:0c:6f:b7:89:
                    ca:5d:14:c4:f8:33:1d:d7:5f:ad:57:d4:4c:8a:49:
                    48:8a:45:27:6a:87:f0:08:f2:81:3d:f0:bb:e5:f3:
                    84:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:6E:7D:9C:A5:85:00:07:17:DC:59:06:74:90:8D:0B:82:D8:D2:55
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/fW59nKWFAAcX3FkGdJCNC4LY0lU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.77.0/24
                IPv6:
                  2a06:c3c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:48:0e:ed:e8:d9:fa:a5:0e:fa:68:94:68:1d:a7:cd:8f:02:
         c6:c0:ba:0b:9d:17:fd:b2:e8:b5:97:53:b9:93:b0:15:f2:27:
         fa:e4:2a:29:15:62:45:b5:4f:55:bd:b2:df:22:86:32:9a:73:
         a9:d7:a0:4c:ea:07:12:28:7d:9d:88:45:4e:11:64:2e:75:4c:
         50:b1:7b:1a:9d:67:f4:95:bc:57:7a:2e:91:ea:76:f0:08:65:
         eb:4b:10:5e:2e:81:e2:76:8c:9f:49:9f:06:e5:a4:32:00:42:
         d3:1e:78:46:08:bd:f1:85:4b:2a:81:d9:78:80:23:75:f4:eb:
         3c:5d:1a:6e:7a:e5:1f:34:2c:0d:40:ec:0b:f0:28:53:7e:14:
         3b:03:e8:3b:5e:75:d8:61:72:79:da:bb:f3:80:95:eb:7c:a7:
         fa:b3:94:ff:6f:2e:88:f5:b9:ce:39:39:fa:e5:ff:06:4c:3f:
         e0:26:39:94:41:1b:04:ed:1e:33:d0:f4:eb:a4:cc:0a:7b:d0:
         47:5d:08:19:b6:5b:20:8a:60:f0:57:e4:ea:41:b7:09:0b:78:
         3f:f0:23:ea:7e:6f:6d:1a:46:f3:89:93:14:26:64:10:85:44:
         ab:d7:55:8e:63:8d:3c:b5:c2:11:c5:ec:56:b8:44:26:22:d4:
         42:0a:25:40
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZyzHPvrOxie01x0W7J7PYBmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjYwMzAzMDk1MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDZlN2Q5Y2E1ODUwMDA3MTdkYzU5MDY3NDkwOGQwYjgyZDhkMjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8Q7+8NiNE676FqKlFmFUmmeeij3
cCN7mE3wbS2YDagbe31n09VV3/BxztpVA24qXjWMCuTedko46N+R2BjJhu8OLmWz
LZomahfk3Gmpn5hdUcaW7rR9xCLEwGJnVGVkEeqP1glm+3wo/gOTxWwKqW/hFG2R
ECIOeMTHlCWmxpnMMnYyM05mDJ7JPsYVpx7kGLlDkOzmLFsWXxVmayNbIB3PGi6T
3t2TjXnsMcADrXbd4cvCJYElbCLoMUju70XX+cib1BTai1n8Vxzjvv7r1op9KMI2
hININZCrqQxvt4nKXRTE+DMd11+tV9RMiklIikUnaofwCPKBPfC75fOEJwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFH1ufZylhQAHF9xZBnSQjQuC2NJVMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvZlc1OW5LV0ZBQWNYM0ZrR2RKQ05DNExZMGxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1BZNMA8E
AgACMAkDBwAqBsPAAAEwDQYJKoZIhvcNAQELBQADggEBABlIDu3o2fqlDvpolGgd
p82PAsbAugudF/2y6LWXU7mTsBXyJ/rkKikVYkW1T1W9st8ihjKac6nXoEzqBxIo
fZ2IRU4RZC51TFCxexqdZ/SVvFd6LpHqdvAIZetLEF4ugeJ2jJ9JnwblpDIAQtMe
eEYIvfGFSyqB2XiAI3X06zxdGm565R80LA1A7AvwKFN+FDsD6Dteddhhcnnau/OA
let8p/qzlP9vLoj1uc45Ofrl/wZMP+AmOZRBGwTtHjPQ9OukzAp70EddCBm2WyCK
YPBX5OpBtwkLeD/wI+p+b20aRvOJkxQmZBCFRKvXVY5jjTy1whHF7Fa4RCYi1EIK
JUA=
-----END CERTIFICATE-----