Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/0496ba-97ba-4022-ab63-23d42d922943/1/1e5gN7A5IMLAfWh5okyUEY4gzTs.roa
File:                     1e5gN7A5IMLAfWh5okyUEY4gzTs.roa (raw, json)
Hash identifier:          YcxcWdqXrpjTgUSpqzxnLLj/efKoZUVfv7p5P2dPWuE=
Subject key identifier:   D5:EE:60:37:B0:39:20:C2:C0:7D:68:79:A2:4C:94:11:8E:20:CD:3B
Certificate issuer:       /CN=f6fa23a52645c96db0ddb14d24f6b4f0559fbe2b
Certificate serial:       019EF02064D3876E6B3A8544C79E7002BB83
Authority key identifier: F6:FA:23:A5:26:45:C9:6D:B0:DD:B1:4D:24:F6:B4:F0:55:9F:BE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9vojpSZFyW2w3bFNJPa08FWfvis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/0496ba-97ba-4022-ab63-23d42d922943/1/1e5gN7A5IMLAfWh5okyUEY4gzTs.roa
Signing time:             Mon 22 Jun 2026 16:18:35 +0000
ROA not before:           Mon 22 Jun 2026 16:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215886
IP address blocks:        77.95.223.0/24 maxlen: 24
                          2a01:f6c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/0496ba-97ba-4022-ab63-23d42d922943/1/9vojpSZFyW2w3bFNJPa08FWfvis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/0496ba-97ba-4022-ab63-23d42d922943/1/9vojpSZFyW2w3bFNJPa08FWfvis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9vojpSZFyW2w3bFNJPa08FWfvis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 13:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f0:20:64:d3:87:6e:6b:3a:85:44:c7:9e:70:02:bb:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6fa23a52645c96db0ddb14d24f6b4f0559fbe2b
        Validity
            Not Before: Jun 22 16:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5ee6037b03920c2c07d6879a24c94118e20cd3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:fa:3a:09:87:35:20:72:d4:bc:69:c0:e6:a5:
                    43:74:36:31:ad:5f:30:23:24:ac:56:40:a3:b6:79:
                    f8:e9:87:f6:ff:9e:cb:51:92:57:c0:bd:a2:26:5b:
                    e3:3c:d8:74:72:66:43:2e:da:47:bd:49:53:40:76:
                    16:5c:f5:5d:c8:84:f8:cb:e1:2b:3e:40:de:f1:59:
                    56:5a:e6:fa:d7:de:0a:e7:d6:27:ba:68:5b:74:34:
                    f1:1a:1c:5e:3b:d4:d4:9c:e1:e1:1d:4e:b3:7f:4f:
                    81:32:8e:f6:b7:f2:ba:9b:43:29:50:3d:7f:7c:5d:
                    70:70:06:66:43:f1:37:e8:26:59:48:fe:b3:af:95:
                    3d:36:3e:12:6d:59:8b:36:64:a2:b8:66:51:ef:b4:
                    2d:ff:d1:fc:f2:5c:ae:58:a3:92:2b:ae:f1:dd:5d:
                    72:51:4b:be:e6:e9:76:b7:2d:b0:a9:47:b3:68:eb:
                    cb:77:dd:21:08:9e:3f:8e:d4:06:a0:19:21:9b:ae:
                    5e:41:51:94:14:0c:47:fd:39:68:c0:76:79:88:de:
                    a7:3a:64:8d:1d:30:f9:5e:f1:2e:68:9a:45:46:cc:
                    1b:7e:82:e8:14:79:24:62:20:47:75:5c:30:64:33:
                    75:d4:af:03:97:7e:bb:40:74:a3:e5:06:c5:65:68:
                    49:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:EE:60:37:B0:39:20:C2:C0:7D:68:79:A2:4C:94:11:8E:20:CD:3B
            X509v3 Authority Key Identifier:
                keyid:F6:FA:23:A5:26:45:C9:6D:B0:DD:B1:4D:24:F6:B4:F0:55:9F:BE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9vojpSZFyW2w3bFNJPa08FWfvis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/0496ba-97ba-4022-ab63-23d42d922943/1/1e5gN7A5IMLAfWh5okyUEY4gzTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/0496ba-97ba-4022-ab63-23d42d922943/1/9vojpSZFyW2w3bFNJPa08FWfvis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.223.0/24
                IPv6:
                  2a01:f6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:3c:06:b9:a2:69:7a:0a:e1:e0:a6:cc:18:6e:54:ae:c1:b0:
         2f:56:e7:8d:4b:2d:c2:7f:6d:dd:4b:e0:c0:b9:77:57:ab:99:
         9f:19:10:5d:b0:33:c5:bf:43:68:8c:25:48:73:2c:47:ec:81:
         02:7a:5b:98:f2:5b:b2:c8:ae:36:b2:3d:b3:05:17:74:ff:95:
         84:1e:74:1f:be:9a:9d:f2:e7:5e:9b:82:b4:77:3c:b9:4a:12:
         fb:cf:ca:6c:24:ef:6d:53:13:26:06:a9:eb:37:49:73:31:bc:
         96:27:4f:88:aa:52:3e:a5:23:60:05:4f:8d:03:5f:0a:49:b1:
         40:7d:a2:ed:8f:6e:73:0f:4b:63:76:1e:5d:e5:34:f5:d7:bd:
         be:9d:8e:88:09:ae:b5:cd:c0:8c:ee:0c:7c:b9:eb:d6:50:7c:
         89:12:12:60:73:eb:d3:18:c8:d8:d1:4c:0f:c0:6f:85:dd:28:
         20:3c:e2:6b:c5:20:60:43:f6:c0:b6:be:96:2e:c3:f2:0d:e9:
         1e:c8:40:0f:07:01:11:87:3c:bc:f8:84:87:4e:71:79:60:80:
         19:e4:6e:3e:59:e1:b5:5a:67:5b:9b:b9:17:63:da:0d:d2:76:
         2a:e9:e5:8f:ac:03:aa:02:6d:63:c4:68:53:26:24:00:96:33:
         49:bb:6a:c2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ7wIGTTh25rOoVEx55wAruDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2ZmEyM2E1MjY0NWM5NmRiMGRkYjE0ZDI0ZjZiNGYwNTU5
ZmJlMmIwHhcNMjYwNjIyMTYxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWVlNjAzN2IwMzkyMGMyYzA3ZDY4NzlhMjRjOTQxMThlMjBjZDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fo6CYc1IHLUvGnA5qVDdDYxrV8w
IySsVkCjtnn46Yf2/57LUZJXwL2iJlvjPNh0cmZDLtpHvUlTQHYWXPVdyIT4y+Er
PkDe8VlWWub6194K59YnumhbdDTxGhxeO9TUnOHhHU6zf0+BMo72t/K6m0MpUD1/
fF1wcAZmQ/E36CZZSP6zr5U9Nj4SbVmLNmSiuGZR77Qt/9H88lyuWKOSK67x3V1y
UUu+5ul2ty2wqUezaOvLd90hCJ4/jtQGoBkhm65eQVGUFAxH/TlowHZ5iN6nOmSN
HTD5XvEuaJpFRswbfoLoFHkkYiBHdVwwZDN11K8Dl367QHSj5QbFZWhJvQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNXuYDewOSDCwH1oeaJMlBGOIM07MB8GA1UdIwQY
MBaAFPb6I6UmRcltsN2xTST2tPBVn74rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXZvanBTWkZ5VzJ3M2JGTkpQYTA4RldmdmlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8wNDk2YmEtOTdiYS00MDIyLWFiNjMt
MjNkNDJkOTIyOTQzLzEvMWU1Z043QTVJTUxBZldoNW9reVVFWTRnelRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8wNDk2YmEtOTdiYS00MDIyLWFiNjMtMjNkNDJkOTIyOTQz
LzEvOXZvanBTWkZ5VzJ3M2JGTkpQYTA4RldmdmlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQATV/fMA0E
AgACMAcDBQMqAfbAMA0GCSqGSIb3DQEBCwUAA4IBAQBGPAa5oml6CuHgpswYblSu
wbAvVueNSy3Cf23dS+DAuXdXq5mfGRBdsDPFv0NojCVIcyxH7IECeluY8luyyK42
sj2zBRd0/5WEHnQfvpqd8udem4K0dzy5ShL7z8psJO9tUxMmBqnrN0lzMbyWJ0+I
qlI+pSNgBU+NA18KSbFAfaLtj25zD0tjdh5d5TT1172+nY6ICa61zcCM7gx8uevW
UHyJEhJgc+vTGMjY0UwPwG+F3SggPOJrxSBgQ/bAtr6WLsPyDekeyEAPBwERhzy8
+ISHTnF5YIAZ5G4+WeG1Wmdbm7kXY9oN0nYq6eWPrAOqAm1jxGhTJiQAljNJu2rC
-----END CERTIFICATE-----