Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/0496ba-97ba-4022-ab63-23d42d922943/1/Y05s2C2gAhXtNYGjGMDlYLY9J1o.roa
File:                     Y05s2C2gAhXtNYGjGMDlYLY9J1o.roa (raw, json)
Hash identifier:          iorVZeRHEyFOVeQ+otFT4qEcKzaY5W8TFT5LOqiFu0k=
Subject key identifier:   63:4E:6C:D8:2D:A0:02:15:ED:35:81:A3:18:C0:E5:60:B6:3D:27:5A
Certificate issuer:       /CN=f6fa23a52645c96db0ddb14d24f6b4f0559fbe2b
Certificate serial:       019CB6AEACFE97490081E0AA76E8092FB56A
Authority key identifier: F6:FA:23:A5:26:45:C9:6D:B0:DD:B1:4D:24:F6:B4:F0:55:9F:BE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9vojpSZFyW2w3bFNJPa08FWfvis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/0496ba-97ba-4022-ab63-23d42d922943/1/Y05s2C2gAhXtNYGjGMDlYLY9J1o.roa
Signing time:             Wed 04 Mar 2026 02:30:26 +0000
ROA not before:           Wed 04 Mar 2026 02:30:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215886
IP address blocks:        77.95.223.0/24 maxlen: 24
                          2a01:f6c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/0496ba-97ba-4022-ab63-23d42d922943/1/9vojpSZFyW2w3bFNJPa08FWfvis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/0496ba-97ba-4022-ab63-23d42d922943/1/9vojpSZFyW2w3bFNJPa08FWfvis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9vojpSZFyW2w3bFNJPa08FWfvis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Mar 2026 10:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b6:ae:ac:fe:97:49:00:81:e0:aa:76:e8:09:2f:b5:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6fa23a52645c96db0ddb14d24f6b4f0559fbe2b
        Validity
            Not Before: Mar  4 02:30:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=634e6cd82da00215ed3581a318c0e560b63d275a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:66:02:ac:67:c7:ca:58:b4:5c:c2:36:14:54:
                    c9:b9:88:f0:0a:d2:10:ab:56:fb:b0:2a:f5:d8:04:
                    0b:f5:e4:87:77:de:ef:e5:36:d9:9f:42:98:c8:98:
                    b8:3d:68:08:22:81:18:f7:65:33:b9:33:8c:72:c7:
                    20:ee:82:48:6c:ab:03:b4:d0:67:0e:33:b9:c1:b9:
                    fc:85:48:06:73:b9:50:0f:96:aa:95:40:42:39:80:
                    d7:5c:49:a3:a4:0e:de:3e:a8:fc:40:da:be:ff:37:
                    04:43:80:f1:92:38:3b:72:46:5e:aa:d6:61:d7:26:
                    db:56:4b:30:3a:5e:d8:cd:00:58:46:c1:e6:d0:36:
                    fb:2b:8f:b5:e2:93:42:cc:4a:16:81:b8:c4:26:7f:
                    69:9e:95:7f:ce:57:0f:7e:61:6f:02:b9:c6:25:5c:
                    a9:56:aa:c5:a8:77:51:70:b3:44:e7:e3:5e:24:77:
                    cb:5a:2b:31:61:98:07:34:23:85:a3:1d:02:c1:69:
                    f1:f6:d4:e6:b2:f2:35:4e:68:74:cd:81:d4:9b:a1:
                    37:94:fb:65:ea:ce:15:82:9c:32:5b:ed:05:e2:39:
                    87:93:de:32:93:5e:a6:48:01:8a:7f:b5:8e:f5:cb:
                    54:4e:29:09:6c:ec:66:49:e7:70:df:06:69:bf:a8:
                    b0:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:4E:6C:D8:2D:A0:02:15:ED:35:81:A3:18:C0:E5:60:B6:3D:27:5A
            X509v3 Authority Key Identifier:
                keyid:F6:FA:23:A5:26:45:C9:6D:B0:DD:B1:4D:24:F6:B4:F0:55:9F:BE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9vojpSZFyW2w3bFNJPa08FWfvis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/0496ba-97ba-4022-ab63-23d42d922943/1/Y05s2C2gAhXtNYGjGMDlYLY9J1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/0496ba-97ba-4022-ab63-23d42d922943/1/9vojpSZFyW2w3bFNJPa08FWfvis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.223.0/24
                IPv6:
                  2a01:f6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:82:3f:92:bb:60:5b:f4:1a:48:89:65:66:cb:da:50:2b:8b:
         92:03:db:39:25:7c:98:a6:d5:31:d3:ba:25:8c:34:a3:1f:29:
         54:bc:f3:bf:da:39:f4:79:35:21:04:b4:83:77:d9:0d:3e:aa:
         0d:f3:2b:ef:28:88:2f:a8:a0:55:d0:17:3c:02:64:80:2c:41:
         d2:1b:f7:0d:95:2d:76:90:7b:cb:15:5b:21:f6:cd:11:32:11:
         c5:6d:68:3d:89:cb:24:75:fa:c8:30:38:f9:7c:ba:23:59:63:
         23:b2:23:f8:d9:d5:d0:98:c4:96:a2:07:01:33:ad:f1:38:c2:
         88:71:e1:17:2d:c9:5e:76:30:20:df:8e:92:9e:86:24:28:b7:
         94:76:77:1a:2d:13:a1:92:3a:82:15:3a:e4:0f:40:e8:b9:e1:
         69:52:2b:48:00:33:e0:fb:51:c7:7f:36:ef:cd:ec:75:ee:9d:
         a2:d7:5e:65:50:2d:ae:cb:47:75:7b:fd:53:93:d5:af:41:fa:
         0c:73:e3:be:4f:df:29:a2:5d:4d:8b:1b:35:b4:12:dc:e7:6a:
         0c:5e:eb:85:7d:e8:75:4f:e2:ac:33:86:35:17:8f:c0:af:f1:
         19:48:30:24:9c:93:45:26:8c:9e:c9:fd:6b:58:d3:9a:75:f7:
         78:cc:9d:0c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZy2rqz+l0kAgeCqdugJL7VqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2ZmEyM2E1MjY0NWM5NmRiMGRkYjE0ZDI0ZjZiNGYwNTU5
ZmJlMmIwHhcNMjYwMzA0MDIzMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzRlNmNkODJkYTAwMjE1ZWQzNTgxYTMxOGMwZTU2MGI2M2QyNzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5GYCrGfHyli0XMI2FFTJuYjwCtIQ
q1b7sCr12AQL9eSHd97v5TbZn0KYyJi4PWgIIoEY92UzuTOMcscg7oJIbKsDtNBn
DjO5wbn8hUgGc7lQD5aqlUBCOYDXXEmjpA7ePqj8QNq+/zcEQ4Dxkjg7ckZeqtZh
1ybbVkswOl7YzQBYRsHm0Db7K4+14pNCzEoWgbjEJn9pnpV/zlcPfmFvArnGJVyp
VqrFqHdRcLNE5+NeJHfLWisxYZgHNCOFox0CwWnx9tTmsvI1Tmh0zYHUm6E3lPtl
6s4VgpwyW+0F4jmHk94yk16mSAGKf7WO9ctUTikJbOxmSedw3wZpv6iwuwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGNObNgtoAIV7TWBoxjA5WC2PSdaMB8GA1UdIwQY
MBaAFPb6I6UmRcltsN2xTST2tPBVn74rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXZvanBTWkZ5VzJ3M2JGTkpQYTA4RldmdmlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8wNDk2YmEtOTdiYS00MDIyLWFiNjMt
MjNkNDJkOTIyOTQzLzEvWTA1czJDMmdBaFh0TllHakdNRGxZTFk5SjFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8wNDk2YmEtOTdiYS00MDIyLWFiNjMtMjNkNDJkOTIyOTQz
LzEvOXZvanBTWkZ5VzJ3M2JGTkpQYTA4RldmdmlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQATV/fMA0E
AgACMAcDBQMqAfbAMA0GCSqGSIb3DQEBCwUAA4IBAQB9gj+Su2Bb9BpIiWVmy9pQ
K4uSA9s5JXyYptUx07oljDSjHylUvPO/2jn0eTUhBLSDd9kNPqoN8yvvKIgvqKBV
0Bc8AmSALEHSG/cNlS12kHvLFVsh9s0RMhHFbWg9icskdfrIMDj5fLojWWMjsiP4
2dXQmMSWogcBM63xOMKIceEXLcledjAg346SnoYkKLeUdncaLROhkjqCFTrkD0Do
ueFpUitIADPg+1HHfzbvzex17p2i115lUC2uy0d1e/1Tk9WvQfoMc+O+T98pol1N
ixs1tBLc52oMXuuFfeh1T+KsM4Y1F4/Ar/EZSDAknJNFJoyeyf1rWNOadfd4zJ0M
-----END CERTIFICATE-----