Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/Ak6u31He6A4CRCNJ-mPt0nCtwZU.roa
File:                     Ak6u31He6A4CRCNJ-mPt0nCtwZU.roa (raw, json)
Hash identifier:          7MkMOyLE5GlfXjuXXJbB4yn5qJnSvZNuEM4M9yp+Ggg=
Subject key identifier:   02:4E:AE:DF:51:DE:E8:0E:02:44:23:49:FA:63:ED:D2:70:AD:C1:95
Certificate issuer:       /CN=aa44eb091b3a33a87beb8e004ab15ef178fbaa00
Certificate serial:       019DD3F78D7671481226AF9B6EA0D3E90C71
Authority key identifier: AA:44:EB:09:1B:3A:33:A8:7B:EB:8E:00:4A:B1:5E:F1:78:FB:AA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qkTrCRs6M6h7644ASrFe8Xj7qgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/Ak6u31He6A4CRCNJ-mPt0nCtwZU.roa
Signing time:             Tue 28 Apr 2026 12:01:49 +0000
ROA not before:           Tue 28 Apr 2026 12:01:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214856
IP address blocks:        77.105.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/qkTrCRs6M6h7644ASrFe8Xj7qgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/qkTrCRs6M6h7644ASrFe8Xj7qgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qkTrCRs6M6h7644ASrFe8Xj7qgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 04:02:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:f7:8d:76:71:48:12:26:af:9b:6e:a0:d3:e9:0c:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa44eb091b3a33a87beb8e004ab15ef178fbaa00
        Validity
            Not Before: Apr 28 12:01:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=024eaedf51dee80e02442349fa63edd270adc195
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:19:fc:b8:b9:fb:ae:a8:68:f8:4f:7d:46:ca:
                    e4:85:8f:71:5a:39:7f:98:bf:7e:1a:cf:e2:e2:38:
                    ec:4d:07:02:4c:1b:99:e0:29:0d:8b:6f:b7:ac:af:
                    72:39:58:3d:86:3a:2e:ae:6f:6f:11:87:48:18:34:
                    a3:11:a6:ec:a2:2b:56:6e:c0:7b:96:7a:d0:b7:5e:
                    12:86:29:8a:2a:44:8a:7b:d1:00:1d:10:85:2f:70:
                    6a:b7:63:1a:56:9b:f0:e2:1b:b4:86:8e:c3:2d:2f:
                    ee:db:9f:4c:c6:87:39:40:78:e0:1b:22:38:85:63:
                    cb:8b:a0:e6:df:cb:8a:f4:17:18:44:91:b6:38:a1:
                    1a:4e:c6:dc:c5:8c:6b:b1:2f:63:eb:8f:fe:e5:e3:
                    4c:50:86:7f:b0:29:30:66:2f:0e:7c:be:a0:e0:6f:
                    44:d7:49:93:e0:fa:11:f7:e9:08:33:ac:c7:d1:99:
                    1f:c3:70:32:bc:28:c4:aa:c3:cf:4b:a7:86:b9:40:
                    97:62:c6:5e:ce:f4:49:80:49:88:e4:6a:65:7e:6a:
                    e6:e7:7a:b4:60:b7:7b:3f:2d:44:84:5b:1d:af:f2:
                    76:e7:c0:b1:3b:d2:9a:9f:5d:34:41:31:a4:e0:81:
                    54:df:63:19:df:d3:d8:c1:e4:c1:4e:8c:8b:d4:93:
                    96:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:4E:AE:DF:51:DE:E8:0E:02:44:23:49:FA:63:ED:D2:70:AD:C1:95
            X509v3 Authority Key Identifier:
                keyid:AA:44:EB:09:1B:3A:33:A8:7B:EB:8E:00:4A:B1:5E:F1:78:FB:AA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qkTrCRs6M6h7644ASrFe8Xj7qgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/Ak6u31He6A4CRCNJ-mPt0nCtwZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/qkTrCRs6M6h7644ASrFe8Xj7qgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:e9:76:b4:9b:11:95:6e:16:ee:6b:d8:3a:c1:a1:1f:3e:ea:
         91:be:94:3b:7c:11:70:95:6e:a7:e2:46:1b:dc:b8:65:3b:23:
         f3:3a:e0:29:06:21:d4:b2:e7:34:ed:b3:aa:5b:75:56:61:37:
         6a:d5:6a:88:62:94:85:38:46:11:8f:5f:b4:f5:8a:98:cf:2b:
         62:6b:31:f7:07:a1:11:0c:46:1c:aa:f0:b8:15:db:46:74:25:
         68:c1:e6:6f:7c:55:08:fd:de:3a:ce:df:a6:3f:eb:89:1e:97:
         19:fc:72:1e:67:4f:1d:38:65:3d:cc:59:35:12:6a:82:1b:ce:
         78:3b:09:1e:99:79:af:e6:cb:0f:ba:ac:53:cd:c3:9a:01:4a:
         b5:bb:20:05:39:dd:6d:4c:1e:be:11:ae:82:2e:2f:73:ce:5a:
         26:4e:ec:55:37:1e:f6:34:3c:72:9d:5b:fe:be:61:7a:f5:90:
         78:03:76:52:ee:58:18:66:05:50:b9:6c:ce:48:2d:00:ef:99:
         0e:25:05:40:d2:92:3c:b4:1c:6d:93:59:bc:2d:be:a3:68:5d:
         93:f7:5f:3e:e8:b0:3f:e5:59:27:b0:5b:59:82:47:36:35:c2:
         44:73:60:9b:d8:d3:db:2f:d2:be:c8:91:58:60:4d:39:0d:ff:
         7d:f7:16:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3T9412cUgSJq+bbqDT6QxxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNDRlYjA5MWIzYTMzYTg3YmViOGUwMDRhYjE1ZWYxNzhm
YmFhMDAwHhcNMjYwNDI4MTIwMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjRlYWVkZjUxZGVlODBlMDI0NDIzNDlmYTYzZWRkMjcwYWRjMTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshn8uLn7rqho+E99RsrkhY9xWjl/
mL9+Gs/i4jjsTQcCTBuZ4CkNi2+3rK9yOVg9hjourm9vEYdIGDSjEabsoitWbsB7
lnrQt14ShimKKkSKe9EAHRCFL3Bqt2MaVpvw4hu0ho7DLS/u259Mxoc5QHjgGyI4
hWPLi6Dm38uK9BcYRJG2OKEaTsbcxYxrsS9j64/+5eNMUIZ/sCkwZi8OfL6g4G9E
10mT4PoR9+kIM6zH0Zkfw3AyvCjEqsPPS6eGuUCXYsZezvRJgEmI5Gplfmrm53q0
YLd7Py1EhFsdr/J258CxO9Kan100QTGk4IFU32MZ39PYweTBToyL1JOW/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJOrt9R3ugOAkQjSfpj7dJwrcGVMB8GA1UdIwQY
MBaAFKpE6wkbOjOoe+uOAEqxXvF4+6oAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWtUckNSczZNNmg3NjQ0QVNyRmU4WGo3cWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mYjdhN2QtMDY1NS00NTg3LThhZjkt
NzcwMGUyNWZmNzY5LzEvQWs2dTMxSGU2QTRDUkNOSi1tUHQwbkN0d1pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mYjdhN2QtMDY1NS00NTg3LThhZjktNzcwMGUyNWZmNzY5
LzEvcWtUckNSczZNNmg3NjQ0QVNyRmU4WGo3cWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATWmXMA0G
CSqGSIb3DQEBCwUAA4IBAQCE6Xa0mxGVbhbua9g6waEfPuqRvpQ7fBFwlW6n4kYb
3LhlOyPzOuApBiHUsuc07bOqW3VWYTdq1WqIYpSFOEYRj1+09YqYzytiazH3B6ER
DEYcqvC4FdtGdCVoweZvfFUI/d46zt+mP+uJHpcZ/HIeZ08dOGU9zFk1EmqCG854
OwkemXmv5ssPuqxTzcOaAUq1uyAFOd1tTB6+Ea6CLi9zzlomTuxVNx72NDxynVv+
vmF69ZB4A3ZS7lgYZgVQuWzOSC0A75kOJQVA0pI8tBxtk1m8Lb6jaF2T918+6LA/
5VknsFtZgkc2NcJEc2Cb2NPbL9K+yJFYYE05Df999xbO
-----END CERTIFICATE-----