Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/acf2e6-c8dd-48c4-8389-a18550a69f66/1/1-ijVMFl6GCcC6GGP7jpRptAbkME.roa
File:                     1-ijVMFl6GCcC6GGP7jpRptAbkME.roa (raw, json)
Hash identifier:          6WwqDb4fLLuH7fqrOWTiw7oz+ZLJGp2PJoPRlWydUCs=
Subject key identifier:   FA:28:D5:30:59:7A:18:27:02:E8:61:8F:EE:3A:51:A6:D0:1B:90:C1
Certificate issuer:       /CN=fdd9422de96203e5d873e0995591a3a690dd3d92
Certificate serial:       019DBB0566F6159F3734CF6E1F4F98292C06
Authority key identifier: FD:D9:42:2D:E9:62:03:E5:D8:73:E0:99:55:91:A3:A6:90:DD:3D:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dlCLeliA-XYc-CZVZGjppDdPZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/acf2e6-c8dd-48c4-8389-a18550a69f66/1/1-ijVMFl6GCcC6GGP7jpRptAbkME.roa
Signing time:             Thu 23 Apr 2026 15:46:26 +0000
ROA not before:           Thu 23 Apr 2026 15:46:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203462
IP address blocks:        77.83.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/acf2e6-c8dd-48c4-8389-a18550a69f66/1/_dlCLeliA-XYc-CZVZGjppDdPZI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/acf2e6-c8dd-48c4-8389-a18550a69f66/1/_dlCLeliA-XYc-CZVZGjppDdPZI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dlCLeliA-XYc-CZVZGjppDdPZI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bb:05:66:f6:15:9f:37:34:cf:6e:1f:4f:98:29:2c:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd9422de96203e5d873e0995591a3a690dd3d92
        Validity
            Not Before: Apr 23 15:46:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fa28d530597a182702e8618fee3a51a6d01b90c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:98:ca:df:80:0a:cd:ff:91:e4:bc:25:2a:40:
                    d1:db:d2:77:b2:c4:56:88:cc:df:be:0c:d1:1c:fa:
                    30:a2:c0:a7:99:33:f5:ae:b0:dd:0d:fa:6a:85:5f:
                    3c:c8:26:1c:4d:eb:a7:fa:36:6b:2e:22:4a:ef:4a:
                    8d:f1:8b:5f:41:ad:71:d1:7a:b5:7d:ae:e7:bd:5b:
                    9f:7c:33:72:c5:54:3e:c6:5a:11:55:8b:3b:07:9e:
                    49:64:cf:6f:25:75:ba:96:26:34:90:a8:8a:4a:87:
                    8d:cb:45:90:d4:cd:9b:51:54:89:28:9c:73:9b:b5:
                    da:09:7b:91:dd:37:c5:14:7c:f6:89:f8:23:b9:58:
                    93:65:fa:5f:48:b3:4f:1d:c2:77:84:0c:fa:38:47:
                    67:bc:c8:05:d7:0c:74:c3:e7:05:3e:62:6a:60:5e:
                    d4:99:6e:5a:69:9b:e0:56:d8:c5:a7:a4:c5:58:d1:
                    98:b5:7e:35:c6:3f:24:04:6d:67:f4:d5:01:74:cd:
                    30:6a:93:91:79:42:36:10:38:68:e1:03:46:f1:d6:
                    4e:99:e6:d4:8b:0a:e5:d9:6d:a6:77:dc:a3:5a:80:
                    f1:f1:a4:8d:fd:7a:80:93:d7:2a:8b:39:03:8a:79:
                    a3:b7:e3:b0:79:1d:8c:5e:b5:7b:95:a4:8d:e5:7b:
                    64:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:28:D5:30:59:7A:18:27:02:E8:61:8F:EE:3A:51:A6:D0:1B:90:C1
            X509v3 Authority Key Identifier:
                keyid:FD:D9:42:2D:E9:62:03:E5:D8:73:E0:99:55:91:A3:A6:90:DD:3D:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dlCLeliA-XYc-CZVZGjppDdPZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/acf2e6-c8dd-48c4-8389-a18550a69f66/1/1-ijVMFl6GCcC6GGP7jpRptAbkME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/acf2e6-c8dd-48c4-8389-a18550a69f66/1/_dlCLeliA-XYc-CZVZGjppDdPZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:56:ce:7c:29:ff:7c:d3:45:eb:96:7d:40:06:27:2a:66:d4:
         ed:dd:af:55:26:f1:54:6a:80:b7:21:37:2b:02:13:6b:2e:05:
         21:76:34:d5:82:be:1a:30:3f:0c:81:6a:75:89:de:89:94:18:
         40:7d:65:91:33:db:7b:dd:83:8d:3b:6b:10:35:b5:31:4e:0b:
         95:cc:33:fb:31:ce:ba:89:42:4a:63:85:0a:48:0e:b8:95:c5:
         25:c9:43:88:81:28:1b:4c:cc:8e:58:09:5f:d5:18:7d:4a:bd:
         aa:87:92:f0:53:5a:ec:4a:1d:73:95:dc:4b:8a:e4:69:5e:30:
         92:64:b7:b2:42:18:49:72:4f:b7:0c:3a:ad:6b:52:bf:71:42:
         15:84:33:70:af:37:1c:14:9c:6c:c2:1a:9a:bc:74:15:40:9e:
         5a:8f:ef:1b:36:d4:b9:68:c6:f1:4f:8b:f3:83:33:02:6f:a5:
         55:7c:32:4d:eb:af:bf:8d:8c:81:a1:3f:5e:64:ae:c7:6f:94:
         d3:05:dc:08:09:6f:d7:da:92:71:b4:8f:17:cc:b7:ad:08:4b:
         8c:e4:cb:d3:1a:b0:dc:ed:94:41:e8:28:c6:56:14:7b:70:c5:
         e7:94:ac:cd:d1:fb:02:ff:28:99:bf:94:c6:26:bf:04:e1:ed:
         f4:af:32:b5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ27BWb2FZ83NM9uH0+YKSwGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDk0MjJkZTk2MjAzZTVkODczZTA5OTU1OTFhM2E2OTBk
ZDNkOTIwHhcNMjYwNDIzMTU0NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTI4ZDUzMDU5N2ExODI3MDJlODYxOGZlZTNhNTFhNmQwMWI5MGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pjK34AKzf+R5LwlKkDR29J3ssRW
iMzfvgzRHPowosCnmTP1rrDdDfpqhV88yCYcTeun+jZrLiJK70qN8YtfQa1x0Xq1
fa7nvVuffDNyxVQ+xloRVYs7B55JZM9vJXW6liY0kKiKSoeNy0WQ1M2bUVSJKJxz
m7XaCXuR3TfFFHz2ifgjuViTZfpfSLNPHcJ3hAz6OEdnvMgF1wx0w+cFPmJqYF7U
mW5aaZvgVtjFp6TFWNGYtX41xj8kBG1n9NUBdM0wapOReUI2EDho4QNG8dZOmebU
iwrl2W2md9yjWoDx8aSN/XqAk9cqizkDinmjt+OweR2MXrV7laSN5XtkCwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPoo1TBZehgnAuhhj+46UabQG5DBMB8GA1UdIwQY
MBaAFP3ZQi3pYgPl2HPgmVWRo6aQ3T2SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RsQ0xlbGlBLVhZYy1DWlZaR2pwcERkUFpJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9hY2YyZTYtYzhkZC00OGM0LTgzODkt
YTE4NTUwYTY5ZjY2LzEvMS1palZNRmw2R0NjQzZHR1A3anBScHRBYmtNRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjIvYWNmMmU2LWM4ZGQtNDhjNC04Mzg5LWExODU1MGE2OWY2
Ni8xL19kbENMZWxpQS1YWWMtQ1pWWkdqcHBEZFBaSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE1TQjAN
BgkqhkiG9w0BAQsFAAOCAQEAA1bOfCn/fNNF65Z9QAYnKmbU7d2vVSbxVGqAtyE3
KwITay4FIXY01YK+GjA/DIFqdYneiZQYQH1lkTPbe92DjTtrEDW1MU4Llcwz+zHO
uolCSmOFCkgOuJXFJclDiIEoG0zMjlgJX9UYfUq9qoeS8FNa7Eodc5XcS4rkaV4w
kmS3skIYSXJPtww6rWtSv3FCFYQzcK83HBScbMIamrx0FUCeWo/vGzbUuWjG8U+L
84MzAm+lVXwyTeuvv42MgaE/XmSux2+U0wXcCAlv19qScbSPF8y3rQhLjOTL0xqw
3O2UQegoxlYUe3DF55SszdH7Av8omb+Uxia/BOHt9K8ytQ==
-----END CERTIFICATE-----