Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/0_YG0sgTnEeCqR2GAlSUn6s_pA0.roa
File:                     0_YG0sgTnEeCqR2GAlSUn6s_pA0.roa (raw, json)
Hash identifier:          koqyIZ24dqKTmkVL8pxW4jxU1mXt25HHPfUDLD2rz9s=
Subject key identifier:   D3:F6:06:D2:C8:13:9C:47:82:A9:1D:86:02:54:94:9F:AB:3F:A4:0D
Certificate issuer:       /CN=f2e160f0ce5e035af3cb21f4dfd04eab9ea7ee51
Certificate serial:       019EB361CD4A6E5FC0716B2FBF861D62184F
Authority key identifier: F2:E1:60:F0:CE:5E:03:5A:F3:CB:21:F4:DF:D0:4E:AB:9E:A7:EE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8uFg8M5eA1rzyyH039BOq56n7lE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/0_YG0sgTnEeCqR2GAlSUn6s_pA0.roa
Signing time:             Wed 10 Jun 2026 21:13:11 +0000
ROA not before:           Wed 10 Jun 2026 21:13:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212171
IP address blocks:        77.91.101.0/24 maxlen: 24
                          77.91.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/8uFg8M5eA1rzyyH039BOq56n7lE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/8uFg8M5eA1rzyyH039BOq56n7lE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8uFg8M5eA1rzyyH039BOq56n7lE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b3:61:cd:4a:6e:5f:c0:71:6b:2f:bf:86:1d:62:18:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2e160f0ce5e035af3cb21f4dfd04eab9ea7ee51
        Validity
            Not Before: Jun 10 21:13:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3f606d2c8139c4782a91d860254949fab3fa40d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:18:71:dc:8f:eb:49:e2:9f:5f:29:0d:af:31:
                    9f:ba:e8:d2:db:2c:d4:59:a3:ba:fb:7b:14:a1:ce:
                    38:3b:ed:17:50:88:6d:aa:e6:f3:23:7b:0a:94:d6:
                    46:79:e2:83:1f:a5:89:8c:04:9f:1e:5d:32:01:3d:
                    2d:a1:a4:4c:0e:cd:af:9e:bb:d9:22:a6:5f:4d:f3:
                    79:21:d3:77:8c:bd:79:3c:32:26:af:a3:7e:48:3f:
                    3f:98:0b:ca:38:54:b5:70:8c:b6:ea:59:30:f2:b8:
                    07:df:2f:a2:ca:88:bb:3e:2d:04:15:46:59:6c:34:
                    5b:ef:f9:ea:de:c2:04:5b:fa:a5:08:14:3f:23:62:
                    06:07:c0:85:9a:2c:f4:2f:a4:5b:fd:d8:36:d8:72:
                    99:ab:b2:30:15:41:11:f3:3f:09:bb:34:9e:c3:4e:
                    7d:16:f1:eb:ae:f8:2f:db:59:46:d5:40:f7:80:e2:
                    e7:29:77:7b:97:e9:e7:0f:5e:33:d3:d2:84:f0:1e:
                    a0:07:07:2b:09:66:82:9e:37:2f:7d:90:ac:b6:6f:
                    5a:bf:36:a6:c4:a6:3f:13:bc:ce:1d:fe:6d:01:23:
                    75:1b:15:69:c5:14:d9:bf:f6:20:1f:0a:a8:6a:72:
                    88:f7:5c:1a:cf:ff:1d:5b:78:d1:8a:63:eb:69:1d:
                    f4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:F6:06:D2:C8:13:9C:47:82:A9:1D:86:02:54:94:9F:AB:3F:A4:0D
            X509v3 Authority Key Identifier:
                keyid:F2:E1:60:F0:CE:5E:03:5A:F3:CB:21:F4:DF:D0:4E:AB:9E:A7:EE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8uFg8M5eA1rzyyH039BOq56n7lE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/0_YG0sgTnEeCqR2GAlSUn6s_pA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/8uFg8M5eA1rzyyH039BOq56n7lE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.101.0/24
                  77.91.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:3d:92:ad:8d:11:89:fc:77:43:8d:96:17:e8:05:31:26:62:
         f1:4a:0e:53:1e:55:b4:8a:b4:18:05:44:39:1a:70:85:62:96:
         10:bd:ec:b1:8e:23:50:b4:18:5f:8f:dd:d3:6d:c8:be:a6:01:
         75:e9:27:94:0e:fd:a6:c5:cd:c8:9c:43:e1:4e:87:66:b1:b9:
         0b:7c:10:a0:20:7a:dc:ca:08:e0:86:c3:0b:da:67:1f:3c:d5:
         c4:a3:9c:58:58:74:ef:1a:d3:d9:52:00:47:4b:21:84:a2:ab:
         e7:e6:13:7f:73:43:dd:c6:af:4d:1e:93:44:ea:a8:08:cf:f1:
         7f:99:0f:ce:87:55:83:60:16:a5:37:98:ca:c3:92:51:86:d3:
         43:f5:85:ac:29:bf:2a:24:48:67:f8:47:e4:27:d1:43:3d:32:
         91:e8:5c:24:c7:3f:06:30:63:08:07:f4:71:e4:72:4b:0a:bf:
         43:70:90:5c:ca:45:e1:e8:b3:b6:16:a8:41:27:7e:54:35:2d:
         da:e3:9e:12:b8:8a:97:a9:27:b2:db:33:a5:03:e2:1a:8a:38:
         ea:d2:96:6b:07:54:fb:f3:e0:2c:55:e9:c9:76:4e:85:1b:a7:
         a6:25:ec:4b:da:fe:41:fa:8b:05:75:12:b1:9f:18:05:ec:0f:
         59:2e:14:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6zYc1Kbl/AcWsvv4YdYhhPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZTE2MGYwY2U1ZTAzNWFmM2NiMjFmNGRmZDA0ZWFiOWVh
N2VlNTEwHhcNMjYwNjEwMjExMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2Y2MDZkMmM4MTM5YzQ3ODJhOTFkODYwMjU0OTQ5ZmFiM2ZhNDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRhx3I/rSeKfXykNrzGfuujS2yzU
WaO6+3sUoc44O+0XUIhtqubzI3sKlNZGeeKDH6WJjASfHl0yAT0toaRMDs2vnrvZ
IqZfTfN5IdN3jL15PDImr6N+SD8/mAvKOFS1cIy26lkw8rgH3y+iyoi7Pi0EFUZZ
bDRb7/nq3sIEW/qlCBQ/I2IGB8CFmiz0L6Rb/dg22HKZq7IwFUER8z8JuzSew059
FvHrrvgv21lG1UD3gOLnKXd7l+nnD14z09KE8B6gBwcrCWaCnjcvfZCstm9avzam
xKY/E7zOHf5tASN1GxVpxRTZv/YgHwqoanKI91waz/8dW3jRimPraR30vQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNP2BtLIE5xHgqkdhgJUlJ+rP6QNMB8GA1UdIwQY
MBaAFPLhYPDOXgNa88sh9N/QTquep+5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHVGZzhNNWVBMXJ6eXlIMDM5Qk9xNTZuN2xFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8zYjE1NDQtNGI1MC00Njg0LWFiNzUt
ZmNlMjE0YzZmZmRhLzEvMF9ZRzBzZ1RuRWVDcVIyR0FsU1VuNnNfcEEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8zYjE1NDQtNGI1MC00Njg0LWFiNzUtZmNlMjE0YzZmZmRh
LzEvOHVGZzhNNWVBMXJ6eXlIMDM5Qk9xNTZuN2xFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVtlAwQA
TVt7MA0GCSqGSIb3DQEBCwUAA4IBAQDOPZKtjRGJ/HdDjZYX6AUxJmLxSg5THlW0
irQYBUQ5GnCFYpYQveyxjiNQtBhfj93Tbci+pgF16SeUDv2mxc3InEPhTodmsbkL
fBCgIHrcygjghsML2mcfPNXEo5xYWHTvGtPZUgBHSyGEoqvn5hN/c0Pdxq9NHpNE
6qgIz/F/mQ/Oh1WDYBalN5jKw5JRhtND9YWsKb8qJEhn+EfkJ9FDPTKR6Fwkxz8G
MGMIB/Rx5HJLCr9DcJBcykXh6LO2FqhBJ35UNS3a454SuIqXqSey2zOlA+Iaijjq
0pZrB1T78+AsVenJdk6FG6emJexL2v5B+osFdRKxnxgF7A9ZLhRM
-----END CERTIFICATE-----