Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/v_MCckuvkmHRzh3YWE8nt-ZoR54.roa
File:                     v_MCckuvkmHRzh3YWE8nt-ZoR54.roa (raw, json)
Hash identifier:          FGgmeFbXcFcehxYNJD3aNuzFTZwBgyIrsfMAVTMWYLw=
Subject key identifier:   BF:F3:02:72:4B:AF:92:61:D1:CE:1D:D8:58:4F:27:B7:E6:68:47:9E
Certificate issuer:       /CN=f2e160f0ce5e035af3cb21f4dfd04eab9ea7ee51
Certificate serial:       019EB1C13CA69C609B06CA773B9B016F85C0
Authority key identifier: F2:E1:60:F0:CE:5E:03:5A:F3:CB:21:F4:DF:D0:4E:AB:9E:A7:EE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8uFg8M5eA1rzyyH039BOq56n7lE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/v_MCckuvkmHRzh3YWE8nt-ZoR54.roa
Signing time:             Wed 10 Jun 2026 13:38:11 +0000
ROA not before:           Wed 10 Jun 2026 13:38:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50867
IP address blocks:        77.91.112.0/24 maxlen: 24
                          77.91.113.0/24 maxlen: 24
                          77.91.114.0/24 maxlen: 24
                          77.91.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/8uFg8M5eA1rzyyH039BOq56n7lE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/8uFg8M5eA1rzyyH039BOq56n7lE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8uFg8M5eA1rzyyH039BOq56n7lE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b1:c1:3c:a6:9c:60:9b:06:ca:77:3b:9b:01:6f:85:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2e160f0ce5e035af3cb21f4dfd04eab9ea7ee51
        Validity
            Not Before: Jun 10 13:38:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bff302724baf9261d1ce1dd8584f27b7e668479e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:30:0a:10:a1:f2:2d:0d:f4:1f:ab:01:19:16:
                    5c:4b:4f:9e:cb:bf:e0:48:43:bd:ac:ce:cf:87:93:
                    88:95:b3:a9:25:86:84:00:99:18:45:be:d2:9d:8b:
                    36:72:a5:c8:1e:fa:f6:d9:96:56:48:e9:74:72:67:
                    e3:92:a0:3c:67:bd:b4:f4:43:18:99:4b:8d:85:e9:
                    73:dd:ad:60:9d:3e:55:90:19:7f:b4:7b:d4:88:01:
                    d0:5e:b9:0c:8b:da:a9:2d:18:c8:b5:91:72:a2:63:
                    95:c1:7a:32:41:b3:83:dc:51:f7:14:28:04:76:3f:
                    1c:8b:49:03:c7:3a:cf:75:57:29:0a:85:ad:75:58:
                    d9:89:30:0e:92:90:24:65:54:77:30:f7:14:8d:2f:
                    9a:4a:3f:20:e1:45:2d:37:6b:4f:6a:18:f1:2c:d1:
                    45:d7:96:81:b0:af:51:95:44:c9:1b:8a:5d:8e:e5:
                    f9:22:9e:2f:03:99:88:34:a6:91:f1:31:79:f7:23:
                    69:cf:d2:e3:a4:ed:80:93:8a:a7:e2:ae:e5:74:0d:
                    f8:6a:f2:7b:fb:dc:a9:27:d5:de:3a:2a:8c:ec:a6:
                    7c:c1:cc:e4:4a:a2:24:82:89:84:0e:02:dd:ec:74:
                    5c:22:bb:49:6b:7d:d7:12:72:9e:7b:71:90:04:a9:
                    c9:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:F3:02:72:4B:AF:92:61:D1:CE:1D:D8:58:4F:27:B7:E6:68:47:9E
            X509v3 Authority Key Identifier:
                keyid:F2:E1:60:F0:CE:5E:03:5A:F3:CB:21:F4:DF:D0:4E:AB:9E:A7:EE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8uFg8M5eA1rzyyH039BOq56n7lE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/v_MCckuvkmHRzh3YWE8nt-ZoR54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/8uFg8M5eA1rzyyH039BOq56n7lE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d1:e4:df:17:19:60:1f:18:80:a6:4d:6a:e3:66:15:1e:61:cd:
         f8:c1:57:af:f2:19:f9:78:c9:20:51:89:ef:b5:a5:5f:88:9e:
         03:d6:f1:78:2d:09:d3:bf:ae:f3:66:d9:83:3e:a9:c3:6f:ac:
         69:a5:99:bc:38:8f:22:69:c6:fa:32:fc:06:e9:53:8c:a5:fb:
         51:1c:52:e2:1d:b0:5b:f5:6b:85:da:67:95:8b:1f:6a:e7:0b:
         2e:7c:13:ee:48:1b:b2:ec:f1:cc:49:d7:d7:91:d9:07:13:4e:
         58:4f:95:6a:9b:f8:7d:ee:0c:ef:a3:43:c3:44:30:ba:91:b3:
         83:65:6b:7b:3c:47:f3:a3:48:4d:be:17:15:be:a9:1b:0a:e7:
         05:15:77:70:70:3b:e9:18:66:35:cc:3a:df:a4:16:6e:c6:a3:
         b3:ad:dd:ac:7e:39:bb:24:74:25:da:45:33:c6:5e:64:0a:a3:
         d5:de:c2:b1:62:d4:cd:7f:b8:6e:2e:61:0f:6e:3c:17:21:3b:
         60:02:1d:5b:5a:ce:85:22:c4:c1:68:94:bb:a9:01:91:9a:29:
         3e:7f:43:8f:bd:30:d1:45:6e:74:3a:a1:02:0e:9a:e0:77:7b:
         19:f2:d0:f7:0f:de:77:93:b4:c6:63:c5:e7:7c:ce:ff:09:9c:
         20:35:8e:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6xwTymnGCbBsp3O5sBb4XAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZTE2MGYwY2U1ZTAzNWFmM2NiMjFmNGRmZDA0ZWFiOWVh
N2VlNTEwHhcNMjYwNjEwMTMzODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmYzMDI3MjRiYWY5MjYxZDFjZTFkZDg1ODRmMjdiN2U2Njg0NzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTAKEKHyLQ30H6sBGRZcS0+ey7/g
SEO9rM7Ph5OIlbOpJYaEAJkYRb7SnYs2cqXIHvr22ZZWSOl0cmfjkqA8Z7209EMY
mUuNhelz3a1gnT5VkBl/tHvUiAHQXrkMi9qpLRjItZFyomOVwXoyQbOD3FH3FCgE
dj8ci0kDxzrPdVcpCoWtdVjZiTAOkpAkZVR3MPcUjS+aSj8g4UUtN2tPahjxLNFF
15aBsK9RlUTJG4pdjuX5Ip4vA5mINKaR8TF59yNpz9LjpO2Ak4qn4q7ldA34avJ7
+9ypJ9XeOiqM7KZ8wczkSqIkgomEDgLd7HRcIrtJa33XEnKee3GQBKnJiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL/zAnJLr5Jh0c4d2FhPJ7fmaEeeMB8GA1UdIwQY
MBaAFPLhYPDOXgNa88sh9N/QTquep+5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHVGZzhNNWVBMXJ6eXlIMDM5Qk9xNTZuN2xFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8zYjE1NDQtNGI1MC00Njg0LWFiNzUt
ZmNlMjE0YzZmZmRhLzEvdl9NQ2NrdXZrbUhSemgzWVdFOG50LVpvUjU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8zYjE1NDQtNGI1MC00Njg0LWFiNzUtZmNlMjE0YzZmZmRh
LzEvOHVGZzhNNWVBMXJ6eXlIMDM5Qk9xNTZuN2xFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTVtwMA0G
CSqGSIb3DQEBCwUAA4IBAQDR5N8XGWAfGICmTWrjZhUeYc34wVev8hn5eMkgUYnv
taVfiJ4D1vF4LQnTv67zZtmDPqnDb6xppZm8OI8iacb6MvwG6VOMpftRHFLiHbBb
9WuF2meVix9q5wsufBPuSBuy7PHMSdfXkdkHE05YT5Vqm/h97gzvo0PDRDC6kbOD
ZWt7PEfzo0hNvhcVvqkbCucFFXdwcDvpGGY1zDrfpBZuxqOzrd2sfjm7JHQl2kUz
xl5kCqPV3sKxYtTNf7huLmEPbjwXITtgAh1bWs6FIsTBaJS7qQGRmik+f0OPvTDR
RW50OqECDprgd3sZ8tD3D953k7TGY8XnfM7/CZwgNY48
-----END CERTIFICATE-----