Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/IvWiiV5ILnAmX9Q-8itgrpcojv4.roa
File:                     IvWiiV5ILnAmX9Q-8itgrpcojv4.roa (raw, json)
Hash identifier:          aX7hhH6LvU7Tc6UesWOlmI9jnITWXoPpgS7Ldt2hNRo=
Subject key identifier:   22:F5:A2:89:5E:48:2E:70:26:5F:D4:3E:F2:2B:60:AE:97:28:8E:FE
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019D4B9938DDA1D09FD20E9801D7A0EACA96
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/IvWiiV5ILnAmX9Q-8itgrpcojv4.roa
Signing time:             Thu 02 Apr 2026 00:30:25 +0000
ROA not before:           Thu 02 Apr 2026 00:30:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        77.81.1.0/24 maxlen: 24
                          89.32.130.0/24 maxlen: 24
                          89.32.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 Apr 2026 00:30:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4b:99:38:dd:a1:d0:9f:d2:0e:98:01:d7:a0:ea:ca:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Apr  2 00:30:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=22f5a2895e482e70265fd43ef22b60ae97288efe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d8:f8:f3:69:c7:49:d4:76:08:62:a2:e4:31:
                    ed:ba:6f:a2:00:49:9e:55:72:20:51:f0:0a:fc:b6:
                    d2:3f:1c:f7:0b:d5:d9:ee:f8:a1:e5:2a:d1:cf:24:
                    ea:55:36:89:f5:1c:a5:f4:e8:7f:7e:f8:9f:a8:51:
                    a3:ba:38:b4:42:d2:47:35:a8:9f:09:7c:0d:2f:45:
                    09:04:9d:d8:46:18:56:72:b4:75:5a:e9:f9:3d:3d:
                    ef:12:aa:fd:78:c4:47:63:dc:6c:18:de:ec:23:e3:
                    c4:92:c1:31:db:99:97:46:0a:49:b9:53:5a:b2:96:
                    7b:de:fb:91:3c:44:86:54:1e:a7:53:5f:95:c7:ed:
                    99:81:4f:3d:af:d9:34:2f:a9:cd:e0:15:60:03:5a:
                    bb:4f:18:51:01:74:f0:ff:00:8f:38:7b:58:83:62:
                    a0:47:ff:c3:89:a6:1a:b6:ab:65:8c:3c:c4:a7:d9:
                    93:b6:84:02:05:eb:54:a3:a7:5c:a9:fa:40:b4:2b:
                    73:ec:54:bf:aa:86:72:ae:31:57:31:2b:e6:b6:10:
                    8c:4d:a1:92:4b:e2:ac:70:d5:cb:16:00:c7:44:1a:
                    6b:b2:ca:73:ed:79:5f:d5:1a:bb:c5:28:d7:2b:76:
                    47:1a:49:58:72:fc:ee:01:e9:86:b4:df:1d:3e:36:
                    b5:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:F5:A2:89:5E:48:2E:70:26:5F:D4:3E:F2:2B:60:AE:97:28:8E:FE
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/IvWiiV5ILnAmX9Q-8itgrpcojv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.1.0/24
                  89.32.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:6e:7d:13:31:c4:26:2b:cd:58:5e:11:69:00:ae:20:64:9e:
         26:e8:9d:8a:b5:b0:59:0a:96:f2:b7:3c:7e:0f:9d:84:fe:0b:
         86:af:99:59:05:db:a2:d6:2d:8a:80:eb:32:7c:ca:78:75:b0:
         4d:62:7f:70:de:0f:a0:c0:8d:8b:02:8e:b5:b2:76:47:03:88:
         08:a8:6c:e5:9e:13:a4:22:05:fe:73:c7:50:4d:01:74:75:f3:
         81:b7:01:de:9b:b8:09:43:15:49:62:5f:6d:d8:71:5f:42:c7:
         d0:09:6d:1d:04:a8:5d:bf:34:02:50:2f:6f:79:0b:cb:3b:71:
         cb:ce:3e:73:a1:fd:b1:bf:a4:e6:be:9c:75:df:d1:6e:95:97:
         fb:49:6a:7c:d3:3a:95:07:ce:48:4b:d9:71:7a:f5:b4:02:1f:
         47:a6:59:fb:83:66:2b:aa:0b:04:af:ba:d8:c6:1d:08:7c:61:
         57:00:d8:b4:96:e2:ef:7a:05:d8:de:31:93:2b:c3:9f:4f:dc:
         00:8e:d6:d0:50:0c:7f:4a:ac:a2:ca:75:df:e3:bf:b5:6f:80:
         57:52:91:a2:ed:ea:4a:2c:ab:10:1e:7d:58:e6:9e:1e:a0:3d:
         a9:9c:4b:73:b5:7a:d3:a8:0c:ab:65:dd:22:66:ef:af:f4:ea:
         06:35:7f:cf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1LmTjdodCf0g6YAdeg6sqWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjYwNDAyMDAzMDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmY1YTI4OTVlNDgyZTcwMjY1ZmQ0M2VmMjJiNjBhZTk3Mjg4ZWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdj482nHSdR2CGKi5DHtum+iAEme
VXIgUfAK/LbSPxz3C9XZ7vih5SrRzyTqVTaJ9Ryl9Oh/fvifqFGjuji0QtJHNaif
CXwNL0UJBJ3YRhhWcrR1Wun5PT3vEqr9eMRHY9xsGN7sI+PEksEx25mXRgpJuVNa
spZ73vuRPESGVB6nU1+Vx+2ZgU89r9k0L6nN4BVgA1q7TxhRAXTw/wCPOHtYg2Kg
R//DiaYatqtljDzEp9mTtoQCBetUo6dcqfpAtCtz7FS/qoZyrjFXMSvmthCMTaGS
S+KscNXLFgDHRBprsspz7Xlf1Rq7xSjXK3ZHGklYcvzuAemGtN8dPja1lwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCL1ooleSC5wJl/UPvIrYK6XKI7+MB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvSXZXaWlWNUlMbkFtWDlRLThpdGdycGNvanY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVEBAwQB
WSCCMA0GCSqGSIb3DQEBCwUAA4IBAQA3bn0TMcQmK81YXhFpAK4gZJ4m6J2KtbBZ
Cpbytzx+D52E/guGr5lZBdui1i2KgOsyfMp4dbBNYn9w3g+gwI2LAo61snZHA4gI
qGzlnhOkIgX+c8dQTQF0dfOBtwHem7gJQxVJYl9t2HFfQsfQCW0dBKhdvzQCUC9v
eQvLO3HLzj5zof2xv6Tmvpx139FulZf7SWp80zqVB85IS9lxevW0Ah9Hpln7g2Yr
qgsEr7rYxh0IfGFXANi0luLvegXY3jGTK8OfT9wAjtbQUAx/SqyiynXf47+1b4BX
UpGi7epKLKsQHn1Y5p4eoD2pnEtztXrTqAyrZd0iZu+v9OoGNX/P
-----END CERTIFICATE-----