Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/Xb74_mxC58qckaHte1VFV4EbES8.roa
File:                     Xb74_mxC58qckaHte1VFV4EbES8.roa (raw, json)
Hash identifier:          bHLl4jzDn9SqUhje+ZibMWhomIBMoABBlLHUs8yypwk=
Subject key identifier:   5D:BE:F8:FE:6C:42:E7:CA:9C:91:A1:ED:7B:55:45:57:81:1B:11:2F
Certificate issuer:       /CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
Certificate serial:       019CF6AA6BCD7BFEA9A52E3EA0AD282309FD
Authority key identifier: 0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/Xb74_mxC58qckaHte1VFV4EbES8.roa
Signing time:             Mon 16 Mar 2026 12:41:29 +0000
ROA not before:           Mon 16 Mar 2026 12:41:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41965
IP address blocks:        77.95.188.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 25 Mar 2026 15:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f6:aa:6b:cd:7b:fe:a9:a5:2e:3e:a0:ad:28:23:09:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
        Validity
            Not Before: Mar 16 12:41:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5dbef8fe6c42e7ca9c91a1ed7b554557811b112f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:01:b0:c6:ab:58:cc:43:29:63:5f:56:92:5f:
                    2f:47:81:20:e8:9d:89:61:e9:8c:32:fd:09:fb:ec:
                    42:bc:6c:c0:7f:6d:5d:ac:0b:2a:44:26:63:83:2d:
                    b5:10:ce:f8:63:07:61:65:88:72:d5:9d:35:28:74:
                    8e:20:95:ec:f5:ca:f4:80:3c:20:c7:06:66:3b:dc:
                    19:1e:61:38:ab:c0:7b:a9:40:42:0b:b5:fb:d2:2e:
                    d3:cc:c5:de:03:2a:89:23:17:49:9c:c2:fd:03:d5:
                    74:31:07:7f:4c:75:fb:86:07:2c:43:7d:d1:33:67:
                    c6:a5:9c:c2:d8:df:05:9c:75:53:d8:0a:60:c0:3c:
                    d2:d3:84:13:91:28:29:7a:ad:4c:17:b9:08:5f:b2:
                    0e:25:f4:bd:49:62:ed:7f:f5:81:1b:32:68:42:82:
                    f6:f0:62:24:63:9c:4f:af:a5:a9:88:b7:a0:42:17:
                    c2:fd:8b:1f:06:cc:d0:db:33:42:76:81:2a:2f:c5:
                    bc:10:cf:3b:8e:a2:61:e8:b5:5e:ef:c8:1e:be:42:
                    53:68:3e:3e:08:ef:32:c9:61:c5:0c:d1:48:40:ee:
                    60:98:ac:30:f9:55:24:74:76:ba:41:eb:86:ec:87:
                    17:65:d8:e6:ea:4c:d0:e3:91:c5:ed:64:f0:dc:37:
                    3e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:BE:F8:FE:6C:42:E7:CA:9C:91:A1:ED:7B:55:45:57:81:1B:11:2F
            X509v3 Authority Key Identifier:
                keyid:0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/Xb74_mxC58qckaHte1VFV4EbES8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:da:db:7c:3c:c0:fc:ba:45:3f:74:30:7a:d4:73:6e:7d:1a:
         e4:d4:b6:a1:38:91:88:cc:b1:ca:76:49:cf:e1:2c:4e:a5:ca:
         bc:84:6b:8a:3e:bc:f2:85:57:81:28:88:0d:82:da:60:2b:51:
         cf:95:72:f5:99:8a:8e:34:68:d7:6f:e6:fb:43:cc:71:04:4f:
         85:e7:3e:c7:b5:f3:c8:0e:e9:eb:1d:83:ba:2b:81:2c:06:6f:
         04:99:b5:f7:54:04:52:32:a8:49:bb:65:b2:ca:71:ee:3e:49:
         b9:de:11:40:ea:a1:53:e8:95:d7:90:cf:32:5b:34:35:dd:40:
         1d:cb:96:1b:79:4b:df:c0:9f:ff:3f:6d:94:8a:54:5d:fe:97:
         df:dc:8a:29:77:d7:2a:1d:b8:7f:ab:53:42:c7:f4:f9:74:8a:
         9e:19:93:55:c8:93:4a:91:1f:43:85:37:16:d0:23:13:a5:13:
         93:d7:fe:20:ec:14:22:38:90:8c:f2:80:3c:35:e2:08:57:59:
         c6:0f:a4:2a:22:e8:c7:79:5f:7d:5e:b5:61:37:f7:c7:38:96:
         bb:a2:11:bf:19:aa:19:24:bc:71:d8:64:c8:76:1b:ca:b1:bb:
         6d:57:b0:90:f2:74:a6:c8:5f:36:0b:13:91:75:38:ab:8f:19:
         c3:9d:26:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz2qmvNe/6ppS4+oK0oIwn9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNzVmYjRmNTJhODI5ZDEzNmUyOWE5YTAyNWM2MzZkMTlh
ZTMyOGUwHhcNMjYwMzE2MTI0MTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGJlZjhmZTZjNDJlN2NhOWM5MWExZWQ3YjU1NDU1NzgxMWIxMTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmgGwxqtYzEMpY19Wkl8vR4Eg6J2J
YemMMv0J++xCvGzAf21drAsqRCZjgy21EM74YwdhZYhy1Z01KHSOIJXs9cr0gDwg
xwZmO9wZHmE4q8B7qUBCC7X70i7TzMXeAyqJIxdJnML9A9V0MQd/THX7hgcsQ33R
M2fGpZzC2N8FnHVT2ApgwDzS04QTkSgpeq1MF7kIX7IOJfS9SWLtf/WBGzJoQoL2
8GIkY5xPr6WpiLegQhfC/YsfBszQ2zNCdoEqL8W8EM87jqJh6LVe78gevkJTaD4+
CO8yyWHFDNFIQO5gmKww+VUkdHa6QeuG7IcXZdjm6kzQ45HF7WTw3Dc+lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF2++P5sQufKnJGh7XtVRVeBGxEvMB8GA1UdIwQY
MBaAFA51+09SqCnRNuKamgJcY20ZrjKOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYt
MzViYTI2N2RlZDNiLzEvWGI3NF9teEM1OHFja2FIdGUxVkZWNEViRVM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYtMzViYTI2N2RlZDNi
LzEvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTV+8MA0G
CSqGSIb3DQEBCwUAA4IBAQB02tt8PMD8ukU/dDB61HNufRrk1LahOJGIzLHKdknP
4SxOpcq8hGuKPrzyhVeBKIgNgtpgK1HPlXL1mYqONGjXb+b7Q8xxBE+F5z7HtfPI
DunrHYO6K4EsBm8EmbX3VARSMqhJu2WyynHuPkm53hFA6qFT6JXXkM8yWzQ13UAd
y5YbeUvfwJ//P22UilRd/pff3Iopd9cqHbh/q1NCx/T5dIqeGZNVyJNKkR9DhTcW
0CMTpROT1/4g7BQiOJCM8oA8NeIIV1nGD6QqIujHeV99XrVhN/fHOJa7ohG/GaoZ
JLxx2GTIdhvKsbttV7CQ8nSmyF82CxORdTirjxnDnSar
-----END CERTIFICATE-----