Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/QnwEQNJONfRgugyz52hrbIsGjKw.roa
File:                     QnwEQNJONfRgugyz52hrbIsGjKw.roa (raw, json)
Hash identifier:          ujzbdZK17uNgG/iljB/4V3obdFhJIVE1lhFuIhLSv0M=
Subject key identifier:   42:7C:04:40:D2:4E:35:F4:60:BA:0C:B3:E7:68:6B:6C:8B:06:8C:AC
Certificate issuer:       /CN=07afdcd5e97ac1c102479c954d5f922b126cbc14
Certificate serial:       019EE52F147B1B7BF8AD6E1D2FF7E2757672
Authority key identifier: 07:AF:DC:D5:E9:7A:C1:C1:02:47:9C:95:4D:5F:92:2B:12:6C:BC:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B6_c1el6wcECR5yVTV-SKxJsvBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/QnwEQNJONfRgugyz52hrbIsGjKw.roa
Signing time:             Sat 20 Jun 2026 13:18:48 +0000
ROA not before:           Sat 20 Jun 2026 13:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214922
IP address blocks:        77.237.90.0/24 maxlen: 24
                          185.14.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/B6_c1el6wcECR5yVTV-SKxJsvBQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/B6_c1el6wcECR5yVTV-SKxJsvBQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B6_c1el6wcECR5yVTV-SKxJsvBQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Jun 2026 17:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:e5:2f:14:7b:1b:7b:f8:ad:6e:1d:2f:f7:e2:75:76:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07afdcd5e97ac1c102479c954d5f922b126cbc14
        Validity
            Not Before: Jun 20 13:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=427c0440d24e35f460ba0cb3e7686b6c8b068cac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:88:e3:1a:cb:ac:2f:28:61:0e:00:bc:7f:ca:
                    05:dc:2f:8b:90:97:1a:b7:f5:d4:0a:7f:53:b7:f3:
                    f8:ae:36:6f:09:ff:2e:e2:79:0b:85:6f:11:6a:1f:
                    6a:f0:08:85:b8:0a:93:f5:e3:77:25:a2:10:67:2d:
                    af:5d:06:f8:51:02:50:e9:e0:0a:d7:3b:5e:f6:5f:
                    74:b9:ec:51:9e:d3:36:93:a9:c3:7e:6d:6f:d4:fa:
                    fd:31:6e:8b:db:12:b8:be:4b:4d:6b:97:cb:24:79:
                    19:57:4a:e7:eb:37:43:2e:56:69:0f:12:17:31:1b:
                    a3:8c:5e:1d:a8:86:76:37:78:fe:54:eb:d9:2b:25:
                    c7:87:d3:85:66:06:ee:71:e3:21:8d:da:34:e0:60:
                    02:5e:ca:ce:7e:48:9a:d1:68:71:6c:15:be:5c:73:
                    a2:ed:dd:71:0c:80:43:5c:c8:e3:7c:56:8d:dd:b1:
                    0e:84:64:e1:90:7f:24:99:90:f8:65:9e:a9:6f:44:
                    27:30:ca:93:60:ce:45:ca:3b:0a:96:cb:66:db:80:
                    73:d8:fe:83:ef:2f:3a:8c:1c:32:f5:ce:7d:6a:81:
                    6b:3a:96:24:b9:2a:9a:e0:74:4d:a5:40:70:92:3a:
                    f7:43:f5:d1:ec:56:ac:33:20:a2:9a:1f:2f:6f:8a:
                    2d:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:7C:04:40:D2:4E:35:F4:60:BA:0C:B3:E7:68:6B:6C:8B:06:8C:AC
            X509v3 Authority Key Identifier:
                keyid:07:AF:DC:D5:E9:7A:C1:C1:02:47:9C:95:4D:5F:92:2B:12:6C:BC:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B6_c1el6wcECR5yVTV-SKxJsvBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/QnwEQNJONfRgugyz52hrbIsGjKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/B6_c1el6wcECR5yVTV-SKxJsvBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.237.90.0/24
                  185.14.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:04:3a:a1:75:57:d5:83:f3:2b:75:32:1d:ad:f8:e2:46:b0:
         5e:b8:9b:7b:71:22:60:7c:31:34:a6:f6:22:06:0b:a1:61:d2:
         3b:f4:e9:08:93:f3:23:0b:0f:a3:4e:2e:82:70:1a:7d:af:0d:
         13:70:42:ef:21:31:ea:14:d3:37:68:cf:0b:b6:5a:b0:b3:fc:
         a1:d3:a3:c1:32:84:20:c0:05:c3:23:21:07:65:ed:b3:31:f5:
         20:dd:47:7f:be:98:9c:62:88:78:1a:bc:ac:d3:bb:ff:1c:46:
         01:c4:f1:9e:e9:a2:e3:b8:da:b2:75:99:9e:03:7a:d6:72:5c:
         00:fd:e6:07:19:a3:40:ac:1b:44:3d:ac:91:f1:7b:2e:64:50:
         cb:55:e7:63:ed:b0:10:8a:40:8c:48:0a:52:dd:26:34:64:62:
         1c:50:a8:b0:43:93:7d:ab:ae:21:2f:24:07:97:07:25:d7:86:
         9f:4f:46:d6:81:26:39:80:6d:4f:b4:7d:b4:6b:57:74:b6:1f:
         81:9b:de:cb:7e:84:96:82:69:57:42:92:de:15:47:72:e6:5e:
         b2:8a:20:bc:80:83:47:41:87:27:ae:a1:3d:78:6a:94:df:e6:
         9c:30:15:13:f0:87:4e:44:56:aa:75:0a:2e:2d:36:ef:11:f5:
         52:f0:c0:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7lLxR7G3v4rW4dL/fidXZyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YWZkY2Q1ZTk3YWMxYzEwMjQ3OWM5NTRkNWY5MjJiMTI2
Y2JjMTQwHhcNMjYwNjIwMTMxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjdjMDQ0MGQyNGUzNWY0NjBiYTBjYjNlNzY4NmI2YzhiMDY4Y2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYjjGsusLyhhDgC8f8oF3C+LkJca
t/XUCn9Tt/P4rjZvCf8u4nkLhW8Rah9q8AiFuAqT9eN3JaIQZy2vXQb4UQJQ6eAK
1zte9l90uexRntM2k6nDfm1v1Pr9MW6L2xK4vktNa5fLJHkZV0rn6zdDLlZpDxIX
MRujjF4dqIZ2N3j+VOvZKyXHh9OFZgbuceMhjdo04GACXsrOfkia0WhxbBW+XHOi
7d1xDIBDXMjjfFaN3bEOhGThkH8kmZD4ZZ6pb0QnMMqTYM5FyjsKlstm24Bz2P6D
7y86jBwy9c59aoFrOpYkuSqa4HRNpUBwkjr3Q/XR7FasMyCimh8vb4otvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEJ8BEDSTjX0YLoMs+doa2yLBoysMB8GA1UdIwQY
MBaAFAev3NXpesHBAkeclU1fkisSbLwUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjZfYzFlbDZ3Y0VDUjV5VlRWLVNLeEpzdkJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8wZTI3NDQtZjY0Ni00NDI5LWEyNWEt
ZmY2ODUxNzc3MGU0LzEvUW53RVFOSk9OZlJndWd5ejUyaHJiSXNHakt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8wZTI3NDQtZjY0Ni00NDI5LWEyNWEtZmY2ODUxNzc3MGU0
LzEvQjZfYzFlbDZ3Y0VDUjV5VlRWLVNLeEpzdkJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATe1aAwQA
uQ6gMA0GCSqGSIb3DQEBCwUAA4IBAQAsBDqhdVfVg/MrdTIdrfjiRrBeuJt7cSJg
fDE0pvYiBguhYdI79OkIk/MjCw+jTi6CcBp9rw0TcELvITHqFNM3aM8Ltlqws/yh
06PBMoQgwAXDIyEHZe2zMfUg3Ud/vpicYoh4Grys07v/HEYBxPGe6aLjuNqydZme
A3rWclwA/eYHGaNArBtEPayR8XsuZFDLVedj7bAQikCMSApS3SY0ZGIcUKiwQ5N9
q64hLyQHlwcl14afT0bWgSY5gG1PtH20a1d0th+Bm97LfoSWgmlXQpLeFUdy5l6y
iiC8gINHQYcnrqE9eGqU3+acMBUT8IdORFaqdQouLTbvEfVS8MCg
-----END CERTIFICATE-----