Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/KpPJD-1MgTPINo40sCf6r7Pg44U.roa
File:                     KpPJD-1MgTPINo40sCf6r7Pg44U.roa (raw, json)
Hash identifier:          WsEMDdkoE+VeXF9NdximWFcXsnk76ydby7UNHuoOk5U=
Subject key identifier:   2A:93:C9:0F:ED:4C:81:33:C8:36:8E:34:B0:27:FA:AF:B3:E0:E3:85
Certificate issuer:       /CN=d4ce2bf0001cd430e9277fb00ed1abe51c0b5c7c
Certificate serial:       019C28DC948D2A9BA387CA33DC30302540CC
Authority key identifier: D4:CE:2B:F0:00:1C:D4:30:E9:27:7F:B0:0E:D1:AB:E5:1C:0B:5C:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/KpPJD-1MgTPINo40sCf6r7Pg44U.roa
Signing time:             Wed 04 Feb 2026 13:34:30 +0000
ROA not before:           Wed 04 Feb 2026 13:34:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55154
IP address blocks:        77.110.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 14:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:28:dc:94:8d:2a:9b:a3:87:ca:33:dc:30:30:25:40:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4ce2bf0001cd430e9277fb00ed1abe51c0b5c7c
        Validity
            Not Before: Feb  4 13:34:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a93c90fed4c8133c8368e34b027faafb3e0e385
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:1f:c5:8c:8c:f1:eb:22:95:4c:17:43:4f:7a:
                    0c:64:f1:fc:54:9b:7d:a0:11:b1:1b:17:2a:5a:cc:
                    83:dc:e0:c0:f2:ef:8f:a2:d8:d8:10:8d:bc:9c:10:
                    8f:14:a1:0f:b2:57:e4:8f:a2:09:0b:2a:90:b9:0f:
                    97:00:89:77:ca:01:0d:1e:7a:03:75:81:45:ce:3a:
                    21:93:08:82:70:1b:b0:2e:a9:e3:92:64:3d:7c:30:
                    81:45:ec:ae:38:19:6a:69:a6:eb:5b:dd:6f:2c:21:
                    7d:24:36:bc:08:6b:cf:e2:28:65:cb:66:69:b4:61:
                    2d:1d:28:39:34:36:07:ed:f7:4c:dd:79:06:d2:35:
                    4e:a6:d7:d8:a8:e4:05:5f:d2:53:2d:da:5c:ca:ae:
                    9a:94:7d:1b:c8:4d:58:83:ad:ba:d9:0d:24:bb:34:
                    3b:d7:ff:88:ae:ab:4f:e2:5a:2b:27:ee:f7:3f:22:
                    7d:d6:f5:3f:1c:92:be:ab:38:b6:96:88:5f:57:b6:
                    5c:f1:e7:b8:3a:e1:6f:53:cc:be:40:18:e7:79:f7:
                    5b:9c:0b:21:e2:e8:80:52:22:a7:eb:dd:c7:75:0e:
                    b9:1d:d4:cd:82:8d:40:a6:9c:e5:46:21:bd:e3:f8:
                    1c:d0:e8:95:88:e1:25:61:ae:60:33:66:36:7e:42:
                    13:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:93:C9:0F:ED:4C:81:33:C8:36:8E:34:B0:27:FA:AF:B3:E0:E3:85
            X509v3 Authority Key Identifier:
                keyid:D4:CE:2B:F0:00:1C:D4:30:E9:27:7F:B0:0E:D1:AB:E5:1C:0B:5C:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/KpPJD-1MgTPINo40sCf6r7Pg44U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.110.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:b6:be:dc:bc:33:fc:54:d8:17:56:92:86:c2:61:0b:43:55:
         a3:cf:1d:63:6e:ab:e7:bb:12:e9:14:f4:ba:93:28:c8:4e:f0:
         26:6d:6f:09:e8:73:9a:45:56:fd:3f:36:6a:b9:37:f9:c4:c0:
         e7:df:92:9a:8c:6a:9b:ce:90:ef:99:42:7b:96:77:16:ec:b0:
         53:17:7e:0e:41:3e:a6:0e:8d:d3:b0:1f:d0:60:02:d2:71:c0:
         d7:e6:5d:c2:14:04:c1:69:64:cd:41:d6:b4:a1:77:7b:d0:e5:
         04:8d:a2:40:2d:9d:34:3e:8f:da:ed:38:43:5c:77:26:de:70:
         21:16:0d:44:f2:88:2d:39:cc:a4:1f:30:b1:06:fe:17:6d:32:
         09:97:96:2b:91:09:c2:5c:7c:68:a7:d3:37:08:c3:e3:1d:0a:
         1a:d3:e3:6b:c4:65:b1:fb:a0:76:ad:5d:7a:8f:13:83:31:d0:
         21:16:0a:8f:c9:27:29:a7:73:b8:7b:09:7c:19:4d:a4:4e:58:
         94:46:5a:32:a5:45:cb:04:a7:cd:78:c9:b9:c7:59:27:8e:28:
         5f:5a:18:43:7d:18:3d:03:41:2c:53:e9:f1:2b:7a:7f:9f:54:
         6c:38:02:f1:bc:f7:99:24:6a:17:bd:62:a7:5f:07:37:20:a0:
         6f:1e:db:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwo3JSNKpujh8oz3DAwJUDMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Y2UyYmYwMDAxY2Q0MzBlOTI3N2ZiMDBlZDFhYmU1MWMw
YjVjN2MwHhcNMjYwMjA0MTMzNDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTkzYzkwZmVkNGM4MTMzYzgzNjhlMzRiMDI3ZmFhZmIzZTBlMzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5x/FjIzx6yKVTBdDT3oMZPH8VJt9
oBGxGxcqWsyD3ODA8u+PotjYEI28nBCPFKEPslfkj6IJCyqQuQ+XAIl3ygENHnoD
dYFFzjohkwiCcBuwLqnjkmQ9fDCBReyuOBlqaabrW91vLCF9JDa8CGvP4ihly2Zp
tGEtHSg5NDYH7fdM3XkG0jVOptfYqOQFX9JTLdpcyq6alH0byE1Yg6262Q0kuzQ7
1/+IrqtP4lorJ+73PyJ91vU/HJK+qzi2lohfV7Zc8ee4OuFvU8y+QBjnefdbnAsh
4uiAUiKn693HdQ65HdTNgo1AppzlRiG94/gc0OiViOElYa5gM2Y2fkITSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqTyQ/tTIEzyDaONLAn+q+z4OOFMB8GA1UdIwQY
MBaAFNTOK/AAHNQw6Sd/sA7Rq+UcC1x8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU00cjhBQWMxRERwSjMtd0R0R3I1UndMWEh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9iYTBiZDMtYjM2NS00NDYxLThmZmEt
MWY1NDMxZTJhNWFmLzEvS3BQSkQtMU1nVFBJTm80MHNDZjZyN1BnNDRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9iYTBiZDMtYjM2NS00NDYxLThmZmEtMWY1NDMxZTJhNWFm
LzEvMU00cjhBQWMxRERwSjMtd0R0R3I1UndMWEh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATW5CMA0G
CSqGSIb3DQEBCwUAA4IBAQBJtr7cvDP8VNgXVpKGwmELQ1Wjzx1jbqvnuxLpFPS6
kyjITvAmbW8J6HOaRVb9PzZquTf5xMDn35KajGqbzpDvmUJ7lncW7LBTF34OQT6m
Do3TsB/QYALSccDX5l3CFATBaWTNQda0oXd70OUEjaJALZ00Po/a7ThDXHcm3nAh
Fg1E8ogtOcykHzCxBv4XbTIJl5YrkQnCXHxop9M3CMPjHQoa0+NrxGWx+6B2rV16
jxODMdAhFgqPyScpp3O4ewl8GU2kTliURloypUXLBKfNeMm5x1knjihfWhhDfRg9
A0EsU+nxK3p/n1RsOALxvPeZJGoXvWKnXwc3IKBvHtv0
-----END CERTIFICATE-----