Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/PT8f8KrDCyi-fOHRybRu5os8t7I.roa
File:                     PT8f8KrDCyi-fOHRybRu5os8t7I.roa (raw, json)
Hash identifier:          aps2zxt1lkijYJV6i+9YBPtT0emoODtU3jQBxhvYqO0=
Subject key identifier:   3D:3F:1F:F0:AA:C3:0B:28:BE:7C:E1:D1:C9:B4:6E:E6:8B:3C:B7:B2
Certificate issuer:       /CN=d4ce2bf0001cd430e9277fb00ed1abe51c0b5c7c
Certificate serial:       019D68F9464C109D3AE415AF09FE3C0F3A3A
Authority key identifier: D4:CE:2B:F0:00:1C:D4:30:E9:27:7F:B0:0E:D1:AB:E5:1C:0B:5C:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/PT8f8KrDCyi-fOHRybRu5os8t7I.roa
Signing time:             Tue 07 Apr 2026 17:24:20 +0000
ROA not before:           Tue 07 Apr 2026 17:24:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        77.110.76.0/24 maxlen: 24
                          77.110.94.0/24 maxlen: 24
                          80.71.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:68:f9:46:4c:10:9d:3a:e4:15:af:09:fe:3c:0f:3a:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4ce2bf0001cd430e9277fb00ed1abe51c0b5c7c
        Validity
            Not Before: Apr  7 17:24:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3d3f1ff0aac30b28be7ce1d1c9b46ee68b3cb7b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:83:b0:9a:f4:70:55:35:a6:78:76:f6:a7:a3:
                    90:39:84:71:11:77:16:8e:a7:f6:73:1c:97:12:b9:
                    d0:6a:f5:cf:f2:6d:e6:61:6f:e8:a8:8e:e0:f2:18:
                    fe:02:18:63:9e:52:ec:5e:b2:9e:4d:2b:4a:37:38:
                    37:27:59:2b:e3:0b:56:f7:34:11:a8:49:43:49:a2:
                    e5:7d:d5:9b:fe:31:f0:77:14:23:f2:37:66:40:bf:
                    8d:c8:f9:c8:26:d8:83:45:42:31:34:21:75:90:8f:
                    40:0e:f5:f0:0d:8a:0f:ec:df:83:b4:81:79:49:42:
                    7c:fa:66:0f:53:1c:0d:de:2c:e5:73:92:68:56:7d:
                    62:97:93:45:d4:3a:b2:55:73:dd:ca:ae:a5:0d:30:
                    e4:90:e4:33:11:88:92:f1:75:11:07:65:47:07:d3:
                    8b:27:fa:82:93:88:5e:d4:f9:d3:1f:7e:56:6d:35:
                    5c:bc:88:0c:d1:3a:d3:7f:0b:cf:85:e2:6c:98:f1:
                    da:4b:81:46:8b:88:18:17:5d:f6:33:3c:20:37:de:
                    c7:b3:86:9b:69:b2:7f:8f:67:a4:76:30:58:33:d7:
                    a5:d0:d6:5e:56:08:26:66:87:84:63:5b:7e:74:b8:
                    ed:63:7b:1c:5f:c9:cc:54:89:bd:c9:f1:59:85:5c:
                    6e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:3F:1F:F0:AA:C3:0B:28:BE:7C:E1:D1:C9:B4:6E:E6:8B:3C:B7:B2
            X509v3 Authority Key Identifier:
                keyid:D4:CE:2B:F0:00:1C:D4:30:E9:27:7F:B0:0E:D1:AB:E5:1C:0B:5C:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/PT8f8KrDCyi-fOHRybRu5os8t7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.110.76.0/24
                  77.110.94.0/24
                  80.71.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:26:60:a8:dc:2f:4e:d6:fe:65:96:79:68:a6:ad:db:4e:58:
         86:d0:cc:03:ca:5e:74:6a:ac:aa:be:1c:05:98:9a:e9:a0:18:
         82:05:6d:df:a2:53:21:73:d6:0e:b3:8c:ea:ea:d6:f7:c2:5f:
         76:ab:71:41:87:fb:a2:c6:8d:b2:06:12:00:96:68:7e:2d:a4:
         84:60:8e:ca:d4:f6:bb:8f:d0:be:f0:2d:7c:d2:12:2c:85:ec:
         c3:d7:8f:d1:88:91:e9:5f:cd:90:63:d5:a0:cc:0a:9a:87:d1:
         3d:1a:42:df:80:88:b9:4e:1c:f3:ed:4c:89:f2:10:5d:c6:8b:
         52:2c:2e:25:9f:22:7e:2a:0c:46:57:2d:25:18:ef:9b:09:23:
         98:48:38:c3:56:4c:90:fe:f1:78:36:ce:6e:c4:2f:75:03:f6:
         97:06:fa:54:93:ac:fa:4a:2f:48:8c:fa:d5:53:cb:f5:1d:7b:
         77:8c:8d:75:01:c8:c3:86:0b:15:f8:de:56:75:93:e0:f8:01:
         24:e6:97:78:a2:83:1c:6f:d4:a8:2b:b6:28:82:54:6a:7c:ef:
         4d:7d:c3:0a:44:eb:4d:fb:77:80:66:b9:03:71:62:56:d6:86:
         64:6c:1a:c8:ef:4d:dc:e9:cf:ca:51:a7:60:8a:fe:85:94:1a:
         ce:82:1c:f9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ1o+UZMEJ065BWvCf48Dzo6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Y2UyYmYwMDAxY2Q0MzBlOTI3N2ZiMDBlZDFhYmU1MWMw
YjVjN2MwHhcNMjYwNDA3MTcyNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDNmMWZmMGFhYzMwYjI4YmU3Y2UxZDFjOWI0NmVlNjhiM2NiN2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYOwmvRwVTWmeHb2p6OQOYRxEXcW
jqf2cxyXErnQavXP8m3mYW/oqI7g8hj+AhhjnlLsXrKeTStKNzg3J1kr4wtW9zQR
qElDSaLlfdWb/jHwdxQj8jdmQL+NyPnIJtiDRUIxNCF1kI9ADvXwDYoP7N+DtIF5
SUJ8+mYPUxwN3izlc5JoVn1il5NF1DqyVXPdyq6lDTDkkOQzEYiS8XURB2VHB9OL
J/qCk4he1PnTH35WbTVcvIgM0TrTfwvPheJsmPHaS4FGi4gYF132MzwgN97Hs4ab
abJ/j2ekdjBYM9el0NZeVggmZoeEY1t+dLjtY3scX8nMVIm9yfFZhVxurQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFD0/H/Cqwwsovnzh0cm0buaLPLeyMB8GA1UdIwQY
MBaAFNTOK/AAHNQw6Sd/sA7Rq+UcC1x8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU00cjhBQWMxRERwSjMtd0R0R3I1UndMWEh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9iYTBiZDMtYjM2NS00NDYxLThmZmEt
MWY1NDMxZTJhNWFmLzEvUFQ4ZjhLckRDeWktZk9IUnliUnU1b3M4dDdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9iYTBiZDMtYjM2NS00NDYxLThmZmEtMWY1NDMxZTJhNWFm
LzEvMU00cjhBQWMxRERwSjMtd0R0R3I1UndMWEh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATW5MAwQA
TW5eAwQAUEeZMA0GCSqGSIb3DQEBCwUAA4IBAQB0JmCo3C9O1v5llnlopq3bTliG
0MwDyl50aqyqvhwFmJrpoBiCBW3folMhc9YOs4zq6tb3wl92q3FBh/uixo2yBhIA
lmh+LaSEYI7K1Pa7j9C+8C180hIshezD14/RiJHpX82QY9WgzAqah9E9GkLfgIi5
Thzz7UyJ8hBdxotSLC4lnyJ+KgxGVy0lGO+bCSOYSDjDVkyQ/vF4Ns5uxC91A/aX
BvpUk6z6Si9IjPrVU8v1HXt3jI11AcjDhgsV+N5WdZPg+AEk5pd4ooMcb9SoK7Yo
glRqfO9NfcMKROtN+3eAZrkDcWJW1oZkbBrI703c6c/KUadgiv6FlBrOghz5
-----END CERTIFICATE-----