Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/bH6Rp8oLzQfcEZdWSipTjG3yb98.roa
File:                     bH6Rp8oLzQfcEZdWSipTjG3yb98.roa (raw, json)
Hash identifier:          ung9FdB8/q7OCXPwQr0KssFo8gVDxqtIgDbWQrfA9Qw=
Subject key identifier:   6C:7E:91:A7:CA:0B:CD:07:DC:11:97:56:4A:2A:53:8C:6D:F2:6F:DF
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019D5BE54A79EE4B3A180706F854EA7063AC
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/bH6Rp8oLzQfcEZdWSipTjG3yb98.roa
Signing time:             Sun 05 Apr 2026 04:27:26 +0000
ROA not before:           Sun 05 Apr 2026 04:27:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60345
IP address blocks:        77.90.55.0/24 maxlen: 24
                          89.144.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5b:e5:4a:79:ee:4b:3a:18:07:06:f8:54:ea:70:63:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr  5 04:27:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c7e91a7ca0bcd07dc1197564a2a538c6df26fdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ff:08:2e:45:18:0d:08:d7:8a:6c:70:02:4d:
                    6a:84:04:f1:1c:4a:e8:63:ae:aa:b0:0a:e6:8e:49:
                    96:ae:7d:2d:97:93:5b:64:f4:5e:97:5d:ad:97:3e:
                    65:cb:e2:b3:44:e8:13:90:83:f0:53:28:d8:ed:09:
                    e6:02:27:80:fc:a9:25:00:ba:a0:ea:d3:15:b6:ec:
                    ed:83:29:eb:66:d4:3a:df:75:9a:d5:ff:d4:52:eb:
                    97:32:ee:44:9b:84:9a:65:bb:2e:3b:fc:e7:91:8c:
                    55:80:98:dd:f3:e6:7b:a9:b6:06:4b:3c:57:84:3f:
                    0f:4c:c8:f2:4a:23:0d:7a:2b:b9:be:5e:0f:61:7b:
                    f6:79:f0:82:b7:92:83:60:8e:2e:84:94:bb:9f:78:
                    f8:e7:90:21:f6:f0:9f:18:ac:1d:24:db:08:a9:8d:
                    07:68:ad:cd:2b:86:0c:21:d4:82:0b:1c:a1:74:0e:
                    c7:20:d3:ad:21:c2:88:c0:0e:fb:67:1a:97:5b:68:
                    70:ce:6c:54:7a:20:c4:ba:90:b6:b6:7b:ee:23:f4:
                    dd:dc:99:6f:05:73:ef:a0:9f:e5:2b:25:1c:62:17:
                    7b:c2:68:8e:6a:df:fd:b3:6f:3f:ef:bd:f4:fc:df:
                    9b:6c:05:9e:5c:24:0b:c3:4c:0b:24:01:43:35:5a:
                    8b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:7E:91:A7:CA:0B:CD:07:DC:11:97:56:4A:2A:53:8C:6D:F2:6F:DF
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/bH6Rp8oLzQfcEZdWSipTjG3yb98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.55.0/24
                  89.144.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:da:f9:b2:c6:66:9b:ef:10:a0:8e:43:b5:ca:a6:dd:9c:95:
         2e:21:af:07:17:c5:96:c1:76:73:b2:ed:6c:20:f0:f7:d5:53:
         27:27:fe:94:a9:bb:0e:c5:72:92:cb:10:cb:2e:49:3e:18:74:
         03:e3:94:fa:14:02:fc:81:55:93:d7:27:6f:55:59:99:35:21:
         89:3c:74:cd:ba:6f:45:da:36:f9:05:30:dc:82:0f:36:90:7c:
         fa:aa:f9:4e:03:88:62:f3:58:b4:86:77:5a:55:27:44:4a:79:
         43:98:f7:a4:6c:b8:61:e1:25:d6:2c:d6:25:65:6e:1d:84:a8:
         40:06:64:3b:f5:26:eb:7b:7b:77:4e:03:fa:31:6c:b0:6d:e0:
         60:5d:04:8d:91:0b:21:ca:71:de:e9:8b:e4:56:df:4d:29:f9:
         4d:0f:12:23:c0:b2:9e:bf:e4:21:de:05:56:6a:ee:38:8c:aa:
         df:5c:40:b1:a1:fe:96:90:bc:0f:39:dd:66:79:00:12:f3:0a:
         c9:b7:12:6b:46:11:9c:c9:24:7a:c8:fb:b6:6f:47:8e:a5:9c:
         f0:41:0e:a5:18:ab:39:c4:3c:0d:04:fa:4a:70:7d:36:e5:e5:
         c5:3f:94:6e:34:2b:b2:5d:d4:e1:64:9e:88:91:b8:18:58:41:
         2b:00:b0:0a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1b5Up57ks6GAcG+FTqcGOsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNDA1MDQyNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzdlOTFhN2NhMGJjZDA3ZGMxMTk3NTY0YTJhNTM4YzZkZjI2ZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuf8ILkUYDQjXimxwAk1qhATxHEro
Y66qsArmjkmWrn0tl5NbZPRel12tlz5ly+KzROgTkIPwUyjY7QnmAieA/KklALqg
6tMVtuztgynrZtQ633Wa1f/UUuuXMu5Em4SaZbsuO/znkYxVgJjd8+Z7qbYGSzxX
hD8PTMjySiMNeiu5vl4PYXv2efCCt5KDYI4uhJS7n3j455Ah9vCfGKwdJNsIqY0H
aK3NK4YMIdSCCxyhdA7HINOtIcKIwA77ZxqXW2hwzmxUeiDEupC2tnvuI/Td3Jlv
BXPvoJ/lKyUcYhd7wmiOat/9s28/7730/N+bbAWeXCQLw0wLJAFDNVqLdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGx+kafKC80H3BGXVkoqU4xt8m/fMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvYkg2UnA4b0x6UWZjRVpkV1NpcFRqRzN5Yjk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVo3AwQA
WZApMA0GCSqGSIb3DQEBCwUAA4IBAQCw2vmyxmab7xCgjkO1yqbdnJUuIa8HF8WW
wXZzsu1sIPD31VMnJ/6UqbsOxXKSyxDLLkk+GHQD45T6FAL8gVWT1ydvVVmZNSGJ
PHTNum9F2jb5BTDcgg82kHz6qvlOA4hi81i0hndaVSdESnlDmPekbLhh4SXWLNYl
ZW4dhKhABmQ79Sbre3t3TgP6MWywbeBgXQSNkQshynHe6YvkVt9NKflNDxIjwLKe
v+Qh3gVWau44jKrfXECxof6WkLwPOd1meQAS8wrJtxJrRhGcySR6yPu2b0eOpZzw
QQ6lGKs5xDwNBPpKcH025eXFP5RuNCuyXdThZJ6IkbgYWEErALAK
-----END CERTIFICATE-----