Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/5q372ZYutsCUz8Adh42BDHyk-Q4.roa
File:                     5q372ZYutsCUz8Adh42BDHyk-Q4.roa (raw, json)
Hash identifier:          BchsU4eLHUNLVQAhgzCwXDrK//3ZZPqmg8lTLv3tS4U=
Subject key identifier:   E6:AD:FB:D9:96:2E:B6:C0:94:CF:C0:1D:87:8D:81:0C:7C:A4:F9:0E
Certificate issuer:       /CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
Certificate serial:       019C6DE77B7ECC1BE6DBAA457A38E75A4C53
Authority key identifier: 4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/5q372ZYutsCUz8Adh42BDHyk-Q4.roa
Signing time:             Tue 17 Feb 2026 23:20:12 +0000
ROA not before:           Tue 17 Feb 2026 23:20:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213877
IP address blocks:        77.91.84.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6d:e7:7b:7e:cc:1b:e6:db:aa:45:7a:38:e7:5a:4c:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
        Validity
            Not Before: Feb 17 23:20:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e6adfbd9962eb6c094cfc01d878d810c7ca4f90e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:82:45:5e:dc:fe:29:6b:26:9b:63:b0:46:4d:
                    9e:e8:41:2c:8e:a4:c3:40:1a:07:7d:19:9a:e5:c9:
                    a6:ac:92:48:21:c5:e9:05:92:a9:7b:af:ee:0e:0d:
                    f5:03:5b:dc:77:d6:78:cc:82:13:10:c5:28:42:0d:
                    a6:05:03:e2:8c:f4:8a:c2:64:0b:aa:8d:86:1b:97:
                    73:0e:f2:3e:f4:4d:98:41:5c:12:58:03:14:aa:cf:
                    aa:9f:41:3f:db:1a:ed:75:a1:e4:4e:27:5a:48:82:
                    d0:10:c6:50:b4:da:b3:9d:1e:85:e5:42:00:28:f1:
                    fe:0c:45:33:72:39:a2:35:92:9a:c2:bd:ac:42:fc:
                    e5:4c:e8:9b:be:90:1e:a0:2b:1d:55:7a:72:95:20:
                    42:70:39:96:ad:e5:5c:23:ad:cf:62:d1:bc:63:83:
                    56:90:ad:84:9c:80:f1:b7:c2:51:cc:7d:2b:a5:6f:
                    65:3f:18:87:bf:d3:39:23:5b:a6:39:1b:a3:85:43:
                    e3:4f:36:51:f4:67:ea:8e:d2:29:4e:91:8e:a3:49:
                    22:f5:13:fb:54:a9:05:cf:5b:4a:59:88:05:77:70:
                    db:37:0d:c8:db:eb:fa:ba:2d:81:65:e7:ba:05:59:
                    77:8e:66:05:0b:03:41:bf:88:01:54:a6:c6:cc:f3:
                    67:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:AD:FB:D9:96:2E:B6:C0:94:CF:C0:1D:87:8D:81:0C:7C:A4:F9:0E
            X509v3 Authority Key Identifier:
                keyid:4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/5q372ZYutsCUz8Adh42BDHyk-Q4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:98:21:7f:55:9a:97:70:24:2e:f8:ce:fe:20:4c:bf:01:d1:
         5b:68:d0:47:78:c2:0b:a9:e6:ab:9c:14:a9:f9:8a:83:b8:78:
         cb:cd:ec:a8:30:1d:62:2b:ee:39:1e:25:44:bb:39:f3:b4:3d:
         6c:f6:eb:9d:03:1c:9f:0c:4d:2b:0e:1f:36:90:fa:48:80:ff:
         2e:6e:0e:39:6e:2a:19:b7:13:6e:3c:95:06:59:8d:d2:e3:6e:
         a8:89:b9:23:e8:31:69:17:1b:e4:3f:6b:4a:17:58:3b:6b:9d:
         9c:40:92:95:b1:52:2d:e9:9d:20:2e:89:82:2e:60:3b:b9:e1:
         1c:6a:54:f8:f9:1a:c3:9b:6c:bd:75:6d:d5:78:01:db:40:44:
         2b:d5:9d:56:e3:29:73:e4:2a:ce:2a:23:78:9e:48:0e:15:f1:
         15:22:17:03:99:ef:8f:48:8e:4d:c3:c3:31:13:c5:e2:20:b9:
         fe:35:e2:25:0e:18:3d:27:75:ac:6e:10:b4:e3:dd:bb:8d:f2:
         bb:87:17:03:77:fe:77:67:f7:b1:23:f8:8a:7a:f7:b5:81:68:
         a2:28:74:95:64:86:95:45:91:22:04:6e:b5:21:d1:64:ef:f4:
         38:74:3d:ea:fe:58:47:1f:4f:5f:4c:44:b3:ea:d0:bd:e5:05:
         53:4d:f1:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxt53t+zBvm26pFejjnWkxTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMmQzMGIwMTVlYzRlZjFiMGQzYzY0MzQ3YzhkMWI1OTgy
OTNmODEwHhcNMjYwMjE3MjMyMDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmFkZmJkOTk2MmViNmMwOTRjZmMwMWQ4NzhkODEwYzdjYTRmOTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9IJFXtz+KWsmm2OwRk2e6EEsjqTD
QBoHfRma5cmmrJJIIcXpBZKpe6/uDg31A1vcd9Z4zIITEMUoQg2mBQPijPSKwmQL
qo2GG5dzDvI+9E2YQVwSWAMUqs+qn0E/2xrtdaHkTidaSILQEMZQtNqznR6F5UIA
KPH+DEUzcjmiNZKawr2sQvzlTOibvpAeoCsdVXpylSBCcDmWreVcI63PYtG8Y4NW
kK2EnIDxt8JRzH0rpW9lPxiHv9M5I1umORujhUPjTzZR9GfqjtIpTpGOo0ki9RP7
VKkFz1tKWYgFd3DbNw3I2+v6ui2BZee6BVl3jmYFCwNBv4gBVKbGzPNnUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOat+9mWLrbAlM/AHYeNgQx8pPkOMB8GA1UdIwQY
MBaAFE8tMLAV7E7xsNPGQ0fI0bWYKT+BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjkt
NDM1MWJiZjc0YzBjLzEvNXEzNzJaWXV0c0NVejhBZGg0MkJESHlrLVE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjktNDM1MWJiZjc0YzBj
LzEvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTVtUMA0G
CSqGSIb3DQEBCwUAA4IBAQCAmCF/VZqXcCQu+M7+IEy/AdFbaNBHeMILqearnBSp
+YqDuHjLzeyoMB1iK+45HiVEuznztD1s9uudAxyfDE0rDh82kPpIgP8ubg45bioZ
txNuPJUGWY3S426oibkj6DFpFxvkP2tKF1g7a52cQJKVsVIt6Z0gLomCLmA7ueEc
alT4+RrDm2y9dW3VeAHbQEQr1Z1W4ylz5CrOKiN4nkgOFfEVIhcDme+PSI5Nw8Mx
E8XiILn+NeIlDhg9J3WsbhC04927jfK7hxcDd/53Z/exI/iKeve1gWiiKHSVZIaV
RZEiBG61IdFk7/Q4dD3q/lhHH09fTESz6tC95QVTTfH4
-----END CERTIFICATE-----