Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/bfdd19-6bba-4dc9-afc6-97be426a2334/1/9gVKfPDu8oaxgCYhsIHGv4QIfWU.roa
File:                     9gVKfPDu8oaxgCYhsIHGv4QIfWU.roa (raw, json)
Hash identifier:          fllRN8SucuRDRWnVjdcisQzmvofCxZ5K6VMo5ZRY8Z0=
Subject key identifier:   F6:05:4A:7C:F0:EE:F2:86:B1:80:26:21:B0:81:C6:BF:84:08:7D:65
Certificate issuer:       /CN=d04687a3ee6322b757de81e7f53c5d32eebe33a6
Certificate serial:       019B7C7FC7A3C85A7FE290EFB711FA63EF2B
Authority key identifier: D0:46:87:A3:EE:63:22:B7:57:DE:81:E7:F5:3C:5D:32:EE:BE:33:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0EaHo-5jIrdX3oHn9TxdMu6-M6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/bfdd19-6bba-4dc9-afc6-97be426a2334/1/9gVKfPDu8oaxgCYhsIHGv4QIfWU.roa
Signing time:             Fri 02 Jan 2026 02:18:27 +0000
ROA not before:           Fri 02 Jan 2026 02:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42669
IP address blocks:        77.242.176.0/20 maxlen: 24
                          185.128.76.0/22 maxlen: 24
                          2a0b:aa80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/bfdd19-6bba-4dc9-afc6-97be426a2334/1/0EaHo-5jIrdX3oHn9TxdMu6-M6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/bfdd19-6bba-4dc9-afc6-97be426a2334/1/0EaHo-5jIrdX3oHn9TxdMu6-M6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0EaHo-5jIrdX3oHn9TxdMu6-M6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:c7:a3:c8:5a:7f:e2:90:ef:b7:11:fa:63:ef:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d04687a3ee6322b757de81e7f53c5d32eebe33a6
        Validity
            Not Before: Jan  2 02:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f6054a7cf0eef286b1802621b081c6bf84087d65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:68:f4:61:ae:a1:9d:24:72:de:f8:3d:fc:91:
                    b7:e1:fe:9a:1a:c0:86:5b:9f:42:b2:0f:eb:7d:f2:
                    08:88:86:4c:2c:d1:2a:a2:aa:93:c3:57:54:10:4a:
                    79:3f:29:38:56:76:d5:00:2a:b1:fe:5f:3b:78:a1:
                    74:0b:5e:c2:54:f8:55:17:cc:aa:12:5e:53:c2:bb:
                    c3:60:b8:35:8f:e0:1a:10:cb:f6:b4:60:20:d0:c2:
                    34:ca:d4:0d:82:61:9c:b6:0b:0a:92:56:65:e4:6a:
                    e3:2c:07:5c:d6:9f:2a:15:aa:9a:4a:6b:ed:f5:5b:
                    9a:f2:9c:c0:f1:94:ad:ce:68:39:1a:9b:fd:f5:9b:
                    94:f1:ad:d3:8e:aa:1f:6a:48:e8:bc:b3:9c:0c:af:
                    e6:bf:e4:d8:77:60:4b:1b:60:14:74:ad:ab:e5:dd:
                    2b:7d:a6:68:0e:6b:60:9a:c9:fe:d0:77:62:f6:ea:
                    69:5c:c4:34:d8:6b:83:f8:c5:31:68:75:4f:a9:73:
                    ec:69:e9:51:be:ef:2c:77:46:c2:68:81:e6:8a:f3:
                    3c:60:2d:b8:dc:30:32:57:a2:b7:98:58:18:b1:19:
                    17:f8:e0:fd:e2:95:62:0e:19:16:43:ea:c2:12:72:
                    58:7d:0e:79:46:7c:4e:09:9f:d1:15:5f:6c:52:68:
                    5c:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:05:4A:7C:F0:EE:F2:86:B1:80:26:21:B0:81:C6:BF:84:08:7D:65
            X509v3 Authority Key Identifier:
                keyid:D0:46:87:A3:EE:63:22:B7:57:DE:81:E7:F5:3C:5D:32:EE:BE:33:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0EaHo-5jIrdX3oHn9TxdMu6-M6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/bfdd19-6bba-4dc9-afc6-97be426a2334/1/9gVKfPDu8oaxgCYhsIHGv4QIfWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/bfdd19-6bba-4dc9-afc6-97be426a2334/1/0EaHo-5jIrdX3oHn9TxdMu6-M6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.242.176.0/20
                  185.128.76.0/22
                IPv6:
                  2a0b:aa80::/29

    Signature Algorithm: sha256WithRSAEncryption
         76:10:d5:79:45:8e:01:40:c0:57:cc:dc:a5:81:f1:31:2c:50:
         a1:da:42:9c:4e:96:7f:32:eb:7a:d8:9f:db:35:a3:ef:a0:e6:
         ae:87:d0:52:18:bf:fa:ad:30:4a:27:a9:77:8b:da:76:a2:c7:
         d5:11:64:3d:49:9b:cb:bc:6d:97:d0:95:fb:78:91:f2:b5:c2:
         66:af:3f:a3:7c:61:da:33:4d:fb:3d:27:bc:0a:c7:57:17:53:
         d3:02:5a:ea:85:6e:f8:56:34:2b:e5:92:71:77:6e:83:de:ff:
         f3:d1:bc:35:69:6d:99:1d:45:29:b2:9e:2e:eb:42:05:12:35:
         ad:4b:60:0d:c5:19:cf:85:38:9d:ae:cb:3c:c5:85:4c:44:58:
         3f:8d:ab:27:c2:a4:6f:60:b5:29:80:7d:ec:fc:b5:ff:8b:2c:
         76:a2:05:c9:f3:5c:6f:6d:cf:c1:b0:b5:85:11:68:4f:a9:a1:
         e6:e0:f2:0a:88:90:2f:29:f6:30:d7:7d:7f:a6:9c:f1:ba:da:
         67:99:94:6a:3e:70:3a:53:03:82:e3:64:b2:80:6e:fe:49:8e:
         4b:6e:8c:d8:43:dd:6c:5f:4a:f9:07:fa:bc:48:19:40:c9:38:
         6b:a2:45:8a:e9:d4:dd:46:4f:b5:04:a4:28:46:ca:bb:66:e7:
         35:7b:fb:3b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt8f8ejyFp/4pDvtxH6Y+8rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNDY4N2EzZWU2MzIyYjc1N2RlODFlN2Y1M2M1ZDMyZWVi
ZTMzYTYwHhcNMjYwMTAyMDIxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjA1NGE3Y2YwZWVmMjg2YjE4MDI2MjFiMDgxYzZiZjg0MDg3ZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Wj0Ya6hnSRy3vg9/JG34f6aGsCG
W59Csg/rffIIiIZMLNEqoqqTw1dUEEp5Pyk4VnbVACqx/l87eKF0C17CVPhVF8yq
El5TwrvDYLg1j+AaEMv2tGAg0MI0ytQNgmGctgsKklZl5GrjLAdc1p8qFaqaSmvt
9Vua8pzA8ZStzmg5Gpv99ZuU8a3TjqofakjovLOcDK/mv+TYd2BLG2AUdK2r5d0r
faZoDmtgmsn+0Hdi9uppXMQ02GuD+MUxaHVPqXPsaelRvu8sd0bCaIHmivM8YC24
3DAyV6K3mFgYsRkX+OD94pViDhkWQ+rCEnJYfQ55RnxOCZ/RFV9sUmhcTQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPYFSnzw7vKGsYAmIbCBxr+ECH1lMB8GA1UdIwQY
MBaAFNBGh6PuYyK3V96B5/U8XTLuvjOmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEVhSG8tNWpJcmRYM29IbjlUeGRNdTYtTTZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9iZmRkMTktNmJiYS00ZGM5LWFmYzYt
OTdiZTQyNmEyMzM0LzEvOWdWS2ZQRHU4b2F4Z0NZaHNJSEd2NFFJZldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9iZmRkMTktNmJiYS00ZGM5LWFmYzYtOTdiZTQyNmEyMzM0
LzEvMEVhSG8tNWpJcmRYM29IbjlUeGRNdTYtTTZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQETfKwAwQC
uYBMMA0EAgACMAcDBQMqC6qAMA0GCSqGSIb3DQEBCwUAA4IBAQB2ENV5RY4BQMBX
zNylgfExLFCh2kKcTpZ/Mut62J/bNaPvoOauh9BSGL/6rTBKJ6l3i9p2osfVEWQ9
SZvLvG2X0JX7eJHytcJmrz+jfGHaM037PSe8CsdXF1PTAlrqhW74VjQr5ZJxd26D
3v/z0bw1aW2ZHUUpsp4u60IFEjWtS2ANxRnPhTidrss8xYVMRFg/jasnwqRvYLUp
gH3s/LX/iyx2ogXJ81xvbc/BsLWFEWhPqaHm4PIKiJAvKfYw131/ppzxutpnmZRq
PnA6UwOC42SygG7+SY5LbozYQ91sX0r5B/q8SBlAyThrokWK6dTdRk+1BKQoRsq7
Zuc1e/s7
-----END CERTIFICATE-----