Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/4QPGFEm60RG86yUKGoUmKfrDRi0.roa
File:                     4QPGFEm60RG86yUKGoUmKfrDRi0.roa (raw, json)
Hash identifier:          U+BMPKIjc2DZrAhZtuZazM/2E9xfevjOUfu5n0yT8rc=
Subject key identifier:   E1:03:C6:14:49:BA:D1:11:BC:EB:25:0A:1A:85:26:29:FA:C3:46:2D
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019EBC8D998D87DAD40EDD7E90462101A9BF
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/4QPGFEm60RG86yUKGoUmKfrDRi0.roa
Signing time:             Fri 12 Jun 2026 15:57:36 +0000
ROA not before:           Fri 12 Jun 2026 15:57:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154132
IP address blocks:        77.67.31.0/24 maxlen: 24
                          212.189.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bc:8d:99:8d:87:da:d4:0e:dd:7e:90:46:21:01:a9:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jun 12 15:57:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e103c61449bad111bceb250a1a852629fac3462d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:2a:af:70:a9:42:12:94:c5:e9:3e:bf:b6:b6:
                    35:83:2d:9f:4e:0f:63:8d:7e:ae:f4:5c:31:b1:5c:
                    43:24:f7:37:2d:a9:93:3d:34:48:5d:1c:a6:46:3f:
                    f8:f9:d8:76:b3:21:48:34:f9:a0:13:e5:73:14:f7:
                    70:b7:20:78:a3:c5:ff:9b:a5:35:94:65:fa:e0:de:
                    6d:bb:0f:3b:ef:7e:c8:ed:fb:7b:85:64:6d:f0:4f:
                    57:02:71:07:19:59:50:c8:8f:9b:cd:89:2b:34:a8:
                    86:c0:05:45:37:be:d6:c3:99:a5:37:4a:b8:4d:f0:
                    c2:8b:f9:d2:87:62:7b:c0:f4:b2:dd:f2:3c:db:00:
                    ad:4e:be:dd:99:2d:3e:99:49:83:d2:42:95:c7:78:
                    4e:22:09:a3:54:1d:1c:d0:81:d4:50:da:02:b7:bf:
                    21:b2:16:9b:80:fc:af:4f:98:57:0d:dc:98:5d:3a:
                    0c:d8:a2:cd:49:9b:6c:31:c8:5f:91:7f:e6:05:04:
                    e9:c8:91:d6:4a:19:67:2f:d8:13:40:45:83:f3:9f:
                    64:38:f4:c1:71:9e:4b:ba:1d:26:08:9c:9f:67:8b:
                    a9:09:ab:68:54:fc:47:e0:3c:34:98:20:08:0d:6e:
                    e6:de:ce:36:dc:a5:43:9d:13:55:fb:ce:ed:08:c3:
                    2c:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:03:C6:14:49:BA:D1:11:BC:EB:25:0A:1A:85:26:29:FA:C3:46:2D
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/4QPGFEm60RG86yUKGoUmKfrDRi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.67.31.0/24
                  212.189.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:8a:db:b9:3b:d1:ca:89:4a:06:78:c5:55:db:a3:39:5e:2a:
         66:62:36:cd:85:9c:8f:80:bf:20:79:b6:26:ee:bd:0a:93:65:
         10:eb:55:9b:64:4a:c8:71:65:55:95:05:92:b5:7a:e5:c1:69:
         ed:4f:a0:a7:6d:69:93:9c:26:68:61:5d:a4:81:41:7b:83:58:
         3d:13:85:5d:b7:b9:48:97:66:c7:3c:c1:ae:1e:b7:39:1a:98:
         77:39:32:cb:ce:4c:a9:c5:ef:97:56:38:cf:cc:6e:6e:ca:b7:
         0d:eb:d5:ad:95:1d:98:18:f7:49:b1:92:82:65:ab:52:d1:bb:
         70:e4:cb:a6:ba:aa:da:d6:6f:55:41:33:ea:4e:4f:6b:8e:9d:
         aa:bb:30:ee:29:b8:f4:43:a6:bb:42:a0:4e:81:e9:10:bc:de:
         cf:40:dc:37:4e:bf:83:2e:ce:a8:dc:35:0f:e4:d5:6a:07:13:
         a8:5a:fe:e3:a5:a0:a4:f3:97:84:2b:3b:01:65:80:0b:f7:3d:
         d2:18:c8:7e:04:d2:76:5c:30:ee:c7:b0:7a:5a:12:f5:3b:86:
         9c:a7:a7:0c:f4:ec:75:12:f3:28:e5:90:89:c3:a3:27:ad:f2:
         89:04:d1:2a:7a:b2:4d:47:8d:36:7e:81:92:49:10:85:af:fb:
         0a:7c:e8:95
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ68jZmNh9rUDt1+kEYhAam/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNjEyMTU1NzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTAzYzYxNDQ5YmFkMTExYmNlYjI1MGExYTg1MjYyOWZhYzM0NjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCqvcKlCEpTF6T6/trY1gy2fTg9j
jX6u9FwxsVxDJPc3LamTPTRIXRymRj/4+dh2syFINPmgE+VzFPdwtyB4o8X/m6U1
lGX64N5tuw87737I7ft7hWRt8E9XAnEHGVlQyI+bzYkrNKiGwAVFN77Ww5mlN0q4
TfDCi/nSh2J7wPSy3fI82wCtTr7dmS0+mUmD0kKVx3hOIgmjVB0c0IHUUNoCt78h
shabgPyvT5hXDdyYXToM2KLNSZtsMchfkX/mBQTpyJHWShlnL9gTQEWD859kOPTB
cZ5Luh0mCJyfZ4upCatoVPxH4Dw0mCAIDW7m3s423KVDnRNV+87tCMMs0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOEDxhRJutERvOslChqFJin6w0YtMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvNFFQR0ZFbTYwUkc4NnlVS0dvVW1LZnJEUmkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATUMfAwQA
1L1oMA0GCSqGSIb3DQEBCwUAA4IBAQBwitu5O9HKiUoGeMVV26M5XipmYjbNhZyP
gL8gebYm7r0Kk2UQ61WbZErIcWVVlQWStXrlwWntT6CnbWmTnCZoYV2kgUF7g1g9
E4Vdt7lIl2bHPMGuHrc5Gph3OTLLzkypxe+XVjjPzG5uyrcN69WtlR2YGPdJsZKC
ZatS0btw5Mumuqra1m9VQTPqTk9rjp2quzDuKbj0Q6a7QqBOgekQvN7PQNw3Tr+D
Ls6o3DUP5NVqBxOoWv7jpaCk85eEKzsBZYAL9z3SGMh+BNJ2XDDux7B6WhL1O4ac
p6cM9Ox1EvMo5ZCJw6MnrfKJBNEqerJNR402foGSSRCFr/sKfOiV
-----END CERTIFICATE-----